diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 67ba24aa0..b2d413c9d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -40,11 +40,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12
       # Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
@@ -68,4 +68,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12
diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml
index bdb20926d..de9243f16 100644
--- a/.github/workflows/depsreview.yml
+++ b/.github/workflows/depsreview.yml
@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94 # v3.0.3
+        uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4
diff --git a/.github/workflows/e2e.schedule.cli.yml b/.github/workflows/e2e.schedule.cli.yml
index c98961752..b78a0c6e1 100644
--- a/.github/workflows/e2e.schedule.cli.yml
+++ b/.github/workflows/e2e.schedule.cli.yml
@@ -28,7 +28,7 @@ jobs:
             ctned="true"
           fi
           echo "continue=$ctned" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         if: steps.name.outputs.continue == 'true'
         with:
           ref: main
diff --git a/.github/workflows/e2e.schedule.installer.yml b/.github/workflows/e2e.schedule.installer.yml
index 17155cba8..5d059d074 100644
--- a/.github/workflows/e2e.schedule.installer.yml
+++ b/.github/workflows/e2e.schedule.installer.yml
@@ -27,14 +27,14 @@ jobs:
       version: ${{ steps.generate-versions.outputs.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           # NOTE: the example-package needs to be checked out in the default workspace.
           repository: slsa-framework/example-package
           ref: main
 
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           path: __THIS_REPO__
 
@@ -77,7 +77,7 @@ jobs:
       - name: Checkout this repository
         # Skip release candidates unless specified explicitly.
         if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }}
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           ref: ${{ matrix.version }}
 
@@ -196,7 +196,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           repository: slsa-framework/example-package
           ref: main
@@ -210,7 +210,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           repository: slsa-framework/example-package
           ref: main
diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml
index 8b222a654..eb6f6482f 100644
--- a/.github/workflows/pre-submit.actions.yml
+++ b/.github/workflows/pre-submit.actions.yml
@@ -11,7 +11,7 @@ jobs:
   check-dist:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set Node.js 16
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
@@ -39,24 +39,3 @@ jobs:
         with:
           name: dist
           path: dist/
-
-  check-docs:
-    runs-on: ubuntu-latest
-    if: ${{ contains(github.event.pull_request.body, '#label:release') }}
-    env:
-      BODY: ${{ github.event.pull_request.body }}
-    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-
-      - name: Check documentation is up-to-date
-        run: |
-          RELEASE_TAG=$(
-            echo "$BODY" | \
-            grep -oE '^[[:blank:]]*#label:release[[:blank:]]+v?[0-9]+\.[0-9]+\.[0-9]+' | \
-            sed -E 's/.*([0-9]+\.[0-9]+\.[0-9])/\1/'
-          )
-          if [[ -z "$RELEASE_TAG" ]]; then
-              echo "Invalid release PR body. Must include `#label:release vX.Y.Z"
-              exit 1
-          fi
-          RELEASE_TAG="${RELEASE_TAG}" ./.github/workflows/scripts/pre-release/references.sh
diff --git a/.github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.cli.yml
index 7e75d019d..728ba1bb8 100644
--- a/.github/workflows/pre-submit.cli.yml
+++ b/.github/workflows/pre-submit.cli.yml
@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: setup-go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: "1.18"
 
diff --git a/.github/workflows/pre-submit.e2e.yml b/.github/workflows/pre-submit.e2e.yml
index 254a2d14a..2709baa7a 100644
--- a/.github/workflows/pre-submit.e2e.yml
+++ b/.github/workflows/pre-submit.e2e.yml
@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           path: __THIS_REPO__
 
       - name: setup-go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: "1.18"
 
@@ -27,10 +27,13 @@ jobs:
           go build -o slsa-verifier ./cli/slsa-verifier
 
       - name: Checkout e2e verification script
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           path: __EXAMPLE_PACKAGE__
           repository: slsa-framework/example-package
 
       - name: Run verification script with testdata and slsa-verifier HEAD
+        env:
+          SLSA_VERIFIER_TESTING: "true"
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Necessary to use the gh CLI.
         run: ./__THIS_REPO__/.github/workflows/scripts/e2e-cli.sh
diff --git a/.github/workflows/pre-submit.lfs.yml b/.github/workflows/pre-submit.lfs.yml
index 20de369c6..7ddbcf37f 100644
--- a/.github/workflows/pre-submit.lfs.yml
+++ b/.github/workflows/pre-submit.lfs.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - uses: actionsdesk/lfs-warning@e5f9a4c21f4bee104db7c0f23954dde59e5df909 # v3.2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml
index cfc6034d1..8596daf58 100644
--- a/.github/workflows/pre-submit.lint.yml
+++ b/.github/workflows/pre-submit.lint.yml
@@ -10,8 +10,8 @@ jobs:
   golangci-lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: "1.18"
       - env:
@@ -34,7 +34,7 @@ jobs:
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - env:
           YAMLLINT_VERSION: "1.26.3"
         run: |
@@ -49,7 +49,7 @@ jobs:
   eslint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - uses: actions/setup-node@v3
         with:
           node-version: 16
diff --git a/.github/workflows/pre-submit.references.yml b/.github/workflows/pre-submit.references.yml
new file mode 100644
index 000000000..4bc7c43ae
--- /dev/null
+++ b/.github/workflows/pre-submit.references.yml
@@ -0,0 +1,29 @@
+name: References pre submits
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+permissions: read-all
+
+jobs:
+  check-docs:
+    runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.body, '#label:release') }}
+    env:
+      BODY: ${{ github.event.pull_request.body }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Check documentation is up-to-date
+        run: |
+          RELEASE_TAG=$(:
+            echo "$BODY" |
+            grep -oE '^[[:blank:]]*#label:release[[:blank:]]+v?[0-9]+\.[0-9]+\.[0-9]+' |
+            sed -E 's/.*([0-9]+\.[0-9]+\.[0-9])/\1/'
+          )
+          if [[ -z "$RELEASE_TAG" ]]; then
+              echo 'Invalid release PR body. Must include `#label:release vX.Y.Z`'
+              exit 1
+          fi
+          RELEASE_TAG="${RELEASE_TAG}" ./.github/workflows/scripts/pre-release/references.sh
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 669aefcbd..50eda01bd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,8 @@ permissions: read-all
 env:
   GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   ISSUE_REPOSITORY: slsa-framework/slsa-verifier
+  # In case daily runs fail, the label for filing the issue
+  HEADER: release
 
 jobs:
   # Generate ldflags dynamically.
@@ -24,7 +26,7 @@ jobs:
       version: ${{ steps.ldflags.outputs.version }}
     steps:
       - id: checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           fetch-depth: 0
       - id: ldflags
@@ -47,9 +49,71 @@ jobs:
       actions: read # For the detection of GitHub Actions environment.
       id-token: write # For signing.
       contents: write # For asset uploads.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0
     with:
       go-version: 1.18
       config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml
       compile-builder: true
       evaluated-envs: "VERSION:${{needs.args.outputs.version}}"
+
+  verification:
+    needs: [builder]
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule'
+    permissions: read-all
+    steps:
+      - name: Install the verifier
+        uses: slsa-framework/slsa-verifier/actions/installer@v2.2.0
+
+      - name: Download assets
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ATT_FILE_NAME: "${{ needs.builder.outputs.go-binary-name }}.intoto.jsonl"
+          ARTIFACT: ${{ needs.builder.outputs.go-binary-name }}
+        run: |
+          set -euo pipefail
+
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p $ARTIFACT
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$ATT_FILE_NAME"
+
+      - name: Verify assets
+        env:
+          ARTIFACT: ${{ needs.builder.outputs.go-binary-name }}
+          ATT_FILE_NAME: "${{ needs.builder.outputs.go-binary-name }}.intoto.jsonl"
+        run: |
+          set -euo pipefail
+
+          echo "Verifying $ARTIFACT using $ATT_FILE_NAME"
+          slsa-verifier verify-artifact --provenance-path "$ATT_FILE_NAME" \
+                                        --source-uri "github.com/$GITHUB_REPOSITORY" \
+                                        --source-tag "$GITHUB_REF_NAME" \
+                                        "$ARTIFACT"
+
+  if-succeed:
+    needs: [args, builder]
+    runs-on: ubuntu-latest
+    # We use `== 'failure'` instead of ` != 'success'` because we want to ignore skipped jobs, if there are any.
+    if: github.event_name == 'schedule' && needs.args.result != 'failure' && needs.builder.result != 'failure'
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          repository: slsa-framework/example-package
+          ref: main
+      - run: ./.github/workflows/scripts/e2e-report-success.sh
+
+  if-failed:
+    needs: [args, builder]
+    runs-on: ubuntu-latest
+    if: always() && github.event_name == 'schedule' && (needs.args.result == 'failure' || needs.builder.result == 'failure')
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          repository: slsa-framework/example-package
+          ref: main
+      - run: ./.github/workflows/scripts/e2e-report-failure.sh
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index b673f63f1..f86379788 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -25,12 +25,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/scripts/e2e-cli.sh b/.github/workflows/scripts/e2e-cli.sh
index ab87d2e68..2eca968fb 100755
--- a/.github/workflows/scripts/e2e-cli.sh
+++ b/.github/workflows/scripts/e2e-cli.sh
@@ -1,19 +1,42 @@
 #!/bin/bash
 
+repo="slsa-framework/example-package"
+api_version="X-GitHub-Api-Version: 2022-11-28"
 # Verify provenance authenticity with slsa-verifier at HEAD
 
+download_artifact() {
+    local run_id="$1"
+    local artifact_name="$2"
+    # Get the artifact ID for 'artifact1'
+    artifact_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/runs/$run_id/artifacts" | jq ".artifacts[] | select(.name == \"$artifact_name\") | .id")
+    echo "artifact_id:$artifact_id"
 
-cd __EXAMPLE_PACKAGE__
+    gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/artifacts/$artifact_id/zip" >"$artifact_name.zip"
+    unzip "$artifact_name".zip
+}
+
+# Get workflow ID.
+workflow_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows?per_page=100" | jq '.workflows[] | select(.path == ".github/workflows/e2e.generic.schedule.main.multi-uses.slsa3.yml") | .id')
+echo "workflow_id:$workflow_id"
+
+# Get the run ID for the most recent run.
+run_id=$(gh api -H "Accept: application/vnd.github+json" -H "$api_version" "/repos/$repo/actions/workflows/$workflow_id/runs?per_page=1" | jq '.workflow_runs[0].id')
+echo "run_id:$run_id"
+
+download_artifact "$run_id" "artifacts1"
+download_artifact "$run_id" "attestation1.intoto.jsonl"
+
+cd __EXAMPLE_PACKAGE__ || exit 1
 # shellcheck source=/dev/null
 source "./.github/workflows/scripts/e2e-verify.common.sh"
 
 # Set THIS_FILE to correspond with the artifact properties
-export THIS_FILE=e2e.go.workflow_dispatch.main.config-noldflags.slsa3.yml
+export THIS_FILE=e2e.generic.schedule.main.multi-uses.slsa3.yml
 export BRANCH=main
 
 # Set BINARY and PROVENANCE
-cd -
-export BINARY=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch
-export PROVENANCE=__THIS_REPO__/cli/slsa-verifier/testdata/gha_go/v1.2.2/binary-linux-amd64-workflow_dispatch.intoto.jsonl
+cd - || exit 1
+export BINARY=artifact1
+export PROVENANCE=attestation1.intoto.jsonl
 
-GITHUB_REPOSITORY=slsa-framework/example-package verify_provenance_authenticity "./__THIS_REPO__/slsa-verifier" "HEAD"
+GITHUB_REPOSITORY="$repo" verify_provenance_authenticity "./__THIS_REPO__/slsa-verifier" "HEAD"
diff --git a/.github/workflows/scripts/pre-release/references.sh b/.github/workflows/scripts/pre-release/references.sh
index e9ab23f5a..478943249 100755
--- a/.github/workflows/scripts/pre-release/references.sh
+++ b/.github/workflows/scripts/pre-release/references.sh
@@ -71,7 +71,7 @@ fi
 # Select all version numbers following a reference to slsa-verifier that are different
 # from the version defined in SHA256SUM.md
 results=$(
-    grep -Pon ".*?slsa-verifier.*?\d+\.\d+\.\d+" README.md |
+    grep -Pon ".*?slsa-verifier.*?v\d+\.\d+\.\d+" README.md actions/installer/README.md |
     grep -v "$RELEASE_TAG$" |
     sed -E 's/(.*)/  \1/' || true
 )
diff --git a/.slsa-goreleaser/windows-amd64.yml b/.slsa-goreleaser/windows-amd64.yml
index d845b29f5..a44218d20 100644
--- a/.slsa-goreleaser/windows-amd64.yml
+++ b/.slsa-goreleaser/windows-amd64.yml
@@ -10,7 +10,7 @@ flags:
 
 goos: windows
 goarch: amd64
-binary: slsa-verifier-{{ .Os }}-{{ .Arch }}
+binary: slsa-verifier-{{ .Os }}-{{ .Arch }}.exe
 dir: ./cli/slsa-verifier
 
 ldflags:
diff --git a/.slsa-goreleaser/windows-arm64.yml b/.slsa-goreleaser/windows-arm64.yml
index 8fff8eaf0..e674a7ad0 100644
--- a/.slsa-goreleaser/windows-arm64.yml
+++ b/.slsa-goreleaser/windows-arm64.yml
@@ -10,7 +10,7 @@ flags:
 
 goos: windows
 goarch: arm64
-binary: slsa-verifier-{{ .Os }}-{{ .Arch }}
+binary: slsa-verifier-{{ .Os }}-{{ .Arch }}.exe
 dir: ./cli/slsa-verifier
 
 ldflags:
diff --git a/README.md b/README.md
index 0052c27be..79313f031 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/slsa-framework/slsa-verifier/badge)](https://api.securityscorecards.dev/projects/github.com/slsa-framework/slsa-verifier)
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6729/badge)](https://bestpractices.coreinfrastructure.org/projects/6729)
 [![Go Report Card](https://goreportcard.com/badge/github.com/slsa-framework/slsa-verifier)](https://goreportcard.com/report/github.com/slsa-framework/slsa-verifier)
-[![Slack](https://slack.babeljs.io/badge.svg)](https://slack.com/app_redirect?team=T019QHUBYQ3&channel=slsa-tooling)
+[![Slack](https://img.shields.io/static/v1?label=openssf.slack.com&message=%23slsa-tooling&color=4A154B&logo=slack)](https://slack.openssf.org/)
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
 
 <img align="right" src="https://slsa.dev/images/logo-mono.svg" width="140" height="140">
@@ -20,6 +20,7 @@
   - [Compilation from source](#compilation-from-source)
     - [Option 1: Install via go](#option-1-install-via-go)
     - [Option 2: Compile manually](#option-2-compile-manually)
+  - [Use the installer Action on GitHub](#use-the-installer-action-on-github-actions)
   - [Download the binary](#download-the-binary)
 - [Available options](#available-options)
 - [Option list](#option-list)
@@ -80,68 +81,80 @@ It currently supports verifying provenance generated by:
 1. [SLSA generator](https://github.com/slsa-framework/slsa-github-generator)
 1. [Google Cloud Build (GCB)](https://cloud.google.com/build/docs/securing-builds/view-build-provenance).
 
----
-
-[Installation](#installation)
+## Installation
 
-- [Compilation from source](#compilation-from-source)
-- [Download the binary](#download-the-binary)
+You have two options to install the verifier.
 
-[Available options](#available-options)
+### Compilation from source
 
-- [Option list](#option-list)
-- [Option details](#option-details)
+#### Option 1: Install via go
 
-[Verification for GitHub builders](#verification-for-github-builders)
+If you want to install the verifier, you can run the following command:
 
-- [Artifacts](#artifacts)
-- [Containers](#containers)
+```bash
+$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.2.0
+$ slsa-verifier <options>
+```
 
-[Verification for Google Cloud Build](#verification-for-google-cloud-build)
+Tools like [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates) or [renovate](https://github.com/renovatebot/renovate) use your project's go.mod to identify the version of your Go dependencies.
+If you install the verifier binary in CI, we strongly recommend you create a placeholder `go.mod` containing slsa-verifier as a dependency to receive updates and keep the binary up-to-date. Use the following the steps:
 
-- [Artifacts](#artifacts-1)
-- [Containers](#containers-1)
+1. Create a tooling/tooling_test.go file containing the following:
 
-[Known Issues](#known-issues)
+```go
+//go:build tools
+// +build tools
 
-[Technical design](#technial-design)
+package main
 
-- [Blog posts](#blog-posts)
-- [Specifications](#specifications)
-- [TOCTOU attacks](#toctou-attacks)
+import (
+	_ "github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier"
+)
+```
 
----
+1. Run the following commands in the tooling directory. (It will create a go.sum file.)
 
-## Installation
+```bash
+$ go mod init <your-project-name>-tooling
+$ go mod tidy
+```
 
-You have two options to install the verifier.
+1. Commit the tooling folder (containing the 3 files tooling_test.go, go.mod and go.sum) to the repository.
+1. To install the verifier in your CI, run the following commands:
 
-### Compilation from source
+```bash
+$ cd tooling
+$ grep _ tooling_test.go | cut -f2 -d '"' | xargs -n1 -t go install
+```
 
-#### Option 1: Install via go
+Alternatively, if your project does not rely on additional tools and only uses slsa-verifier, you can instead run the following commands:
 
-```
-$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.1
-$ slsa-verifier <options>
+```bash
+$ cd tooling
+$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier
 ```
 
 #### Option 2: Compile manually
 
-```
+```bash
 $ git clone git@github.com:slsa-framework/slsa-verifier.git
-$ cd slsa-verifier && git checkout v2.0.1
+$ cd slsa-verifier && git checkout v2.2.0
 $ go run ./cli/slsa-verifier <options>
 ```
 
+### Use the installer Action on GitHub Actions
+
+If you need to install the verifier to run in a GitHub workflow, use the installer Action as described in [actions/installer/README.md](./actions/installer/README.md).
+
 ### Download the binary
 
-Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1)
+Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.2.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.2.0)
 
 Download the [SHA256SUM.md](https://github.com/slsa-framework/slsa-verifier/blob/main/SHA256SUM.md).
 
 Verify the checksum:
 
-```
+```bash
 $ sha256sum -c --strict SHA256SUM.md
   slsa-verifier-linux-amd64: OK
 ```
diff --git a/RELEASE.md b/RELEASE.md
index 4a923bfca..f758aeaef 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -36,7 +36,7 @@ Do **NOT** submit any more code between now and the final release.
 
 Check the following:
 
-1. Ensure that the release is successful and provenance can be verified properly. 
+1. Ensure that the release is successful and provenance can be verified properly.
 2. Either manually trigger or wait for a nightly scheduled run of all [example-package e2e tests](https://github.com/slsa-framework/example-package/tree/main/.github/workflows) and ensure that all tests are passing.
 3. Ensure that the latest release can be installed via a `go install`.
 4. Verify that the version reported by the `version` command is correct:
@@ -94,7 +94,7 @@ If the provenance verification fails, delete the release and the tag. Otherwise,
 
 Follow these steps:
 
-1. Compute the hash of the binary. One of the following commands will do:
+1. Compute the hashes of all the binaries. One of the following commands will do:
 ```
 $ cat slsa-verifier-linux-amd64.intoto.jsonl | jq -r '.payload' | base64 -d | jq -r '.subject[0].digest.sha256'
 ```
@@ -103,17 +103,18 @@ or
 $ sha256sum slsa-verifier-linux-amd64
 ```
 
-2. Add an additional entry at the top of [SHA256SUM.md](./SHA256SUM.md):
+2. Add additional entries for each release binary at the top of [SHA256SUM.md](./SHA256SUM.md):
 
 ```
 ### [vX.Y.Z](https://github.com/slsa-framework/slsa-verifier/releases/tag/vX.Y.Z)
 <the-hash>  slsa-verifier-linux-amd64
+<the-hash>  slsa-verifier-linux-arm64
 ```
 
-3. Update the latest version in the [README.md](./README.md):
+3. Update the latest version in the main [README.md](./README.md) and the installer Action's [actions/installer/README.md](./actions/installer/README.md):
 
 ```shell
-$ sed -i "s/v1.0.0/v1.1.1/g" ./README.md
+$ sed -i "s/v1.0.0/v1.1.1/g" ./README.md ./actions/installer/README.md
 ```
 
 4. Send a pull request with the changes. In the description:
@@ -124,6 +125,6 @@ $ sed -i "s/v1.0.0/v1.1.1/g" ./README.md
 
 ## Update builders
 
-Send a similar pull request to update the hash and version of the verifier for the workflow [slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml#L30-L31](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml#L30-L31). Explain the steps to verify the hash. If the pull request for the verifier is already merged, you can simply point to it instead.
+Send a similar pull request to update the hash and version of the verifier for the action [generate-builder](https://github.com/slsa-framework/slsa-github-generator/blob/6a2cc1cb559a81ffbbcd4248026c6ea89bdab2b6/.github/actions/generate-builder/action.yml#L70-L71). Explain the steps to verify the hash. If the pull request for the verifier is already merged, you can simply point to it instead.
 
 Note: you need not cut a release for the generator, unless the verifier has important changes that are required for the builders to work properly.
diff --git a/SHA256SUM.md b/SHA256SUM.md
index 4d37ead17..7f31522b5 100644
--- a/SHA256SUM.md
+++ b/SHA256SUM.md
@@ -1,56 +1,93 @@
+### [v2.2.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.2.0)
+
+8aaf12ce7691ca203c2ab000cbbc68140112acb3d08c4d338c06eb125dfd6b10 slsa-verifier-linux-amd64
+2cfd1b5dfd32104909532354204680cd3d7579a59db276ccfef6f7dcc1bab981 slsa-verifier-linux-arm64
+f9acf6384d1dc1cac8888f574e7a4bbd3ef8bbab48c3c105840918a35ade3e15 slsa-verifier-darwin-amd64
+7e55f2065828bf0771e302a2a0f859c5a12d742b34b97c05d43e6a0cfc8fecf3 slsa-verifier-darwin-arm64
+4db8f2199dae3c29dcd9ddfdbd032722f376eb6cdef08c047aceae05c542262e slsa-verifier-windows-amd64.exe
+d9eacf659da72e33033201b6686282259dbe2ec5fd270b075aa0160bd093f2e1 slsa-verifier-windows-arm64.exe
+
+### [v2.1.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.1.0)
+
+538e5346784ddab14189dd66fb995e49c69247985a364558ad3b44e1fbff04cf slsa-verifier-linux-amd64
+a4ca803a99584dd08876263a86b79489cb7b7210912c122e1dd2acaf38feaf7c slsa-verifier-linux-arm64
+cc0529849fd9cc3996ec61e100b604dbf728f7aee056d8d6d55705f64e1b35e1 slsa-verifier-darwin-amd64
+57ab717980af191b8468d1878e476783819cd6dc1cad4bed46faee981974dd1a slsa-verifier-darwin-arm64
+2fb8b4b5b6b8c3316f49be192204326582931f924e8b45ff83bed855a84da475 slsa-verifier-windows-amd64.exe
+3dbbd5445c6cb6b87c2e8234aa6e95bf3a2f7b958037fbbde7f59fbeb5e7e1f0 slsa-verifier-windows-arm64.exe
+
 ### [v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1)
+
 ad4b408c43504d439827998c27ab4be1c44ff467ccb39b78da01568f8542b10e slsa-verifier-linux-amd64
 
 ### [v2.0.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0)
+
 8d2e93a9ea0126d5daec22f2778b42fea79192605d16955f0c91847c3a6a8921 slsa-verifier-linux-amd64
 
 ### [v1.3.2](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.3.2)
+
 b1d6c9bbce6274e253f0be33158cacd7fb894c5ebd643f14a911bfe55574f4c0 slsa-verifier-linux-amd64
 
 ### [v1.3.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.3.1)
+
 065714d01ba36c81fb11aa7031597a77b08491eb341bac8efc3e452f5d5ed4bd slsa-verifier-linux-amd64
 
 ### [v1.3.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.3.0)
+
 1326430d044e8a9522c51e5f721e237b5f75acb6b4e518d129f669403cf7a79a slsa-verifier-linux-amd64
 
 ### [v1.2.2](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.2.2)
+
 18f49bffa97b8b4e241cc6a5f04a2edfb32d11a4162928ffa255ce6a59699630 slsa-verifier-linux-amd64
 
 ### [v1.2.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.2.1)
+
 edd1d430429fa3dfaf249d7ec805891a4b7332ea1d17d23f9d20bc6f4aeebe04 slsa-verifier-linux-amd64
 
 ### [v1.2.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.2.0)
+
 37db23392c7918bb4e243cdb097ed5f9d14b9b965dc1905b25bc2d1c0c91bf3d slsa-verifier-linux-amd64
 
 ### [v1.1.3](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.1.3)
+
 fac369a43cc118525a2b12476f39d10c430e7183fcb70351e800686c33583f6e slsa-verifier-linux-amd64
 
 ### [v1.1.2](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.1.2)
+
 2c9225603186f227d01c12bf8b8815f42eb3d4e2a2de7945dd65e704de254d74 slsa-verifier-linux-amd64
 
 ### [v1.1.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.1.1)
+
 f92fc4e571949c796d7709bb3f0814a733124b0155e484fad095b5ca68b4cb21 slsa-verifier-linux-amd64
 
 ### [v1.1.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.1.0)
+
 14360688de2d294e9cda7b9074ab7dcf02d5c38f2874f6c95d4ad46e300c3e53 slsa-verifier-linux-amd64
 
 ### [v1.0.5](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.5)
+
 b889a9d34237a0c7d64096bf4af4c200c081cc9bc3b0c60585eac9c4dd5d6d10 slsa-verifier-linux-amd64
 
 ### [v1.0.4](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.4)
+
 49727307d44c408610316541795ffa501ea21b78061de4589ca88194c522a651 slsa-verifier-linux-amd64
 
 ### [v1.0.3](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.3)
+
 5da115ab7f90f3e8a8b30c74820b4b7dd032afebef7cd912be23acb9fbd37d0b slsa-verifier-linux-amd64
 
 ### [v1.0.2](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.2)
+
 bcefa5173ad84fbb10d3aeae95c1087f6a61e51836b932c60be85c78d570c403 slsa-verifier-linux-amd64
 
 ### [v1.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.1)
+
 e14616a4eec58f082fd6bea05de02dd9eba193379ddb15b5eb7e7e3880d0ccec slsa-verifier-linux-amd64
 
 ### [v1.0.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v1.0.0)
+
 2aeaea90f65d20570b57aaf3fadcb2d23dd5c1edbf1432e0addc17624681a269 slsa-verifier-linux-amd64
 
 ### [v0.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1)
+
 60c91c9d5b9a059e37ac46da316f20c81da335b5d00e1f74d03dd50f819694bd slsa-verifier-linux-amd64
diff --git a/actions/installer/README.md b/actions/installer/README.md
index fda9680b5..15780d913 100644
--- a/actions/installer/README.md
+++ b/actions/installer/README.md
@@ -11,11 +11,9 @@ For more information about SLSA in general, see [https://slsa.dev](https://slsa.
 To install a specific version of `slsa-verifier`, use:
 
 ```yaml
-uses: slsa-framework/slsa-verifier-installer@v1.3.0
+uses: slsa-framework/slsa-verifier-installer@v2.2.0
 ```
 
-See https://github.com/slsa-framework/slsa-verifier/releases for the list of available `slsa-verifier` releases.
-
-For a full example workflow, see [../../.github/workflows/pre-submit.actions.yml](https://github.com/slsa-framework/slsa-verifier/.github/workflows/pre-submit.actions.yml).
+See https://github.com/slsa-framework/slsa-verifier/releases for the list of available `slsa-verifier` releases. Only versions greater or equal to 2.0.1 are supported.
 
 This action requires using GitHub-provided Linux runners.
diff --git a/actions/installer/dist/index.js b/actions/installer/dist/index.js
index a494aa361..b7f5521ec 100644
--- a/actions/installer/dist/index.js
+++ b/actions/installer/dist/index.js
@@ -353,7 +353,6 @@ const file_command_1 = __nccwpck_require__(717);
 const utils_1 = __nccwpck_require__(5278);
 const os = __importStar(__nccwpck_require__(2037));
 const path = __importStar(__nccwpck_require__(1017));
-const uuid_1 = __nccwpck_require__(5840);
 const oidc_utils_1 = __nccwpck_require__(8041);
 /**
  * The code to exit an action
@@ -383,20 +382,9 @@ function exportVariable(name, val) {
     process.env[name] = convertedVal;
     const filePath = process.env['GITHUB_ENV'] || '';
     if (filePath) {
-        const delimiter = `ghadelimiter_${uuid_1.v4()}`;
-        // These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter.
-        if (name.includes(delimiter)) {
-            throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
-        }
-        if (convertedVal.includes(delimiter)) {
-            throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
-        }
-        const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;
-        file_command_1.issueCommand('ENV', commandValue);
-    }
-    else {
-        command_1.issueCommand('set-env', { name }, convertedVal);
+        return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val));
     }
+    command_1.issueCommand('set-env', { name }, convertedVal);
 }
 exports.exportVariable = exportVariable;
 /**
@@ -414,7 +402,7 @@ exports.setSecret = setSecret;
 function addPath(inputPath) {
     const filePath = process.env['GITHUB_PATH'] || '';
     if (filePath) {
-        file_command_1.issueCommand('PATH', inputPath);
+        file_command_1.issueFileCommand('PATH', inputPath);
     }
     else {
         command_1.issueCommand('add-path', {}, inputPath);
@@ -454,7 +442,10 @@ function getMultilineInput(name, options) {
     const inputs = getInput(name, options)
         .split('\n')
         .filter(x => x !== '');
-    return inputs;
+    if (options && options.trimWhitespace === false) {
+        return inputs;
+    }
+    return inputs.map(input => input.trim());
 }
 exports.getMultilineInput = getMultilineInput;
 /**
@@ -487,8 +478,12 @@ exports.getBooleanInput = getBooleanInput;
  */
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 function setOutput(name, value) {
+    const filePath = process.env['GITHUB_OUTPUT'] || '';
+    if (filePath) {
+        return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value));
+    }
     process.stdout.write(os.EOL);
-    command_1.issueCommand('set-output', { name }, value);
+    command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value));
 }
 exports.setOutput = setOutput;
 /**
@@ -617,7 +612,11 @@ exports.group = group;
  */
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 function saveState(name, value) {
-    command_1.issueCommand('save-state', { name }, value);
+    const filePath = process.env['GITHUB_STATE'] || '';
+    if (filePath) {
+        return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value));
+    }
+    command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value));
 }
 exports.saveState = saveState;
 /**
@@ -683,13 +682,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.issueCommand = void 0;
+exports.prepareKeyValueMessage = exports.issueFileCommand = void 0;
 // We use any as a valid input type
 /* eslint-disable @typescript-eslint/no-explicit-any */
 const fs = __importStar(__nccwpck_require__(7147));
 const os = __importStar(__nccwpck_require__(2037));
+const uuid_1 = __nccwpck_require__(5840);
 const utils_1 = __nccwpck_require__(5278);
-function issueCommand(command, message) {
+function issueFileCommand(command, message) {
     const filePath = process.env[`GITHUB_${command}`];
     if (!filePath) {
         throw new Error(`Unable to find environment variable for file command ${command}`);
@@ -701,7 +701,22 @@ function issueCommand(command, message) {
         encoding: 'utf8'
     });
 }
-exports.issueCommand = issueCommand;
+exports.issueFileCommand = issueFileCommand;
+function prepareKeyValueMessage(key, value) {
+    const delimiter = `ghadelimiter_${uuid_1.v4()}`;
+    const convertedValue = utils_1.toCommandValue(value);
+    // These should realistically never happen, but just in case someone finds a
+    // way to exploit uuid generation let's not allow keys or values that contain
+    // the delimiter.
+    if (key.includes(delimiter)) {
+        throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
+    }
+    if (convertedValue.includes(delimiter)) {
+        throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`);
+    }
+    return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;
+}
+exports.prepareKeyValueMessage = prepareKeyValueMessage;
 //# sourceMappingURL=file-command.js.map
 
 /***/ }),
@@ -2023,8 +2038,9 @@ exports.context = new Context.Context();
  * @param     token    the repo PAT or GITHUB_TOKEN
  * @param     options  other options to set
  */
-function getOctokit(token, options) {
-    return new utils_1.GitHub(utils_1.getOctokitOptions(token, options));
+function getOctokit(token, options, ...additionalPlugins) {
+    const GitHubWithPlugins = utils_1.GitHub.plugin(...additionalPlugins);
+    return new GitHubWithPlugins(utils_1.getOctokitOptions(token, options));
 }
 exports.getOctokit = getOctokit;
 //# sourceMappingURL=github.js.map
@@ -2106,7 +2122,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.getOctokitOptions = exports.GitHub = exports.context = void 0;
+exports.getOctokitOptions = exports.GitHub = exports.defaults = exports.context = void 0;
 const Context = __importStar(__nccwpck_require__(4087));
 const Utils = __importStar(__nccwpck_require__(7914));
 // octokit + plugins
@@ -2115,13 +2131,13 @@ const plugin_rest_endpoint_methods_1 = __nccwpck_require__(3044);
 const plugin_paginate_rest_1 = __nccwpck_require__(4193);
 exports.context = new Context.Context();
 const baseUrl = Utils.getApiBaseUrl();
-const defaults = {
+exports.defaults = {
     baseUrl,
     request: {
         agent: Utils.getProxyAgent(baseUrl)
     }
 };
-exports.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(defaults);
+exports.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(exports.defaults);
 /**
  * Convience function to correctly format Octokit Options to pass into the constructor.
  *
@@ -2945,11 +2961,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 var _a;
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.getCmdPath = exports.tryGetExecutablePath = exports.isRooted = exports.isDirectory = exports.exists = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rename = exports.readlink = exports.readdir = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;
+exports.getCmdPath = exports.tryGetExecutablePath = exports.isRooted = exports.isDirectory = exports.exists = exports.READONLY = exports.UV_FS_O_EXLOCK = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rm = exports.rename = exports.readlink = exports.readdir = exports.open = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;
 const fs = __importStar(__nccwpck_require__(7147));
 const path = __importStar(__nccwpck_require__(1017));
-_a = fs.promises, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.readdir = _a.readdir, exports.readlink = _a.readlink, exports.rename = _a.rename, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;
+_a = fs.promises
+// export const {open} = 'fs'
+, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.open = _a.open, exports.readdir = _a.readdir, exports.readlink = _a.readlink, exports.rename = _a.rename, exports.rm = _a.rm, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;
+// export const {open} = 'fs'
 exports.IS_WINDOWS = process.platform === 'win32';
+// See https://github.com/nodejs/node/blob/d0153aee367422d0858105abec186da4dff0a0c5/deps/uv/include/uv/win.h#L691
+exports.UV_FS_O_EXLOCK = 0x10000000;
+exports.READONLY = fs.constants.O_RDONLY;
 function exists(fsPath) {
     return __awaiter(this, void 0, void 0, function* () {
         try {
@@ -3130,12 +3152,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.findInPath = exports.which = exports.mkdirP = exports.rmRF = exports.mv = exports.cp = void 0;
 const assert_1 = __nccwpck_require__(9491);
-const childProcess = __importStar(__nccwpck_require__(2081));
 const path = __importStar(__nccwpck_require__(1017));
-const util_1 = __nccwpck_require__(3837);
 const ioUtil = __importStar(__nccwpck_require__(1962));
-const exec = util_1.promisify(childProcess.exec);
-const execFile = util_1.promisify(childProcess.execFile);
 /**
  * Copies a file or folder.
  * Based off of shelljs - https://github.com/shelljs/shelljs/blob/9237f66c52e5daa40458f94f9565e18e8132f5a6/src/cp.js
@@ -3216,61 +3234,23 @@ exports.mv = mv;
 function rmRF(inputPath) {
     return __awaiter(this, void 0, void 0, function* () {
         if (ioUtil.IS_WINDOWS) {
-            // Node doesn't provide a delete operation, only an unlink function. This means that if the file is being used by another
-            // program (e.g. antivirus), it won't be deleted. To address this, we shell out the work to rd/del.
             // Check for invalid characters
             // https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file
             if (/[*"<>|]/.test(inputPath)) {
                 throw new Error('File path must not contain `*`, `"`, `<`, `>` or `|` on Windows');
             }
-            try {
-                const cmdPath = ioUtil.getCmdPath();
-                if (yield ioUtil.isDirectory(inputPath, true)) {
-                    yield exec(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, {
-                        env: { inputPath }
-                    });
-                }
-                else {
-                    yield exec(`${cmdPath} /s /c "del /f /a "%inputPath%""`, {
-                        env: { inputPath }
-                    });
-                }
-            }
-            catch (err) {
-                // if you try to delete a file that doesn't exist, desired result is achieved
-                // other errors are valid
-                if (err.code !== 'ENOENT')
-                    throw err;
-            }
-            // Shelling out fails to remove a symlink folder with missing source, this unlink catches that
-            try {
-                yield ioUtil.unlink(inputPath);
-            }
-            catch (err) {
-                // if you try to delete a file that doesn't exist, desired result is achieved
-                // other errors are valid
-                if (err.code !== 'ENOENT')
-                    throw err;
-            }
         }
-        else {
-            let isDir = false;
-            try {
-                isDir = yield ioUtil.isDirectory(inputPath);
-            }
-            catch (err) {
-                // if you try to delete a file that doesn't exist, desired result is achieved
-                // other errors are valid
-                if (err.code !== 'ENOENT')
-                    throw err;
-                return;
-            }
-            if (isDir) {
-                yield execFile(`rm`, [`-rf`, `${inputPath}`]);
-            }
-            else {
-                yield ioUtil.unlink(inputPath);
-            }
+        try {
+            // note if path does not exist, error is silent
+            yield ioUtil.rm(inputPath, {
+                force: true,
+                maxRetries: 3,
+                recursive: true,
+                retryDelay: 300
+            });
+        }
+        catch (err) {
+            throw new Error(`File was unable to be removed ${err}`);
         }
     });
 }
diff --git a/actions/installer/dist/index.js.map b/actions/installer/dist/index.js.map
index 322640f71..f45a7b245 100644
--- a/actions/installer/dist/index.js.map
+++ b/actions/installer/dist/index.js.map
@@ -1 +1 @@
-{"version":3,"file":"index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC3FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1RA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5lBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/HA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AClFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACxpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/KA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACllCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACzEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACxDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3jDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChMA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC9EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1GA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChxCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChCA;;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AC7BA;AACA;;;;AEDA;AACA;AACA;AACA","sources":["../webpack://setup-slsa-verifier/./lib/index.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/command.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/core.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/file-command.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/oidc-utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/path-utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/summary.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/exec/lib/exec.js","../webpack://setup-slsa-verifier/./node_modules/@actions/exec/lib/toolrunner.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/context.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/github.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/internal/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/auth.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/proxy.js","../webpack://setup-slsa-verifier/./node_modules/@actions/io/lib/io-util.js","../webpack://setup-slsa-verifier/./node_modules/@actions/io/lib/io.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/manifest.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/retry-helper.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/tool-cache.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/lib/bytesToUuid.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/lib/rng.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/v4.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/auth-token/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/core/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/endpoint/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/graphql/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/plugin-paginate-rest/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/request-error/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/request/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/index.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/add.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/register.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/remove.js","../webpack://setup-slsa-verifier/./node_modules/deprecation/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/is-plain-object/dist/is-plain-object.js","../webpack://setup-slsa-verifier/./node_modules/node-fetch/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/once/once.js","../webpack://setup-slsa-verifier/./node_modules/semver/semver.js","../webpack://setup-slsa-verifier/./node_modules/tr46/index.js","../webpack://setup-slsa-verifier/./node_modules/tunnel/index.js","../webpack://setup-slsa-verifier/./node_modules/tunnel/lib/tunnel.js","../webpack://setup-slsa-verifier/./node_modules/universal-user-agent/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/index.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/md5.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/nil.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/parse.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/regex.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/rng.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/sha1.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/stringify.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v1.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v3.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v35.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v4.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v5.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/validate.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/version.js","../webpack://setup-slsa-verifier/./node_modules/webidl-conversions/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/URL-impl.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/URL.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/public-api.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/url-state-machine.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/wrappy/wrappy.js","../webpack://setup-slsa-verifier/./node_modules/@vercel/ncc/dist/ncc/@@notfound.js","../webpack://setup-slsa-verifier/external node-commonjs \"assert\"","../webpack://setup-slsa-verifier/external node-commonjs \"child_process\"","../webpack://setup-slsa-verifier/external node-commonjs \"crypto\"","../webpack://setup-slsa-verifier/external node-commonjs \"events\"","../webpack://setup-slsa-verifier/external node-commonjs \"fs\"","../webpack://setup-slsa-verifier/external node-commonjs \"http\"","../webpack://setup-slsa-verifier/external node-commonjs \"https\"","../webpack://setup-slsa-verifier/external node-commonjs \"net\"","../webpack://setup-slsa-verifier/external node-commonjs \"os\"","../webpack://setup-slsa-verifier/external node-commonjs \"path\"","../webpack://setup-slsa-verifier/external node-commonjs \"punycode\"","../webpack://setup-slsa-verifier/external node-commonjs \"stream\"","../webpack://setup-slsa-verifier/external node-commonjs \"string_decoder\"","../webpack://setup-slsa-verifier/external node-commonjs \"timers\"","../webpack://setup-slsa-verifier/external node-commonjs \"tls\"","../webpack://setup-slsa-verifier/external node-commonjs \"url\"","../webpack://setup-slsa-verifier/external node-commonjs \"util\"","../webpack://setup-slsa-verifier/external node-commonjs \"zlib\"","../webpack://setup-slsa-verifier/webpack/bootstrap","../webpack://setup-slsa-verifier/webpack/runtime/compat","../webpack://setup-slsa-verifier/webpack/before-startup","../webpack://setup-slsa-verifier/webpack/startup","../webpack://setup-slsa-verifier/webpack/after-startup"],"sourcesContent":["\"use strict\";\n// Copyright 2022 SLSA Authors\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n// you may not use this file except in compliance with the License.\n// You may obtain a copy of the License at\n//\n//     https://www.apache.org/licenses/LICENSE-2.0\n//\n// Unless required by applicable law or agreed to in writing, software\n// distributed under the License is distributed on an \"AS IS\" BASIS,\n// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n// See the License for the specific language governing permissions and\n// limitations under the License.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.fileHasExpectedSha256Hash = exports.getVerifierVersion = exports.validVersion = void 0;\nconst core = __importStar(require(\"@actions/core\"));\nconst exec = __importStar(require(\"@actions/exec\"));\nconst github = __importStar(require(\"@actions/github\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst tc = __importStar(require(\"@actions/tool-cache\"));\nconst crypto = __importStar(require(\"crypto\"));\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst BOOTSTRAP_VERSION = \"v2.0.0\";\nconst BOOTSTRAP_VERIFIER_SHA256 = \"8d2e93a9ea0126d5daec22f2778b42fea79192605d16955f0c91847c3a6a8921\";\nconst BINARY_NAME = \"slsa-verifier\";\nconst PROVENANCE_NAME = \"slsa-verifier-linux-amd64.intoto.jsonl\";\n// If true, the input string conforms to slsa-verifier's versioning system.\nfunction validVersion(version) {\n    const re = /(v[0-9]+\\.[0-9]+\\.[0-9]+)/;\n    return re.test(version);\n}\nexports.validVersion = validVersion;\n// Resolve command line argument to a version number\nfunction getVerifierVersion(actionRef) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (validVersion(actionRef)) {\n            return actionRef;\n        }\n        // If actionRef is a commit SHA, then find the associated version number.\n        const shaRe = /^[a-f\\d]{40}$/;\n        if (shaRe.test(actionRef)) {\n            const octokit = github.getOctokit(core.getInput(\"github-token\"));\n            const { data: tags } = yield octokit.request(\"GET /repos/{owner}/{repository}/tags\", {\n                owner: \"slsa-framework\",\n                repository: \"slsa-verifier\",\n            });\n            for (const tag of tags) {\n                const commitSha = tag.commit.sha;\n                if (commitSha === actionRef) {\n                    return tag.name;\n                }\n            }\n        }\n        throw new Error(`Invalid version provided: ${actionRef}. For the set of valid versions, see https://github.com/slsa-framework/slsa-verifier/releases.`);\n    });\n}\nexports.getVerifierVersion = getVerifierVersion;\n// If true, then the file in `path` has the same SHA256 hash as `expectedSha256Hash``.\nfunction fileHasExpectedSha256Hash(filePath, expectedSha256Hash) {\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`File not found: ${filePath}`);\n    }\n    const untrustedFile = fs.readFileSync(filePath);\n    const computedSha256Hash = crypto\n        .createHash(\"sha256\")\n        .update(untrustedFile)\n        .digest(\"hex\");\n    return computedSha256Hash === expectedSha256Hash;\n}\nexports.fileHasExpectedSha256Hash = fileHasExpectedSha256Hash;\nlet tmpDir;\n// Delete bootstrap version and maybe installed version\nfunction cleanup() {\n    return __awaiter(this, void 0, void 0, function* () {\n        yield io.rmRF(`${tmpDir}`);\n    });\n}\nfunction run() {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Get requested verifier version and validate\n        // SLSA_VERIFIER_CI_ACTION_REF is a utility env variable to help us test\n        // the Action in CI.\n        const actionRef = process.env.GITHUB_ACTION_REF ||\n            process.env.SLSA_VERIFIER_CI_ACTION_REF ||\n            \"\";\n        let version;\n        try {\n            version = yield getVerifierVersion(actionRef);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Invalid version provided. For the set of valid versions, see https://github.com/slsa-framework/slsa-verifier/releases. ${errMsg}`);\n            cleanup();\n            return;\n        }\n        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), \"slsa-verifier_\"));\n        const bootstrapDir = `${tmpDir}/bootstrap`;\n        const installDir = `${tmpDir}/${version}`;\n        let bootstrapVerifierPath;\n        try {\n            // Download bootstrap version and validate SHA256 checksum\n            bootstrapVerifierPath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${BOOTSTRAP_VERSION}/slsa-verifier-linux-amd64`, `${bootstrapDir}/${BINARY_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading bootstrap slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        if (!fileHasExpectedSha256Hash(bootstrapVerifierPath, BOOTSTRAP_VERIFIER_SHA256)) {\n            core.setFailed(`Unable to verify slsa-verifier checksum. Aborting installation.`);\n            cleanup();\n            return;\n        }\n        fs.chmodSync(bootstrapVerifierPath, 0o100);\n        let downloadedBinaryPath;\n        try {\n            // Download requested version binary and provenance\n            downloadedBinaryPath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${version}/slsa-verifier-linux-amd64`, `${installDir}/${BINARY_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        let downloadedProvenancePath;\n        try {\n            downloadedProvenancePath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${version}/slsa-verifier-linux-amd64.intoto.jsonl`, `${installDir}/${PROVENANCE_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading binary provenance: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        // Validate binary provenance\n        try {\n            const { exitCode, stdout, stderr } = yield exec.getExecOutput(`${bootstrapVerifierPath}`, [\n                \"verify-artifact\",\n                downloadedBinaryPath,\n                \"--provenance-path\",\n                downloadedProvenancePath,\n                \"--source-uri\",\n                \"github.com/slsa-framework/slsa-verifier\",\n                \"--source-tag\",\n                version,\n            ]);\n            if (exitCode !== 0) {\n                throw new Error(`Unable to verify binary provenance. Aborting installation. stdout: ${stdout}; stderr: ${stderr}`);\n            }\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error executing slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        // Copy requested version to HOME directory.\n        const finalDir = `${os.homedir()}/.slsa/bin/${version}`;\n        const finalPath = `${finalDir}/${BINARY_NAME}`;\n        fs.mkdirSync(finalDir, { recursive: true });\n        fs.copyFileSync(downloadedBinaryPath, finalPath);\n        fs.chmodSync(finalPath, 0o100);\n        core.addPath(finalDir);\n        core.setOutput(\"verifier-path\", finalDir);\n        cleanup();\n    });\n}\nrun();\n","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issue = exports.issueCommand = void 0;\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\n/**\n * Commands\n *\n * Command Format:\n *   ::name key=value,key=value::message\n *\n * Examples:\n *   ::warning::This is the message\n *   ::set-env name=MY_VAR::some value\n */\nfunction issueCommand(command, properties, message) {\n    const cmd = new Command(command, properties, message);\n    process.stdout.write(cmd.toString() + os.EOL);\n}\nexports.issueCommand = issueCommand;\nfunction issue(name, message = '') {\n    issueCommand(name, {}, message);\n}\nexports.issue = issue;\nconst CMD_STRING = '::';\nclass Command {\n    constructor(command, properties, message) {\n        if (!command) {\n            command = 'missing.command';\n        }\n        this.command = command;\n        this.properties = properties;\n        this.message = message;\n    }\n    toString() {\n        let cmdStr = CMD_STRING + this.command;\n        if (this.properties && Object.keys(this.properties).length > 0) {\n            cmdStr += ' ';\n            let first = true;\n            for (const key in this.properties) {\n                if (this.properties.hasOwnProperty(key)) {\n                    const val = this.properties[key];\n                    if (val) {\n                        if (first) {\n                            first = false;\n                        }\n                        else {\n                            cmdStr += ',';\n                        }\n                        cmdStr += `${key}=${escapeProperty(val)}`;\n                    }\n                }\n            }\n        }\n        cmdStr += `${CMD_STRING}${escapeData(this.message)}`;\n        return cmdStr;\n    }\n}\nfunction escapeData(s) {\n    return utils_1.toCommandValue(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A');\n}\nfunction escapeProperty(s) {\n    return utils_1.toCommandValue(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A')\n        .replace(/:/g, '%3A')\n        .replace(/,/g, '%2C');\n}\n//# sourceMappingURL=command.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getIDToken = exports.getState = exports.saveState = exports.group = exports.endGroup = exports.startGroup = exports.info = exports.notice = exports.warning = exports.error = exports.debug = exports.isDebug = exports.setFailed = exports.setCommandEcho = exports.setOutput = exports.getBooleanInput = exports.getMultilineInput = exports.getInput = exports.addPath = exports.setSecret = exports.exportVariable = exports.ExitCode = void 0;\nconst command_1 = require(\"./command\");\nconst file_command_1 = require(\"./file-command\");\nconst utils_1 = require(\"./utils\");\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst uuid_1 = require(\"uuid\");\nconst oidc_utils_1 = require(\"./oidc-utils\");\n/**\n * The code to exit an action\n */\nvar ExitCode;\n(function (ExitCode) {\n    /**\n     * A code indicating that the action was successful\n     */\n    ExitCode[ExitCode[\"Success\"] = 0] = \"Success\";\n    /**\n     * A code indicating that the action was a failure\n     */\n    ExitCode[ExitCode[\"Failure\"] = 1] = \"Failure\";\n})(ExitCode = exports.ExitCode || (exports.ExitCode = {}));\n//-----------------------------------------------------------------------\n// Variables\n//-----------------------------------------------------------------------\n/**\n * Sets env variable for this action and future actions in the job\n * @param name the name of the variable to set\n * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction exportVariable(name, val) {\n    const convertedVal = utils_1.toCommandValue(val);\n    process.env[name] = convertedVal;\n    const filePath = process.env['GITHUB_ENV'] || '';\n    if (filePath) {\n        const delimiter = `ghadelimiter_${uuid_1.v4()}`;\n        // These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter.\n        if (name.includes(delimiter)) {\n            throw new Error(`Unexpected input: name should not contain the delimiter \"${delimiter}\"`);\n        }\n        if (convertedVal.includes(delimiter)) {\n            throw new Error(`Unexpected input: value should not contain the delimiter \"${delimiter}\"`);\n        }\n        const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;\n        file_command_1.issueCommand('ENV', commandValue);\n    }\n    else {\n        command_1.issueCommand('set-env', { name }, convertedVal);\n    }\n}\nexports.exportVariable = exportVariable;\n/**\n * Registers a secret which will get masked from logs\n * @param secret value of the secret\n */\nfunction setSecret(secret) {\n    command_1.issueCommand('add-mask', {}, secret);\n}\nexports.setSecret = setSecret;\n/**\n * Prepends inputPath to the PATH (for this action and future actions)\n * @param inputPath\n */\nfunction addPath(inputPath) {\n    const filePath = process.env['GITHUB_PATH'] || '';\n    if (filePath) {\n        file_command_1.issueCommand('PATH', inputPath);\n    }\n    else {\n        command_1.issueCommand('add-path', {}, inputPath);\n    }\n    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;\n}\nexports.addPath = addPath;\n/**\n * Gets the value of an input.\n * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed.\n * Returns an empty string if the value is not defined.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string\n */\nfunction getInput(name, options) {\n    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';\n    if (options && options.required && !val) {\n        throw new Error(`Input required and not supplied: ${name}`);\n    }\n    if (options && options.trimWhitespace === false) {\n        return val;\n    }\n    return val.trim();\n}\nexports.getInput = getInput;\n/**\n * Gets the values of an multiline input.  Each value is also trimmed.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string[]\n *\n */\nfunction getMultilineInput(name, options) {\n    const inputs = getInput(name, options)\n        .split('\\n')\n        .filter(x => x !== '');\n    return inputs;\n}\nexports.getMultilineInput = getMultilineInput;\n/**\n * Gets the input value of the boolean type in the YAML 1.2 \"core schema\" specification.\n * Support boolean input list: `true | True | TRUE | false | False | FALSE` .\n * The return value is also in boolean type.\n * ref: https://yaml.org/spec/1.2/spec.html#id2804923\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   boolean\n */\nfunction getBooleanInput(name, options) {\n    const trueValue = ['true', 'True', 'TRUE'];\n    const falseValue = ['false', 'False', 'FALSE'];\n    const val = getInput(name, options);\n    if (trueValue.includes(val))\n        return true;\n    if (falseValue.includes(val))\n        return false;\n    throw new TypeError(`Input does not meet YAML 1.2 \"Core Schema\" specification: ${name}\\n` +\n        `Support boolean input list: \\`true | True | TRUE | false | False | FALSE\\``);\n}\nexports.getBooleanInput = getBooleanInput;\n/**\n * Sets the value of an output.\n *\n * @param     name     name of the output to set\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction setOutput(name, value) {\n    process.stdout.write(os.EOL);\n    command_1.issueCommand('set-output', { name }, value);\n}\nexports.setOutput = setOutput;\n/**\n * Enables or disables the echoing of commands into stdout for the rest of the step.\n * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.\n *\n */\nfunction setCommandEcho(enabled) {\n    command_1.issue('echo', enabled ? 'on' : 'off');\n}\nexports.setCommandEcho = setCommandEcho;\n//-----------------------------------------------------------------------\n// Results\n//-----------------------------------------------------------------------\n/**\n * Sets the action status to failed.\n * When the action exits it will be with an exit code of 1\n * @param message add error issue message\n */\nfunction setFailed(message) {\n    process.exitCode = ExitCode.Failure;\n    error(message);\n}\nexports.setFailed = setFailed;\n//-----------------------------------------------------------------------\n// Logging Commands\n//-----------------------------------------------------------------------\n/**\n * Gets whether Actions Step Debug is on or not\n */\nfunction isDebug() {\n    return process.env['RUNNER_DEBUG'] === '1';\n}\nexports.isDebug = isDebug;\n/**\n * Writes debug message to user log\n * @param message debug message\n */\nfunction debug(message) {\n    command_1.issueCommand('debug', {}, message);\n}\nexports.debug = debug;\n/**\n * Adds an error issue\n * @param message error issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction error(message, properties = {}) {\n    command_1.issueCommand('error', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.error = error;\n/**\n * Adds a warning issue\n * @param message warning issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction warning(message, properties = {}) {\n    command_1.issueCommand('warning', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.warning = warning;\n/**\n * Adds a notice issue\n * @param message notice issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction notice(message, properties = {}) {\n    command_1.issueCommand('notice', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.notice = notice;\n/**\n * Writes info to log with console.log.\n * @param message info message\n */\nfunction info(message) {\n    process.stdout.write(message + os.EOL);\n}\nexports.info = info;\n/**\n * Begin an output group.\n *\n * Output until the next `groupEnd` will be foldable in this group\n *\n * @param name The name of the output group\n */\nfunction startGroup(name) {\n    command_1.issue('group', name);\n}\nexports.startGroup = startGroup;\n/**\n * End an output group.\n */\nfunction endGroup() {\n    command_1.issue('endgroup');\n}\nexports.endGroup = endGroup;\n/**\n * Wrap an asynchronous function call in a group.\n *\n * Returns the same type as the function itself.\n *\n * @param name The name of the group\n * @param fn The function to wrap in the group\n */\nfunction group(name, fn) {\n    return __awaiter(this, void 0, void 0, function* () {\n        startGroup(name);\n        let result;\n        try {\n            result = yield fn();\n        }\n        finally {\n            endGroup();\n        }\n        return result;\n    });\n}\nexports.group = group;\n//-----------------------------------------------------------------------\n// Wrapper action state\n//-----------------------------------------------------------------------\n/**\n * Saves state for current action, the state can only be retrieved by this action's post job execution.\n *\n * @param     name     name of the state to store\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction saveState(name, value) {\n    command_1.issueCommand('save-state', { name }, value);\n}\nexports.saveState = saveState;\n/**\n * Gets the value of an state set by this action's main execution.\n *\n * @param     name     name of the state to get\n * @returns   string\n */\nfunction getState(name) {\n    return process.env[`STATE_${name}`] || '';\n}\nexports.getState = getState;\nfunction getIDToken(aud) {\n    return __awaiter(this, void 0, void 0, function* () {\n        return yield oidc_utils_1.OidcClient.getIDToken(aud);\n    });\n}\nexports.getIDToken = getIDToken;\n/**\n * Summary exports\n */\nvar summary_1 = require(\"./summary\");\nObject.defineProperty(exports, \"summary\", { enumerable: true, get: function () { return summary_1.summary; } });\n/**\n * @deprecated use core.summary\n */\nvar summary_2 = require(\"./summary\");\nObject.defineProperty(exports, \"markdownSummary\", { enumerable: true, get: function () { return summary_2.markdownSummary; } });\n/**\n * Path exports\n */\nvar path_utils_1 = require(\"./path-utils\");\nObject.defineProperty(exports, \"toPosixPath\", { enumerable: true, get: function () { return path_utils_1.toPosixPath; } });\nObject.defineProperty(exports, \"toWin32Path\", { enumerable: true, get: function () { return path_utils_1.toWin32Path; } });\nObject.defineProperty(exports, \"toPlatformPath\", { enumerable: true, get: function () { return path_utils_1.toPlatformPath; } });\n//# sourceMappingURL=core.js.map","\"use strict\";\n// For internal use, subject to change.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issueCommand = void 0;\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\nfunction issueCommand(command, message) {\n    const filePath = process.env[`GITHUB_${command}`];\n    if (!filePath) {\n        throw new Error(`Unable to find environment variable for file command ${command}`);\n    }\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`Missing file at path: ${filePath}`);\n    }\n    fs.appendFileSync(filePath, `${utils_1.toCommandValue(message)}${os.EOL}`, {\n        encoding: 'utf8'\n    });\n}\nexports.issueCommand = issueCommand;\n//# sourceMappingURL=file-command.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.OidcClient = void 0;\nconst http_client_1 = require(\"@actions/http-client\");\nconst auth_1 = require(\"@actions/http-client/lib/auth\");\nconst core_1 = require(\"./core\");\nclass OidcClient {\n    static createHttpClient(allowRetry = true, maxRetry = 10) {\n        const requestOptions = {\n            allowRetries: allowRetry,\n            maxRetries: maxRetry\n        };\n        return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions);\n    }\n    static getRequestToken() {\n        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];\n        if (!token) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable');\n        }\n        return token;\n    }\n    static getIDTokenUrl() {\n        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];\n        if (!runtimeUrl) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');\n        }\n        return runtimeUrl;\n    }\n    static getCall(id_token_url) {\n        var _a;\n        return __awaiter(this, void 0, void 0, function* () {\n            const httpclient = OidcClient.createHttpClient();\n            const res = yield httpclient\n                .getJson(id_token_url)\n                .catch(error => {\n                throw new Error(`Failed to get ID Token. \\n \n        Error Code : ${error.statusCode}\\n \n        Error Message: ${error.result.message}`);\n            });\n            const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;\n            if (!id_token) {\n                throw new Error('Response json body do not have ID Token field');\n            }\n            return id_token;\n        });\n    }\n    static getIDToken(audience) {\n        return __awaiter(this, void 0, void 0, function* () {\n            try {\n                // New ID Token is requested from action service\n                let id_token_url = OidcClient.getIDTokenUrl();\n                if (audience) {\n                    const encodedAudience = encodeURIComponent(audience);\n                    id_token_url = `${id_token_url}&audience=${encodedAudience}`;\n                }\n                core_1.debug(`ID token url is ${id_token_url}`);\n                const id_token = yield OidcClient.getCall(id_token_url);\n                core_1.setSecret(id_token);\n                return id_token;\n            }\n            catch (error) {\n                throw new Error(`Error message: ${error.message}`);\n            }\n        });\n    }\n}\nexports.OidcClient = OidcClient;\n//# sourceMappingURL=oidc-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = void 0;\nconst path = __importStar(require(\"path\"));\n/**\n * toPosixPath converts the given path to the posix form. On Windows, \\\\ will be\n * replaced with /.\n *\n * @param pth. Path to transform.\n * @return string Posix path.\n */\nfunction toPosixPath(pth) {\n    return pth.replace(/[\\\\]/g, '/');\n}\nexports.toPosixPath = toPosixPath;\n/**\n * toWin32Path converts the given path to the win32 form. On Linux, / will be\n * replaced with \\\\.\n *\n * @param pth. Path to transform.\n * @return string Win32 path.\n */\nfunction toWin32Path(pth) {\n    return pth.replace(/[/]/g, '\\\\');\n}\nexports.toWin32Path = toWin32Path;\n/**\n * toPlatformPath converts the given path to a platform-specific path. It does\n * this by replacing instances of / and \\ with the platform-specific path\n * separator.\n *\n * @param pth The path to platformize.\n * @return string The platform-specific path.\n */\nfunction toPlatformPath(pth) {\n    return pth.replace(/[/\\\\]/g, path.sep);\n}\nexports.toPlatformPath = toPlatformPath;\n//# sourceMappingURL=path-utils.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.summary = exports.markdownSummary = exports.SUMMARY_DOCS_URL = exports.SUMMARY_ENV_VAR = void 0;\nconst os_1 = require(\"os\");\nconst fs_1 = require(\"fs\");\nconst { access, appendFile, writeFile } = fs_1.promises;\nexports.SUMMARY_ENV_VAR = 'GITHUB_STEP_SUMMARY';\nexports.SUMMARY_DOCS_URL = 'https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary';\nclass Summary {\n    constructor() {\n        this._buffer = '';\n    }\n    /**\n     * Finds the summary file path from the environment, rejects if env var is not found or file does not exist\n     * Also checks r/w permissions.\n     *\n     * @returns step summary file path\n     */\n    filePath() {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._filePath) {\n                return this._filePath;\n            }\n            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];\n            if (!pathFromEnv) {\n                throw new Error(`Unable to find environment variable for $${exports.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);\n            }\n            try {\n                yield access(pathFromEnv, fs_1.constants.R_OK | fs_1.constants.W_OK);\n            }\n            catch (_a) {\n                throw new Error(`Unable to access summary file: '${pathFromEnv}'. Check if the file has correct read/write permissions.`);\n            }\n            this._filePath = pathFromEnv;\n            return this._filePath;\n        });\n    }\n    /**\n     * Wraps content in an HTML tag, adding any HTML attributes\n     *\n     * @param {string} tag HTML tag to wrap\n     * @param {string | null} content content within the tag\n     * @param {[attribute: string]: string} attrs key-value list of HTML attributes to add\n     *\n     * @returns {string} content wrapped in HTML element\n     */\n    wrap(tag, content, attrs = {}) {\n        const htmlAttrs = Object.entries(attrs)\n            .map(([key, value]) => ` ${key}=\"${value}\"`)\n            .join('');\n        if (!content) {\n            return `<${tag}${htmlAttrs}>`;\n        }\n        return `<${tag}${htmlAttrs}>${content}</${tag}>`;\n    }\n    /**\n     * Writes text in the buffer to the summary buffer file and empties buffer. Will append by default.\n     *\n     * @param {SummaryWriteOptions} [options] (optional) options for write operation\n     *\n     * @returns {Promise<Summary>} summary instance\n     */\n    write(options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);\n            const filePath = yield this.filePath();\n            const writeFunc = overwrite ? writeFile : appendFile;\n            yield writeFunc(filePath, this._buffer, { encoding: 'utf8' });\n            return this.emptyBuffer();\n        });\n    }\n    /**\n     * Clears the summary buffer and wipes the summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    clear() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.emptyBuffer().write({ overwrite: true });\n        });\n    }\n    /**\n     * Returns the current summary buffer as a string\n     *\n     * @returns {string} string of summary buffer\n     */\n    stringify() {\n        return this._buffer;\n    }\n    /**\n     * If the summary buffer is empty\n     *\n     * @returns {boolen} true if the buffer is empty\n     */\n    isEmptyBuffer() {\n        return this._buffer.length === 0;\n    }\n    /**\n     * Resets the summary buffer without writing to summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    emptyBuffer() {\n        this._buffer = '';\n        return this;\n    }\n    /**\n     * Adds raw text to the summary buffer\n     *\n     * @param {string} text content to add\n     * @param {boolean} [addEOL=false] (optional) append an EOL to the raw text (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addRaw(text, addEOL = false) {\n        this._buffer += text;\n        return addEOL ? this.addEOL() : this;\n    }\n    /**\n     * Adds the operating system-specific end-of-line marker to the buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addEOL() {\n        return this.addRaw(os_1.EOL);\n    }\n    /**\n     * Adds an HTML codeblock to the summary buffer\n     *\n     * @param {string} code content to render within fenced code block\n     * @param {string} lang (optional) language to syntax highlight code\n     *\n     * @returns {Summary} summary instance\n     */\n    addCodeBlock(code, lang) {\n        const attrs = Object.assign({}, (lang && { lang }));\n        const element = this.wrap('pre', this.wrap('code', code), attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML list to the summary buffer\n     *\n     * @param {string[]} items list of items to render\n     * @param {boolean} [ordered=false] (optional) if the rendered list should be ordered or not (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addList(items, ordered = false) {\n        const tag = ordered ? 'ol' : 'ul';\n        const listItems = items.map(item => this.wrap('li', item)).join('');\n        const element = this.wrap(tag, listItems);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML table to the summary buffer\n     *\n     * @param {SummaryTableCell[]} rows table rows\n     *\n     * @returns {Summary} summary instance\n     */\n    addTable(rows) {\n        const tableBody = rows\n            .map(row => {\n            const cells = row\n                .map(cell => {\n                if (typeof cell === 'string') {\n                    return this.wrap('td', cell);\n                }\n                const { header, data, colspan, rowspan } = cell;\n                const tag = header ? 'th' : 'td';\n                const attrs = Object.assign(Object.assign({}, (colspan && { colspan })), (rowspan && { rowspan }));\n                return this.wrap(tag, data, attrs);\n            })\n                .join('');\n            return this.wrap('tr', cells);\n        })\n            .join('');\n        const element = this.wrap('table', tableBody);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds a collapsable HTML details element to the summary buffer\n     *\n     * @param {string} label text for the closed state\n     * @param {string} content collapsable content\n     *\n     * @returns {Summary} summary instance\n     */\n    addDetails(label, content) {\n        const element = this.wrap('details', this.wrap('summary', label) + content);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML image tag to the summary buffer\n     *\n     * @param {string} src path to the image you to embed\n     * @param {string} alt text description of the image\n     * @param {SummaryImageOptions} options (optional) addition image attributes\n     *\n     * @returns {Summary} summary instance\n     */\n    addImage(src, alt, options) {\n        const { width, height } = options || {};\n        const attrs = Object.assign(Object.assign({}, (width && { width })), (height && { height }));\n        const element = this.wrap('img', null, Object.assign({ src, alt }, attrs));\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML section heading element\n     *\n     * @param {string} text heading text\n     * @param {number | string} [level=1] (optional) the heading level, default: 1\n     *\n     * @returns {Summary} summary instance\n     */\n    addHeading(text, level) {\n        const tag = `h${level}`;\n        const allowedTag = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'].includes(tag)\n            ? tag\n            : 'h1';\n        const element = this.wrap(allowedTag, text);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML thematic break (<hr>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addSeparator() {\n        const element = this.wrap('hr', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML line break (<br>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addBreak() {\n        const element = this.wrap('br', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML blockquote to the summary buffer\n     *\n     * @param {string} text quote text\n     * @param {string} cite (optional) citation url\n     *\n     * @returns {Summary} summary instance\n     */\n    addQuote(text, cite) {\n        const attrs = Object.assign({}, (cite && { cite }));\n        const element = this.wrap('blockquote', text, attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML anchor tag to the summary buffer\n     *\n     * @param {string} text link text/content\n     * @param {string} href hyperlink\n     *\n     * @returns {Summary} summary instance\n     */\n    addLink(text, href) {\n        const element = this.wrap('a', text, { href });\n        return this.addRaw(element).addEOL();\n    }\n}\nconst _summary = new Summary();\n/**\n * @deprecated use `core.summary`\n */\nexports.markdownSummary = _summary;\nexports.summary = _summary;\n//# sourceMappingURL=summary.js.map","\"use strict\";\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toCommandProperties = exports.toCommandValue = void 0;\n/**\n * Sanitizes an input into a string so it can be passed into issueCommand safely\n * @param input input to sanitize into a string\n */\nfunction toCommandValue(input) {\n    if (input === null || input === undefined) {\n        return '';\n    }\n    else if (typeof input === 'string' || input instanceof String) {\n        return input;\n    }\n    return JSON.stringify(input);\n}\nexports.toCommandValue = toCommandValue;\n/**\n *\n * @param annotationProperties\n * @returns The command properties to send with the actual annotation command\n * See IssueCommandProperties: https://github.com/actions/runner/blob/main/src/Runner.Worker/ActionCommandManager.cs#L646\n */\nfunction toCommandProperties(annotationProperties) {\n    if (!Object.keys(annotationProperties).length) {\n        return {};\n    }\n    return {\n        title: annotationProperties.title,\n        file: annotationProperties.file,\n        line: annotationProperties.startLine,\n        endLine: annotationProperties.endLine,\n        col: annotationProperties.startColumn,\n        endColumn: annotationProperties.endColumn\n    };\n}\nexports.toCommandProperties = toCommandProperties;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getExecOutput = exports.exec = void 0;\nconst string_decoder_1 = require(\"string_decoder\");\nconst tr = __importStar(require(\"./toolrunner\"));\n/**\n * Exec a command.\n * Output will be streamed to the live console.\n * Returns promise with return code\n *\n * @param     commandLine        command to execute (can include additional args). Must be correctly escaped.\n * @param     args               optional arguments for tool. Escaping is handled by the lib.\n * @param     options            optional exec options.  See ExecOptions\n * @returns   Promise<number>    exit code\n */\nfunction exec(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const commandArgs = tr.argStringToArray(commandLine);\n        if (commandArgs.length === 0) {\n            throw new Error(`Parameter 'commandLine' cannot be null or empty.`);\n        }\n        // Path to tool to execute should be first arg\n        const toolPath = commandArgs[0];\n        args = commandArgs.slice(1).concat(args || []);\n        const runner = new tr.ToolRunner(toolPath, args, options);\n        return runner.exec();\n    });\n}\nexports.exec = exec;\n/**\n * Exec a command and get the output.\n * Output will be streamed to the live console.\n * Returns promise with the exit code and collected stdout and stderr\n *\n * @param     commandLine           command to execute (can include additional args). Must be correctly escaped.\n * @param     args                  optional arguments for tool. Escaping is handled by the lib.\n * @param     options               optional exec options.  See ExecOptions\n * @returns   Promise<ExecOutput>   exit code, stdout, and stderr\n */\nfunction getExecOutput(commandLine, args, options) {\n    var _a, _b;\n    return __awaiter(this, void 0, void 0, function* () {\n        let stdout = '';\n        let stderr = '';\n        //Using string decoder covers the case where a mult-byte character is split\n        const stdoutDecoder = new string_decoder_1.StringDecoder('utf8');\n        const stderrDecoder = new string_decoder_1.StringDecoder('utf8');\n        const originalStdoutListener = (_a = options === null || options === void 0 ? void 0 : options.listeners) === null || _a === void 0 ? void 0 : _a.stdout;\n        const originalStdErrListener = (_b = options === null || options === void 0 ? void 0 : options.listeners) === null || _b === void 0 ? void 0 : _b.stderr;\n        const stdErrListener = (data) => {\n            stderr += stderrDecoder.write(data);\n            if (originalStdErrListener) {\n                originalStdErrListener(data);\n            }\n        };\n        const stdOutListener = (data) => {\n            stdout += stdoutDecoder.write(data);\n            if (originalStdoutListener) {\n                originalStdoutListener(data);\n            }\n        };\n        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });\n        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));\n        //flush any remaining characters\n        stdout += stdoutDecoder.end();\n        stderr += stderrDecoder.end();\n        return {\n            exitCode,\n            stdout,\n            stderr\n        };\n    });\n}\nexports.getExecOutput = getExecOutput;\n//# sourceMappingURL=exec.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.argStringToArray = exports.ToolRunner = void 0;\nconst os = __importStar(require(\"os\"));\nconst events = __importStar(require(\"events\"));\nconst child = __importStar(require(\"child_process\"));\nconst path = __importStar(require(\"path\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst ioUtil = __importStar(require(\"@actions/io/lib/io-util\"));\nconst timers_1 = require(\"timers\");\n/* eslint-disable @typescript-eslint/unbound-method */\nconst IS_WINDOWS = process.platform === 'win32';\n/*\n * Class for running command line tools. Handles quoting and arg parsing in a platform agnostic way.\n */\nclass ToolRunner extends events.EventEmitter {\n    constructor(toolPath, args, options) {\n        super();\n        if (!toolPath) {\n            throw new Error(\"Parameter 'toolPath' cannot be null or empty.\");\n        }\n        this.toolPath = toolPath;\n        this.args = args || [];\n        this.options = options || {};\n    }\n    _debug(message) {\n        if (this.options.listeners && this.options.listeners.debug) {\n            this.options.listeners.debug(message);\n        }\n    }\n    _getCommandString(options, noPrefix) {\n        const toolPath = this._getSpawnFileName();\n        const args = this._getSpawnArgs(options);\n        let cmd = noPrefix ? '' : '[command]'; // omit prefix when piped to a second tool\n        if (IS_WINDOWS) {\n            // Windows + cmd file\n            if (this._isCmdFile()) {\n                cmd += toolPath;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows + verbatim\n            else if (options.windowsVerbatimArguments) {\n                cmd += `\"${toolPath}\"`;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows (regular)\n            else {\n                cmd += this._windowsQuoteCmdArg(toolPath);\n                for (const a of args) {\n                    cmd += ` ${this._windowsQuoteCmdArg(a)}`;\n                }\n            }\n        }\n        else {\n            // OSX/Linux - this can likely be improved with some form of quoting.\n            // creating processes on Unix is fundamentally different than Windows.\n            // on Unix, execvp() takes an arg array.\n            cmd += toolPath;\n            for (const a of args) {\n                cmd += ` ${a}`;\n            }\n        }\n        return cmd;\n    }\n    _processLineBuffer(data, strBuffer, onLine) {\n        try {\n            let s = strBuffer + data.toString();\n            let n = s.indexOf(os.EOL);\n            while (n > -1) {\n                const line = s.substring(0, n);\n                onLine(line);\n                // the rest of the string ...\n                s = s.substring(n + os.EOL.length);\n                n = s.indexOf(os.EOL);\n            }\n            return s;\n        }\n        catch (err) {\n            // streaming lines to console is best effort.  Don't fail a build.\n            this._debug(`error processing line. Failed with error ${err}`);\n            return '';\n        }\n    }\n    _getSpawnFileName() {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                return process.env['COMSPEC'] || 'cmd.exe';\n            }\n        }\n        return this.toolPath;\n    }\n    _getSpawnArgs(options) {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                let argline = `/D /S /C \"${this._windowsQuoteCmdArg(this.toolPath)}`;\n                for (const a of this.args) {\n                    argline += ' ';\n                    argline += options.windowsVerbatimArguments\n                        ? a\n                        : this._windowsQuoteCmdArg(a);\n                }\n                argline += '\"';\n                return [argline];\n            }\n        }\n        return this.args;\n    }\n    _endsWith(str, end) {\n        return str.endsWith(end);\n    }\n    _isCmdFile() {\n        const upperToolPath = this.toolPath.toUpperCase();\n        return (this._endsWith(upperToolPath, '.CMD') ||\n            this._endsWith(upperToolPath, '.BAT'));\n    }\n    _windowsQuoteCmdArg(arg) {\n        // for .exe, apply the normal quoting rules that libuv applies\n        if (!this._isCmdFile()) {\n            return this._uvQuoteCmdArg(arg);\n        }\n        // otherwise apply quoting rules specific to the cmd.exe command line parser.\n        // the libuv rules are generic and are not designed specifically for cmd.exe\n        // command line parser.\n        //\n        // for a detailed description of the cmd.exe command line parser, refer to\n        // http://stackoverflow.com/questions/4094699/how-does-the-windows-command-interpreter-cmd-exe-parse-scripts/7970912#7970912\n        // need quotes for empty arg\n        if (!arg) {\n            return '\"\"';\n        }\n        // determine whether the arg needs to be quoted\n        const cmdSpecialChars = [\n            ' ',\n            '\\t',\n            '&',\n            '(',\n            ')',\n            '[',\n            ']',\n            '{',\n            '}',\n            '^',\n            '=',\n            ';',\n            '!',\n            \"'\",\n            '+',\n            ',',\n            '`',\n            '~',\n            '|',\n            '<',\n            '>',\n            '\"'\n        ];\n        let needsQuotes = false;\n        for (const char of arg) {\n            if (cmdSpecialChars.some(x => x === char)) {\n                needsQuotes = true;\n                break;\n            }\n        }\n        // short-circuit if quotes not needed\n        if (!needsQuotes) {\n            return arg;\n        }\n        // the following quoting rules are very similar to the rules that by libuv applies.\n        //\n        // 1) wrap the string in quotes\n        //\n        // 2) double-up quotes - i.e. \" => \"\"\n        //\n        //    this is different from the libuv quoting rules. libuv replaces \" with \\\", which unfortunately\n        //    doesn't work well with a cmd.exe command line.\n        //\n        //    note, replacing \" with \"\" also works well if the arg is passed to a downstream .NET console app.\n        //    for example, the command line:\n        //          foo.exe \"myarg:\"\"my val\"\"\"\n        //    is parsed by a .NET console app into an arg array:\n        //          [ \"myarg:\\\"my val\\\"\" ]\n        //    which is the same end result when applying libuv quoting rules. although the actual\n        //    command line from libuv quoting rules would look like:\n        //          foo.exe \"myarg:\\\"my val\\\"\"\n        //\n        // 3) double-up slashes that precede a quote,\n        //    e.g.  hello \\world    => \"hello \\world\"\n        //          hello\\\"world    => \"hello\\\\\"\"world\"\n        //          hello\\\\\"world   => \"hello\\\\\\\\\"\"world\"\n        //          hello world\\    => \"hello world\\\\\"\n        //\n        //    technically this is not required for a cmd.exe command line, or the batch argument parser.\n        //    the reasons for including this as a .cmd quoting rule are:\n        //\n        //    a) this is optimized for the scenario where the argument is passed from the .cmd file to an\n        //       external program. many programs (e.g. .NET console apps) rely on the slash-doubling rule.\n        //\n        //    b) it's what we've been doing previously (by deferring to node default behavior) and we\n        //       haven't heard any complaints about that aspect.\n        //\n        // note, a weakness of the quoting rules chosen here, is that % is not escaped. in fact, % cannot be\n        // escaped when used on the command line directly - even though within a .cmd file % can be escaped\n        // by using %%.\n        //\n        // the saving grace is, on the command line, %var% is left as-is if var is not defined. this contrasts\n        // the line parsing rules within a .cmd file, where if var is not defined it is replaced with nothing.\n        //\n        // one option that was explored was replacing % with ^% - i.e. %var% => ^%var^%. this hack would\n        // often work, since it is unlikely that var^ would exist, and the ^ character is removed when the\n        // variable is used. the problem, however, is that ^ is not removed when %* is used to pass the args\n        // to an external program.\n        //\n        // an unexplored potential solution for the % escaping problem, is to create a wrapper .cmd file.\n        // % can be escaped within a .cmd file.\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\'; // double the slash\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\"'; // double the quote\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse\n            .split('')\n            .reverse()\n            .join('');\n    }\n    _uvQuoteCmdArg(arg) {\n        // Tool runner wraps child_process.spawn() and needs to apply the same quoting as\n        // Node in certain cases where the undocumented spawn option windowsVerbatimArguments\n        // is used.\n        //\n        // Since this function is a port of quote_cmd_arg from Node 4.x (technically, lib UV,\n        // see https://github.com/nodejs/node/blob/v4.x/deps/uv/src/win/process.c for details),\n        // pasting copyright notice from Node within this function:\n        //\n        //      Copyright Joyent, Inc. and other Node contributors. All rights reserved.\n        //\n        //      Permission is hereby granted, free of charge, to any person obtaining a copy\n        //      of this software and associated documentation files (the \"Software\"), to\n        //      deal in the Software without restriction, including without limitation the\n        //      rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n        //      sell copies of the Software, and to permit persons to whom the Software is\n        //      furnished to do so, subject to the following conditions:\n        //\n        //      The above copyright notice and this permission notice shall be included in\n        //      all copies or substantial portions of the Software.\n        //\n        //      THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n        //      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n        //      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n        //      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n        //      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n        //      FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n        //      IN THE SOFTWARE.\n        if (!arg) {\n            // Need double quotation for empty argument\n            return '\"\"';\n        }\n        if (!arg.includes(' ') && !arg.includes('\\t') && !arg.includes('\"')) {\n            // No quotation needed\n            return arg;\n        }\n        if (!arg.includes('\"') && !arg.includes('\\\\')) {\n            // No embedded double quotes or backslashes, so I can just wrap\n            // quote marks around the whole thing.\n            return `\"${arg}\"`;\n        }\n        // Expected input/output:\n        //   input : hello\"world\n        //   output: \"hello\\\"world\"\n        //   input : hello\"\"world\n        //   output: \"hello\\\"\\\"world\"\n        //   input : hello\\world\n        //   output: hello\\world\n        //   input : hello\\\\world\n        //   output: hello\\\\world\n        //   input : hello\\\"world\n        //   output: \"hello\\\\\\\"world\"\n        //   input : hello\\\\\"world\n        //   output: \"hello\\\\\\\\\\\"world\"\n        //   input : hello world\\\n        //   output: \"hello world\\\\\" - note the comment in libuv actually reads \"hello world\\\"\n        //                             but it appears the comment is wrong, it should be \"hello world\\\\\"\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\';\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\\\\';\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse\n            .split('')\n            .reverse()\n            .join('');\n    }\n    _cloneExecOptions(options) {\n        options = options || {};\n        const result = {\n            cwd: options.cwd || process.cwd(),\n            env: options.env || process.env,\n            silent: options.silent || false,\n            windowsVerbatimArguments: options.windowsVerbatimArguments || false,\n            failOnStdErr: options.failOnStdErr || false,\n            ignoreReturnCode: options.ignoreReturnCode || false,\n            delay: options.delay || 10000\n        };\n        result.outStream = options.outStream || process.stdout;\n        result.errStream = options.errStream || process.stderr;\n        return result;\n    }\n    _getSpawnOptions(options, toolPath) {\n        options = options || {};\n        const result = {};\n        result.cwd = options.cwd;\n        result.env = options.env;\n        result['windowsVerbatimArguments'] =\n            options.windowsVerbatimArguments || this._isCmdFile();\n        if (options.windowsVerbatimArguments) {\n            result.argv0 = `\"${toolPath}\"`;\n        }\n        return result;\n    }\n    /**\n     * Exec a tool.\n     * Output will be streamed to the live console.\n     * Returns promise with return code\n     *\n     * @param     tool     path to tool to exec\n     * @param     options  optional exec options.  See ExecOptions\n     * @returns   number\n     */\n    exec() {\n        return __awaiter(this, void 0, void 0, function* () {\n            // root the tool path if it is unrooted and contains relative pathing\n            if (!ioUtil.isRooted(this.toolPath) &&\n                (this.toolPath.includes('/') ||\n                    (IS_WINDOWS && this.toolPath.includes('\\\\')))) {\n                // prefer options.cwd if it is specified, however options.cwd may also need to be rooted\n                this.toolPath = path.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath);\n            }\n            // if the tool is only a file name, then resolve it from the PATH\n            // otherwise verify it exists (add extension on Windows if necessary)\n            this.toolPath = yield io.which(this.toolPath, true);\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                this._debug(`exec tool: ${this.toolPath}`);\n                this._debug('arguments:');\n                for (const arg of this.args) {\n                    this._debug(`   ${arg}`);\n                }\n                const optionsNonNull = this._cloneExecOptions(this.options);\n                if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                    optionsNonNull.outStream.write(this._getCommandString(optionsNonNull) + os.EOL);\n                }\n                const state = new ExecState(optionsNonNull, this.toolPath);\n                state.on('debug', (message) => {\n                    this._debug(message);\n                });\n                if (this.options.cwd && !(yield ioUtil.exists(this.options.cwd))) {\n                    return reject(new Error(`The cwd: ${this.options.cwd} does not exist!`));\n                }\n                const fileName = this._getSpawnFileName();\n                const cp = child.spawn(fileName, this._getSpawnArgs(optionsNonNull), this._getSpawnOptions(this.options, fileName));\n                let stdbuffer = '';\n                if (cp.stdout) {\n                    cp.stdout.on('data', (data) => {\n                        if (this.options.listeners && this.options.listeners.stdout) {\n                            this.options.listeners.stdout(data);\n                        }\n                        if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                            optionsNonNull.outStream.write(data);\n                        }\n                        stdbuffer = this._processLineBuffer(data, stdbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.stdline) {\n                                this.options.listeners.stdline(line);\n                            }\n                        });\n                    });\n                }\n                let errbuffer = '';\n                if (cp.stderr) {\n                    cp.stderr.on('data', (data) => {\n                        state.processStderr = true;\n                        if (this.options.listeners && this.options.listeners.stderr) {\n                            this.options.listeners.stderr(data);\n                        }\n                        if (!optionsNonNull.silent &&\n                            optionsNonNull.errStream &&\n                            optionsNonNull.outStream) {\n                            const s = optionsNonNull.failOnStdErr\n                                ? optionsNonNull.errStream\n                                : optionsNonNull.outStream;\n                            s.write(data);\n                        }\n                        errbuffer = this._processLineBuffer(data, errbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.errline) {\n                                this.options.listeners.errline(line);\n                            }\n                        });\n                    });\n                }\n                cp.on('error', (err) => {\n                    state.processError = err.message;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    state.CheckComplete();\n                });\n                cp.on('exit', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    this._debug(`Exit code ${code} received from tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                cp.on('close', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    this._debug(`STDIO streams have closed for tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                state.on('done', (error, exitCode) => {\n                    if (stdbuffer.length > 0) {\n                        this.emit('stdline', stdbuffer);\n                    }\n                    if (errbuffer.length > 0) {\n                        this.emit('errline', errbuffer);\n                    }\n                    cp.removeAllListeners();\n                    if (error) {\n                        reject(error);\n                    }\n                    else {\n                        resolve(exitCode);\n                    }\n                });\n                if (this.options.input) {\n                    if (!cp.stdin) {\n                        throw new Error('child process missing stdin');\n                    }\n                    cp.stdin.end(this.options.input);\n                }\n            }));\n        });\n    }\n}\nexports.ToolRunner = ToolRunner;\n/**\n * Convert an arg string to an array of args. Handles escaping\n *\n * @param    argString   string of arguments\n * @returns  string[]    array of arguments\n */\nfunction argStringToArray(argString) {\n    const args = [];\n    let inQuotes = false;\n    let escaped = false;\n    let arg = '';\n    function append(c) {\n        // we only escape double quotes.\n        if (escaped && c !== '\"') {\n            arg += '\\\\';\n        }\n        arg += c;\n        escaped = false;\n    }\n    for (let i = 0; i < argString.length; i++) {\n        const c = argString.charAt(i);\n        if (c === '\"') {\n            if (!escaped) {\n                inQuotes = !inQuotes;\n            }\n            else {\n                append(c);\n            }\n            continue;\n        }\n        if (c === '\\\\' && escaped) {\n            append(c);\n            continue;\n        }\n        if (c === '\\\\' && inQuotes) {\n            escaped = true;\n            continue;\n        }\n        if (c === ' ' && !inQuotes) {\n            if (arg.length > 0) {\n                args.push(arg);\n                arg = '';\n            }\n            continue;\n        }\n        append(c);\n    }\n    if (arg.length > 0) {\n        args.push(arg.trim());\n    }\n    return args;\n}\nexports.argStringToArray = argStringToArray;\nclass ExecState extends events.EventEmitter {\n    constructor(options, toolPath) {\n        super();\n        this.processClosed = false; // tracks whether the process has exited and stdio is closed\n        this.processError = '';\n        this.processExitCode = 0;\n        this.processExited = false; // tracks whether the process has exited\n        this.processStderr = false; // tracks whether stderr was written to\n        this.delay = 10000; // 10 seconds\n        this.done = false;\n        this.timeout = null;\n        if (!toolPath) {\n            throw new Error('toolPath must not be empty');\n        }\n        this.options = options;\n        this.toolPath = toolPath;\n        if (options.delay) {\n            this.delay = options.delay;\n        }\n    }\n    CheckComplete() {\n        if (this.done) {\n            return;\n        }\n        if (this.processClosed) {\n            this._setResult();\n        }\n        else if (this.processExited) {\n            this.timeout = timers_1.setTimeout(ExecState.HandleTimeout, this.delay, this);\n        }\n    }\n    _debug(message) {\n        this.emit('debug', message);\n    }\n    _setResult() {\n        // determine whether there is an error\n        let error;\n        if (this.processExited) {\n            if (this.processError) {\n                error = new Error(`There was an error when attempting to execute the process '${this.toolPath}'. This may indicate the process failed to start. Error: ${this.processError}`);\n            }\n            else if (this.processExitCode !== 0 && !this.options.ignoreReturnCode) {\n                error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);\n            }\n            else if (this.processStderr && this.options.failOnStdErr) {\n                error = new Error(`The process '${this.toolPath}' failed because one or more lines were written to the STDERR stream`);\n            }\n        }\n        // clear the timeout\n        if (this.timeout) {\n            clearTimeout(this.timeout);\n            this.timeout = null;\n        }\n        this.done = true;\n        this.emit('done', error, this.processExitCode);\n    }\n    static HandleTimeout(state) {\n        if (state.done) {\n            return;\n        }\n        if (!state.processClosed && state.processExited) {\n            const message = `The STDIO streams did not close within ${state.delay /\n                1000} seconds of the exit event from process '${state.toolPath}'. This may indicate a child process inherited the STDIO streams and has not yet exited.`;\n            state._debug(message);\n        }\n        state._setResult();\n    }\n}\n//# sourceMappingURL=toolrunner.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.Context = void 0;\nconst fs_1 = require(\"fs\");\nconst os_1 = require(\"os\");\nclass Context {\n    /**\n     * Hydrate the context from the environment\n     */\n    constructor() {\n        var _a, _b, _c;\n        this.payload = {};\n        if (process.env.GITHUB_EVENT_PATH) {\n            if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) {\n                this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));\n            }\n            else {\n                const path = process.env.GITHUB_EVENT_PATH;\n                process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`);\n            }\n        }\n        this.eventName = process.env.GITHUB_EVENT_NAME;\n        this.sha = process.env.GITHUB_SHA;\n        this.ref = process.env.GITHUB_REF;\n        this.workflow = process.env.GITHUB_WORKFLOW;\n        this.action = process.env.GITHUB_ACTION;\n        this.actor = process.env.GITHUB_ACTOR;\n        this.job = process.env.GITHUB_JOB;\n        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);\n        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);\n        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;\n        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;\n        this.graphqlUrl = (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;\n    }\n    get issue() {\n        const payload = this.payload;\n        return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number });\n    }\n    get repo() {\n        if (process.env.GITHUB_REPOSITORY) {\n            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');\n            return { owner, repo };\n        }\n        if (this.payload.repository) {\n            return {\n                owner: this.payload.repository.owner.login,\n                repo: this.payload.repository.name\n            };\n        }\n        throw new Error(\"context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'\");\n    }\n}\nexports.Context = Context;\n//# sourceMappingURL=context.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getOctokit = exports.context = void 0;\nconst Context = __importStar(require(\"./context\"));\nconst utils_1 = require(\"./utils\");\nexports.context = new Context.Context();\n/**\n * Returns a hydrated octokit ready to use for GitHub Actions\n *\n * @param     token    the repo PAT or GITHUB_TOKEN\n * @param     options  other options to set\n */\nfunction getOctokit(token, options) {\n    return new utils_1.GitHub(utils_1.getOctokitOptions(token, options));\n}\nexports.getOctokit = getOctokit;\n//# sourceMappingURL=github.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getApiBaseUrl = exports.getProxyAgent = exports.getAuthString = void 0;\nconst httpClient = __importStar(require(\"@actions/http-client\"));\nfunction getAuthString(token, options) {\n    if (!token && !options.auth) {\n        throw new Error('Parameter token or opts.auth is required');\n    }\n    else if (token && options.auth) {\n        throw new Error('Parameters token and opts.auth may not both be specified');\n    }\n    return typeof options.auth === 'string' ? options.auth : `token ${token}`;\n}\nexports.getAuthString = getAuthString;\nfunction getProxyAgent(destinationUrl) {\n    const hc = new httpClient.HttpClient();\n    return hc.getAgent(destinationUrl);\n}\nexports.getProxyAgent = getProxyAgent;\nfunction getApiBaseUrl() {\n    return process.env['GITHUB_API_URL'] || 'https://api.github.com';\n}\nexports.getApiBaseUrl = getApiBaseUrl;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getOctokitOptions = exports.GitHub = exports.context = void 0;\nconst Context = __importStar(require(\"./context\"));\nconst Utils = __importStar(require(\"./internal/utils\"));\n// octokit + plugins\nconst core_1 = require(\"@octokit/core\");\nconst plugin_rest_endpoint_methods_1 = require(\"@octokit/plugin-rest-endpoint-methods\");\nconst plugin_paginate_rest_1 = require(\"@octokit/plugin-paginate-rest\");\nexports.context = new Context.Context();\nconst baseUrl = Utils.getApiBaseUrl();\nconst defaults = {\n    baseUrl,\n    request: {\n        agent: Utils.getProxyAgent(baseUrl)\n    }\n};\nexports.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(defaults);\n/**\n * Convience function to correctly format Octokit Options to pass into the constructor.\n *\n * @param     token    the repo PAT or GITHUB_TOKEN\n * @param     options  other options to set\n */\nfunction getOctokitOptions(token, options) {\n    const opts = Object.assign({}, options || {}); // Shallow clone - don't mutate the object provided by the caller\n    // Auth\n    const auth = Utils.getAuthString(token, opts);\n    if (auth) {\n        opts.auth = auth;\n    }\n    return opts;\n}\nexports.getOctokitOptions = getOctokitOptions;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.PersonalAccessTokenCredentialHandler = exports.BearerCredentialHandler = exports.BasicCredentialHandler = void 0;\nclass BasicCredentialHandler {\n    constructor(username, password) {\n        this.username = username;\n        this.password = password;\n    }\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`${this.username}:${this.password}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BasicCredentialHandler = BasicCredentialHandler;\nclass BearerCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Bearer ${this.token}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BearerCredentialHandler = BearerCredentialHandler;\nclass PersonalAccessTokenCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`PAT:${this.token}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;\n//# sourceMappingURL=auth.js.map","\"use strict\";\n/* eslint-disable @typescript-eslint/no-explicit-any */\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.HttpClient = exports.isHttps = exports.HttpClientResponse = exports.HttpClientError = exports.getProxyUrl = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;\nconst http = __importStar(require(\"http\"));\nconst https = __importStar(require(\"https\"));\nconst pm = __importStar(require(\"./proxy\"));\nconst tunnel = __importStar(require(\"tunnel\"));\nvar HttpCodes;\n(function (HttpCodes) {\n    HttpCodes[HttpCodes[\"OK\"] = 200] = \"OK\";\n    HttpCodes[HttpCodes[\"MultipleChoices\"] = 300] = \"MultipleChoices\";\n    HttpCodes[HttpCodes[\"MovedPermanently\"] = 301] = \"MovedPermanently\";\n    HttpCodes[HttpCodes[\"ResourceMoved\"] = 302] = \"ResourceMoved\";\n    HttpCodes[HttpCodes[\"SeeOther\"] = 303] = \"SeeOther\";\n    HttpCodes[HttpCodes[\"NotModified\"] = 304] = \"NotModified\";\n    HttpCodes[HttpCodes[\"UseProxy\"] = 305] = \"UseProxy\";\n    HttpCodes[HttpCodes[\"SwitchProxy\"] = 306] = \"SwitchProxy\";\n    HttpCodes[HttpCodes[\"TemporaryRedirect\"] = 307] = \"TemporaryRedirect\";\n    HttpCodes[HttpCodes[\"PermanentRedirect\"] = 308] = \"PermanentRedirect\";\n    HttpCodes[HttpCodes[\"BadRequest\"] = 400] = \"BadRequest\";\n    HttpCodes[HttpCodes[\"Unauthorized\"] = 401] = \"Unauthorized\";\n    HttpCodes[HttpCodes[\"PaymentRequired\"] = 402] = \"PaymentRequired\";\n    HttpCodes[HttpCodes[\"Forbidden\"] = 403] = \"Forbidden\";\n    HttpCodes[HttpCodes[\"NotFound\"] = 404] = \"NotFound\";\n    HttpCodes[HttpCodes[\"MethodNotAllowed\"] = 405] = \"MethodNotAllowed\";\n    HttpCodes[HttpCodes[\"NotAcceptable\"] = 406] = \"NotAcceptable\";\n    HttpCodes[HttpCodes[\"ProxyAuthenticationRequired\"] = 407] = \"ProxyAuthenticationRequired\";\n    HttpCodes[HttpCodes[\"RequestTimeout\"] = 408] = \"RequestTimeout\";\n    HttpCodes[HttpCodes[\"Conflict\"] = 409] = \"Conflict\";\n    HttpCodes[HttpCodes[\"Gone\"] = 410] = \"Gone\";\n    HttpCodes[HttpCodes[\"TooManyRequests\"] = 429] = \"TooManyRequests\";\n    HttpCodes[HttpCodes[\"InternalServerError\"] = 500] = \"InternalServerError\";\n    HttpCodes[HttpCodes[\"NotImplemented\"] = 501] = \"NotImplemented\";\n    HttpCodes[HttpCodes[\"BadGateway\"] = 502] = \"BadGateway\";\n    HttpCodes[HttpCodes[\"ServiceUnavailable\"] = 503] = \"ServiceUnavailable\";\n    HttpCodes[HttpCodes[\"GatewayTimeout\"] = 504] = \"GatewayTimeout\";\n})(HttpCodes = exports.HttpCodes || (exports.HttpCodes = {}));\nvar Headers;\n(function (Headers) {\n    Headers[\"Accept\"] = \"accept\";\n    Headers[\"ContentType\"] = \"content-type\";\n})(Headers = exports.Headers || (exports.Headers = {}));\nvar MediaTypes;\n(function (MediaTypes) {\n    MediaTypes[\"ApplicationJson\"] = \"application/json\";\n})(MediaTypes = exports.MediaTypes || (exports.MediaTypes = {}));\n/**\n * Returns the proxy URL, depending upon the supplied url and proxy environment variables.\n * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n */\nfunction getProxyUrl(serverUrl) {\n    const proxyUrl = pm.getProxyUrl(new URL(serverUrl));\n    return proxyUrl ? proxyUrl.href : '';\n}\nexports.getProxyUrl = getProxyUrl;\nconst HttpRedirectCodes = [\n    HttpCodes.MovedPermanently,\n    HttpCodes.ResourceMoved,\n    HttpCodes.SeeOther,\n    HttpCodes.TemporaryRedirect,\n    HttpCodes.PermanentRedirect\n];\nconst HttpResponseRetryCodes = [\n    HttpCodes.BadGateway,\n    HttpCodes.ServiceUnavailable,\n    HttpCodes.GatewayTimeout\n];\nconst RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD'];\nconst ExponentialBackoffCeiling = 10;\nconst ExponentialBackoffTimeSlice = 5;\nclass HttpClientError extends Error {\n    constructor(message, statusCode) {\n        super(message);\n        this.name = 'HttpClientError';\n        this.statusCode = statusCode;\n        Object.setPrototypeOf(this, HttpClientError.prototype);\n    }\n}\nexports.HttpClientError = HttpClientError;\nclass HttpClientResponse {\n    constructor(message) {\n        this.message = message;\n    }\n    readBody() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                let output = Buffer.alloc(0);\n                this.message.on('data', (chunk) => {\n                    output = Buffer.concat([output, chunk]);\n                });\n                this.message.on('end', () => {\n                    resolve(output.toString());\n                });\n            }));\n        });\n    }\n}\nexports.HttpClientResponse = HttpClientResponse;\nfunction isHttps(requestUrl) {\n    const parsedUrl = new URL(requestUrl);\n    return parsedUrl.protocol === 'https:';\n}\nexports.isHttps = isHttps;\nclass HttpClient {\n    constructor(userAgent, handlers, requestOptions) {\n        this._ignoreSslError = false;\n        this._allowRedirects = true;\n        this._allowRedirectDowngrade = false;\n        this._maxRedirects = 50;\n        this._allowRetries = false;\n        this._maxRetries = 1;\n        this._keepAlive = false;\n        this._disposed = false;\n        this.userAgent = userAgent;\n        this.handlers = handlers || [];\n        this.requestOptions = requestOptions;\n        if (requestOptions) {\n            if (requestOptions.ignoreSslError != null) {\n                this._ignoreSslError = requestOptions.ignoreSslError;\n            }\n            this._socketTimeout = requestOptions.socketTimeout;\n            if (requestOptions.allowRedirects != null) {\n                this._allowRedirects = requestOptions.allowRedirects;\n            }\n            if (requestOptions.allowRedirectDowngrade != null) {\n                this._allowRedirectDowngrade = requestOptions.allowRedirectDowngrade;\n            }\n            if (requestOptions.maxRedirects != null) {\n                this._maxRedirects = Math.max(requestOptions.maxRedirects, 0);\n            }\n            if (requestOptions.keepAlive != null) {\n                this._keepAlive = requestOptions.keepAlive;\n            }\n            if (requestOptions.allowRetries != null) {\n                this._allowRetries = requestOptions.allowRetries;\n            }\n            if (requestOptions.maxRetries != null) {\n                this._maxRetries = requestOptions.maxRetries;\n            }\n        }\n    }\n    options(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('OPTIONS', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    get(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('GET', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    del(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('DELETE', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    post(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('POST', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    patch(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PATCH', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    put(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PUT', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    head(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('HEAD', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    sendStream(verb, requestUrl, stream, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request(verb, requestUrl, stream, additionalHeaders);\n        });\n    }\n    /**\n     * Gets a typed object from an endpoint\n     * Be aware that not found returns a null.  Other errors (4xx, 5xx) reject the promise\n     */\n    getJson(requestUrl, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            const res = yield this.get(requestUrl, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    postJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.post(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    putJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.put(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    patchJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.patch(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    /**\n     * Makes a raw http request.\n     * All other methods such as get, post, patch, and request ultimately call this.\n     * Prefer get, del, post and patch\n     */\n    request(verb, requestUrl, data, headers) {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._disposed) {\n                throw new Error('Client has already been disposed.');\n            }\n            const parsedUrl = new URL(requestUrl);\n            let info = this._prepareRequest(verb, parsedUrl, headers);\n            // Only perform retries on reads since writes may not be idempotent.\n            const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb)\n                ? this._maxRetries + 1\n                : 1;\n            let numTries = 0;\n            let response;\n            do {\n                response = yield this.requestRaw(info, data);\n                // Check if it's an authentication challenge\n                if (response &&\n                    response.message &&\n                    response.message.statusCode === HttpCodes.Unauthorized) {\n                    let authenticationHandler;\n                    for (const handler of this.handlers) {\n                        if (handler.canHandleAuthentication(response)) {\n                            authenticationHandler = handler;\n                            break;\n                        }\n                    }\n                    if (authenticationHandler) {\n                        return authenticationHandler.handleAuthentication(this, info, data);\n                    }\n                    else {\n                        // We have received an unauthorized response but have no handlers to handle it.\n                        // Let the response return to the caller.\n                        return response;\n                    }\n                }\n                let redirectsRemaining = this._maxRedirects;\n                while (response.message.statusCode &&\n                    HttpRedirectCodes.includes(response.message.statusCode) &&\n                    this._allowRedirects &&\n                    redirectsRemaining > 0) {\n                    const redirectUrl = response.message.headers['location'];\n                    if (!redirectUrl) {\n                        // if there's no location to redirect to, we won't\n                        break;\n                    }\n                    const parsedRedirectUrl = new URL(redirectUrl);\n                    if (parsedUrl.protocol === 'https:' &&\n                        parsedUrl.protocol !== parsedRedirectUrl.protocol &&\n                        !this._allowRedirectDowngrade) {\n                        throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.');\n                    }\n                    // we need to finish reading the response before reassigning response\n                    // which will leak the open socket.\n                    yield response.readBody();\n                    // strip authorization header if redirected to a different hostname\n                    if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {\n                        for (const header in headers) {\n                            // header names are case insensitive\n                            if (header.toLowerCase() === 'authorization') {\n                                delete headers[header];\n                            }\n                        }\n                    }\n                    // let's make the request with the new redirectUrl\n                    info = this._prepareRequest(verb, parsedRedirectUrl, headers);\n                    response = yield this.requestRaw(info, data);\n                    redirectsRemaining--;\n                }\n                if (!response.message.statusCode ||\n                    !HttpResponseRetryCodes.includes(response.message.statusCode)) {\n                    // If not a retry code, return immediately instead of retrying\n                    return response;\n                }\n                numTries += 1;\n                if (numTries < maxTries) {\n                    yield response.readBody();\n                    yield this._performExponentialBackoff(numTries);\n                }\n            } while (numTries < maxTries);\n            return response;\n        });\n    }\n    /**\n     * Needs to be called if keepAlive is set to true in request options.\n     */\n    dispose() {\n        if (this._agent) {\n            this._agent.destroy();\n        }\n        this._disposed = true;\n    }\n    /**\n     * Raw request.\n     * @param info\n     * @param data\n     */\n    requestRaw(info, data) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => {\n                function callbackForResult(err, res) {\n                    if (err) {\n                        reject(err);\n                    }\n                    else if (!res) {\n                        // If `err` is not passed, then `res` must be passed.\n                        reject(new Error('Unknown error'));\n                    }\n                    else {\n                        resolve(res);\n                    }\n                }\n                this.requestRawWithCallback(info, data, callbackForResult);\n            });\n        });\n    }\n    /**\n     * Raw request with callback.\n     * @param info\n     * @param data\n     * @param onResult\n     */\n    requestRawWithCallback(info, data, onResult) {\n        if (typeof data === 'string') {\n            if (!info.options.headers) {\n                info.options.headers = {};\n            }\n            info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8');\n        }\n        let callbackCalled = false;\n        function handleResult(err, res) {\n            if (!callbackCalled) {\n                callbackCalled = true;\n                onResult(err, res);\n            }\n        }\n        const req = info.httpModule.request(info.options, (msg) => {\n            const res = new HttpClientResponse(msg);\n            handleResult(undefined, res);\n        });\n        let socket;\n        req.on('socket', sock => {\n            socket = sock;\n        });\n        // If we ever get disconnected, we want the socket to timeout eventually\n        req.setTimeout(this._socketTimeout || 3 * 60000, () => {\n            if (socket) {\n                socket.end();\n            }\n            handleResult(new Error(`Request timeout: ${info.options.path}`));\n        });\n        req.on('error', function (err) {\n            // err has statusCode property\n            // res should have headers\n            handleResult(err);\n        });\n        if (data && typeof data === 'string') {\n            req.write(data, 'utf8');\n        }\n        if (data && typeof data !== 'string') {\n            data.on('close', function () {\n                req.end();\n            });\n            data.pipe(req);\n        }\n        else {\n            req.end();\n        }\n    }\n    /**\n     * Gets an http agent. This function is useful when you need an http agent that handles\n     * routing through a proxy server - depending upon the url and proxy environment variables.\n     * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n     */\n    getAgent(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        return this._getAgent(parsedUrl);\n    }\n    _prepareRequest(method, requestUrl, headers) {\n        const info = {};\n        info.parsedUrl = requestUrl;\n        const usingSsl = info.parsedUrl.protocol === 'https:';\n        info.httpModule = usingSsl ? https : http;\n        const defaultPort = usingSsl ? 443 : 80;\n        info.options = {};\n        info.options.host = info.parsedUrl.hostname;\n        info.options.port = info.parsedUrl.port\n            ? parseInt(info.parsedUrl.port)\n            : defaultPort;\n        info.options.path =\n            (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');\n        info.options.method = method;\n        info.options.headers = this._mergeHeaders(headers);\n        if (this.userAgent != null) {\n            info.options.headers['user-agent'] = this.userAgent;\n        }\n        info.options.agent = this._getAgent(info.parsedUrl);\n        // gives handlers an opportunity to participate\n        if (this.handlers) {\n            for (const handler of this.handlers) {\n                handler.prepareRequest(info.options);\n            }\n        }\n        return info;\n    }\n    _mergeHeaders(headers) {\n        if (this.requestOptions && this.requestOptions.headers) {\n            return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers || {}));\n        }\n        return lowercaseKeys(headers || {});\n    }\n    _getExistingOrDefaultHeader(additionalHeaders, header, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            clientHeader = lowercaseKeys(this.requestOptions.headers)[header];\n        }\n        return additionalHeaders[header] || clientHeader || _default;\n    }\n    _getAgent(parsedUrl) {\n        let agent;\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (this._keepAlive && useProxy) {\n            agent = this._proxyAgent;\n        }\n        if (this._keepAlive && !useProxy) {\n            agent = this._agent;\n        }\n        // if agent is already assigned use that agent.\n        if (agent) {\n            return agent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        let maxSockets = 100;\n        if (this.requestOptions) {\n            maxSockets = this.requestOptions.maxSockets || http.globalAgent.maxSockets;\n        }\n        // This is `useProxy` again, but we need to check `proxyURl` directly for TypeScripts's flow analysis.\n        if (proxyUrl && proxyUrl.hostname) {\n            const agentOptions = {\n                maxSockets,\n                keepAlive: this._keepAlive,\n                proxy: Object.assign(Object.assign({}, ((proxyUrl.username || proxyUrl.password) && {\n                    proxyAuth: `${proxyUrl.username}:${proxyUrl.password}`\n                })), { host: proxyUrl.hostname, port: proxyUrl.port })\n            };\n            let tunnelAgent;\n            const overHttps = proxyUrl.protocol === 'https:';\n            if (usingSsl) {\n                tunnelAgent = overHttps ? tunnel.httpsOverHttps : tunnel.httpsOverHttp;\n            }\n            else {\n                tunnelAgent = overHttps ? tunnel.httpOverHttps : tunnel.httpOverHttp;\n            }\n            agent = tunnelAgent(agentOptions);\n            this._proxyAgent = agent;\n        }\n        // if reusing agent across request and tunneling agent isn't assigned create a new agent\n        if (this._keepAlive && !agent) {\n            const options = { keepAlive: this._keepAlive, maxSockets };\n            agent = usingSsl ? new https.Agent(options) : new http.Agent(options);\n            this._agent = agent;\n        }\n        // if not using private agent and tunnel agent isn't setup then use global agent\n        if (!agent) {\n            agent = usingSsl ? https.globalAgent : http.globalAgent;\n        }\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            agent.options = Object.assign(agent.options || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return agent;\n    }\n    _performExponentialBackoff(retryNumber) {\n        return __awaiter(this, void 0, void 0, function* () {\n            retryNumber = Math.min(ExponentialBackoffCeiling, retryNumber);\n            const ms = ExponentialBackoffTimeSlice * Math.pow(2, retryNumber);\n            return new Promise(resolve => setTimeout(() => resolve(), ms));\n        });\n    }\n    _processResponse(res, options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                const statusCode = res.message.statusCode || 0;\n                const response = {\n                    statusCode,\n                    result: null,\n                    headers: {}\n                };\n                // not found leads to null obj returned\n                if (statusCode === HttpCodes.NotFound) {\n                    resolve(response);\n                }\n                // get the result from the body\n                function dateTimeDeserializer(key, value) {\n                    if (typeof value === 'string') {\n                        const a = new Date(value);\n                        if (!isNaN(a.valueOf())) {\n                            return a;\n                        }\n                    }\n                    return value;\n                }\n                let obj;\n                let contents;\n                try {\n                    contents = yield res.readBody();\n                    if (contents && contents.length > 0) {\n                        if (options && options.deserializeDates) {\n                            obj = JSON.parse(contents, dateTimeDeserializer);\n                        }\n                        else {\n                            obj = JSON.parse(contents);\n                        }\n                        response.result = obj;\n                    }\n                    response.headers = res.message.headers;\n                }\n                catch (err) {\n                    // Invalid resource (contents not json);  leaving result obj null\n                }\n                // note that 3xx redirects are handled by the http layer.\n                if (statusCode > 299) {\n                    let msg;\n                    // if exception/error in body, attempt to get better error\n                    if (obj && obj.message) {\n                        msg = obj.message;\n                    }\n                    else if (contents && contents.length > 0) {\n                        // it may be the case that the exception is in the body message as string\n                        msg = contents;\n                    }\n                    else {\n                        msg = `Failed request: (${statusCode})`;\n                    }\n                    const err = new HttpClientError(msg, statusCode);\n                    err.result = response.result;\n                    reject(err);\n                }\n                else {\n                    resolve(response);\n                }\n            }));\n        });\n    }\n}\nexports.HttpClient = HttpClient;\nconst lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});\n//# sourceMappingURL=index.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.checkBypass = exports.getProxyUrl = void 0;\nfunction getProxyUrl(reqUrl) {\n    const usingSsl = reqUrl.protocol === 'https:';\n    if (checkBypass(reqUrl)) {\n        return undefined;\n    }\n    const proxyVar = (() => {\n        if (usingSsl) {\n            return process.env['https_proxy'] || process.env['HTTPS_PROXY'];\n        }\n        else {\n            return process.env['http_proxy'] || process.env['HTTP_PROXY'];\n        }\n    })();\n    if (proxyVar) {\n        return new URL(proxyVar);\n    }\n    else {\n        return undefined;\n    }\n}\nexports.getProxyUrl = getProxyUrl;\nfunction checkBypass(reqUrl) {\n    if (!reqUrl.hostname) {\n        return false;\n    }\n    const noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || '';\n    if (!noProxy) {\n        return false;\n    }\n    // Determine the request port\n    let reqPort;\n    if (reqUrl.port) {\n        reqPort = Number(reqUrl.port);\n    }\n    else if (reqUrl.protocol === 'http:') {\n        reqPort = 80;\n    }\n    else if (reqUrl.protocol === 'https:') {\n        reqPort = 443;\n    }\n    // Format the request hostname and hostname with port\n    const upperReqHosts = [reqUrl.hostname.toUpperCase()];\n    if (typeof reqPort === 'number') {\n        upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`);\n    }\n    // Compare request host against noproxy\n    for (const upperNoProxyItem of noProxy\n        .split(',')\n        .map(x => x.trim().toUpperCase())\n        .filter(x => x)) {\n        if (upperReqHosts.some(x => x === upperNoProxyItem)) {\n            return true;\n        }\n    }\n    return false;\n}\nexports.checkBypass = checkBypass;\n//# sourceMappingURL=proxy.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar _a;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getCmdPath = exports.tryGetExecutablePath = exports.isRooted = exports.isDirectory = exports.exists = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rename = exports.readlink = exports.readdir = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;\nconst fs = __importStar(require(\"fs\"));\nconst path = __importStar(require(\"path\"));\n_a = fs.promises, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.readdir = _a.readdir, exports.readlink = _a.readlink, exports.rename = _a.rename, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;\nexports.IS_WINDOWS = process.platform === 'win32';\nfunction exists(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        try {\n            yield exports.stat(fsPath);\n        }\n        catch (err) {\n            if (err.code === 'ENOENT') {\n                return false;\n            }\n            throw err;\n        }\n        return true;\n    });\n}\nexports.exists = exists;\nfunction isDirectory(fsPath, useStat = false) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const stats = useStat ? yield exports.stat(fsPath) : yield exports.lstat(fsPath);\n        return stats.isDirectory();\n    });\n}\nexports.isDirectory = isDirectory;\n/**\n * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:\n * \\, \\hello, \\\\hello\\share, C:, and C:\\hello (and corresponding alternate separator cases).\n */\nfunction isRooted(p) {\n    p = normalizeSeparators(p);\n    if (!p) {\n        throw new Error('isRooted() parameter \"p\" cannot be empty');\n    }\n    if (exports.IS_WINDOWS) {\n        return (p.startsWith('\\\\') || /^[A-Z]:/i.test(p) // e.g. \\ or \\hello or \\\\hello\n        ); // e.g. C: or C:\\hello\n    }\n    return p.startsWith('/');\n}\nexports.isRooted = isRooted;\n/**\n * Best effort attempt to determine whether a file exists and is executable.\n * @param filePath    file path to check\n * @param extensions  additional file extensions to try\n * @return if file exists and is executable, returns the file path. otherwise empty string.\n */\nfunction tryGetExecutablePath(filePath, extensions) {\n    return __awaiter(this, void 0, void 0, function* () {\n        let stats = undefined;\n        try {\n            // test file exists\n            stats = yield exports.stat(filePath);\n        }\n        catch (err) {\n            if (err.code !== 'ENOENT') {\n                // eslint-disable-next-line no-console\n                console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n            }\n        }\n        if (stats && stats.isFile()) {\n            if (exports.IS_WINDOWS) {\n                // on Windows, test for valid extension\n                const upperExt = path.extname(filePath).toUpperCase();\n                if (extensions.some(validExt => validExt.toUpperCase() === upperExt)) {\n                    return filePath;\n                }\n            }\n            else {\n                if (isUnixExecutable(stats)) {\n                    return filePath;\n                }\n            }\n        }\n        // try each extension\n        const originalFilePath = filePath;\n        for (const extension of extensions) {\n            filePath = originalFilePath + extension;\n            stats = undefined;\n            try {\n                stats = yield exports.stat(filePath);\n            }\n            catch (err) {\n                if (err.code !== 'ENOENT') {\n                    // eslint-disable-next-line no-console\n                    console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n                }\n            }\n            if (stats && stats.isFile()) {\n                if (exports.IS_WINDOWS) {\n                    // preserve the case of the actual file (since an extension was appended)\n                    try {\n                        const directory = path.dirname(filePath);\n                        const upperName = path.basename(filePath).toUpperCase();\n                        for (const actualName of yield exports.readdir(directory)) {\n                            if (upperName === actualName.toUpperCase()) {\n                                filePath = path.join(directory, actualName);\n                                break;\n                            }\n                        }\n                    }\n                    catch (err) {\n                        // eslint-disable-next-line no-console\n                        console.log(`Unexpected error attempting to determine the actual case of the file '${filePath}': ${err}`);\n                    }\n                    return filePath;\n                }\n                else {\n                    if (isUnixExecutable(stats)) {\n                        return filePath;\n                    }\n                }\n            }\n        }\n        return '';\n    });\n}\nexports.tryGetExecutablePath = tryGetExecutablePath;\nfunction normalizeSeparators(p) {\n    p = p || '';\n    if (exports.IS_WINDOWS) {\n        // convert slashes on Windows\n        p = p.replace(/\\//g, '\\\\');\n        // remove redundant slashes\n        return p.replace(/\\\\\\\\+/g, '\\\\');\n    }\n    // remove redundant slashes\n    return p.replace(/\\/\\/+/g, '/');\n}\n// on Mac/Linux, test the execute bit\n//     R   W  X  R  W X R W X\n//   256 128 64 32 16 8 4 2 1\nfunction isUnixExecutable(stats) {\n    return ((stats.mode & 1) > 0 ||\n        ((stats.mode & 8) > 0 && stats.gid === process.getgid()) ||\n        ((stats.mode & 64) > 0 && stats.uid === process.getuid()));\n}\n// Get the path of cmd.exe in windows\nfunction getCmdPath() {\n    var _a;\n    return (_a = process.env['COMSPEC']) !== null && _a !== void 0 ? _a : `cmd.exe`;\n}\nexports.getCmdPath = getCmdPath;\n//# sourceMappingURL=io-util.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.findInPath = exports.which = exports.mkdirP = exports.rmRF = exports.mv = exports.cp = void 0;\nconst assert_1 = require(\"assert\");\nconst childProcess = __importStar(require(\"child_process\"));\nconst path = __importStar(require(\"path\"));\nconst util_1 = require(\"util\");\nconst ioUtil = __importStar(require(\"./io-util\"));\nconst exec = util_1.promisify(childProcess.exec);\nconst execFile = util_1.promisify(childProcess.execFile);\n/**\n * Copies a file or folder.\n * Based off of shelljs - https://github.com/shelljs/shelljs/blob/9237f66c52e5daa40458f94f9565e18e8132f5a6/src/cp.js\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See CopyOptions.\n */\nfunction cp(source, dest, options = {}) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const { force, recursive, copySourceDirectory } = readCopyOptions(options);\n        const destStat = (yield ioUtil.exists(dest)) ? yield ioUtil.stat(dest) : null;\n        // Dest is an existing file, but not forcing\n        if (destStat && destStat.isFile() && !force) {\n            return;\n        }\n        // If dest is an existing directory, should copy inside.\n        const newDest = destStat && destStat.isDirectory() && copySourceDirectory\n            ? path.join(dest, path.basename(source))\n            : dest;\n        if (!(yield ioUtil.exists(source))) {\n            throw new Error(`no such file or directory: ${source}`);\n        }\n        const sourceStat = yield ioUtil.stat(source);\n        if (sourceStat.isDirectory()) {\n            if (!recursive) {\n                throw new Error(`Failed to copy. ${source} is a directory, but tried to copy without recursive flag.`);\n            }\n            else {\n                yield cpDirRecursive(source, newDest, 0, force);\n            }\n        }\n        else {\n            if (path.relative(source, newDest) === '') {\n                // a file cannot be copied to itself\n                throw new Error(`'${newDest}' and '${source}' are the same file`);\n            }\n            yield copyFile(source, newDest, force);\n        }\n    });\n}\nexports.cp = cp;\n/**\n * Moves a path.\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See MoveOptions.\n */\nfunction mv(source, dest, options = {}) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (yield ioUtil.exists(dest)) {\n            let destExists = true;\n            if (yield ioUtil.isDirectory(dest)) {\n                // If dest is directory copy src into dest\n                dest = path.join(dest, path.basename(source));\n                destExists = yield ioUtil.exists(dest);\n            }\n            if (destExists) {\n                if (options.force == null || options.force) {\n                    yield rmRF(dest);\n                }\n                else {\n                    throw new Error('Destination already exists');\n                }\n            }\n        }\n        yield mkdirP(path.dirname(dest));\n        yield ioUtil.rename(source, dest);\n    });\n}\nexports.mv = mv;\n/**\n * Remove a path recursively with force\n *\n * @param inputPath path to remove\n */\nfunction rmRF(inputPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (ioUtil.IS_WINDOWS) {\n            // Node doesn't provide a delete operation, only an unlink function. This means that if the file is being used by another\n            // program (e.g. antivirus), it won't be deleted. To address this, we shell out the work to rd/del.\n            // Check for invalid characters\n            // https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file\n            if (/[*\"<>|]/.test(inputPath)) {\n                throw new Error('File path must not contain `*`, `\"`, `<`, `>` or `|` on Windows');\n            }\n            try {\n                const cmdPath = ioUtil.getCmdPath();\n                if (yield ioUtil.isDirectory(inputPath, true)) {\n                    yield exec(`${cmdPath} /s /c \"rd /s /q \"%inputPath%\"\"`, {\n                        env: { inputPath }\n                    });\n                }\n                else {\n                    yield exec(`${cmdPath} /s /c \"del /f /a \"%inputPath%\"\"`, {\n                        env: { inputPath }\n                    });\n                }\n            }\n            catch (err) {\n                // if you try to delete a file that doesn't exist, desired result is achieved\n                // other errors are valid\n                if (err.code !== 'ENOENT')\n                    throw err;\n            }\n            // Shelling out fails to remove a symlink folder with missing source, this unlink catches that\n            try {\n                yield ioUtil.unlink(inputPath);\n            }\n            catch (err) {\n                // if you try to delete a file that doesn't exist, desired result is achieved\n                // other errors are valid\n                if (err.code !== 'ENOENT')\n                    throw err;\n            }\n        }\n        else {\n            let isDir = false;\n            try {\n                isDir = yield ioUtil.isDirectory(inputPath);\n            }\n            catch (err) {\n                // if you try to delete a file that doesn't exist, desired result is achieved\n                // other errors are valid\n                if (err.code !== 'ENOENT')\n                    throw err;\n                return;\n            }\n            if (isDir) {\n                yield execFile(`rm`, [`-rf`, `${inputPath}`]);\n            }\n            else {\n                yield ioUtil.unlink(inputPath);\n            }\n        }\n    });\n}\nexports.rmRF = rmRF;\n/**\n * Make a directory.  Creates the full path with folders in between\n * Will throw if it fails\n *\n * @param   fsPath        path to create\n * @returns Promise<void>\n */\nfunction mkdirP(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(fsPath, 'a path argument must be provided');\n        yield ioUtil.mkdir(fsPath, { recursive: true });\n    });\n}\nexports.mkdirP = mkdirP;\n/**\n * Returns path of a tool had the tool actually been invoked.  Resolves via paths.\n * If you check and the tool does not exist, it will throw.\n *\n * @param     tool              name of the tool\n * @param     check             whether to check if tool exists\n * @returns   Promise<string>   path to tool\n */\nfunction which(tool, check) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // recursive when check=true\n        if (check) {\n            const result = yield which(tool, false);\n            if (!result) {\n                if (ioUtil.IS_WINDOWS) {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.`);\n                }\n                else {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.`);\n                }\n            }\n            return result;\n        }\n        const matches = yield findInPath(tool);\n        if (matches && matches.length > 0) {\n            return matches[0];\n        }\n        return '';\n    });\n}\nexports.which = which;\n/**\n * Returns a list of all occurrences of the given tool on the system path.\n *\n * @returns   Promise<string[]>  the paths of the tool\n */\nfunction findInPath(tool) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // build the list of extensions to try\n        const extensions = [];\n        if (ioUtil.IS_WINDOWS && process.env['PATHEXT']) {\n            for (const extension of process.env['PATHEXT'].split(path.delimiter)) {\n                if (extension) {\n                    extensions.push(extension);\n                }\n            }\n        }\n        // if it's rooted, return it if exists. otherwise return empty.\n        if (ioUtil.isRooted(tool)) {\n            const filePath = yield ioUtil.tryGetExecutablePath(tool, extensions);\n            if (filePath) {\n                return [filePath];\n            }\n            return [];\n        }\n        // if any path separators, return empty\n        if (tool.includes(path.sep)) {\n            return [];\n        }\n        // build the list of directories\n        //\n        // Note, technically \"where\" checks the current directory on Windows. From a toolkit perspective,\n        // it feels like we should not do this. Checking the current directory seems like more of a use\n        // case of a shell, and the which() function exposed by the toolkit should strive for consistency\n        // across platforms.\n        const directories = [];\n        if (process.env.PATH) {\n            for (const p of process.env.PATH.split(path.delimiter)) {\n                if (p) {\n                    directories.push(p);\n                }\n            }\n        }\n        // find all matches\n        const matches = [];\n        for (const directory of directories) {\n            const filePath = yield ioUtil.tryGetExecutablePath(path.join(directory, tool), extensions);\n            if (filePath) {\n                matches.push(filePath);\n            }\n        }\n        return matches;\n    });\n}\nexports.findInPath = findInPath;\nfunction readCopyOptions(options) {\n    const force = options.force == null ? true : options.force;\n    const recursive = Boolean(options.recursive);\n    const copySourceDirectory = options.copySourceDirectory == null\n        ? true\n        : Boolean(options.copySourceDirectory);\n    return { force, recursive, copySourceDirectory };\n}\nfunction cpDirRecursive(sourceDir, destDir, currentDepth, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Ensure there is not a run away recursive copy\n        if (currentDepth >= 255)\n            return;\n        currentDepth++;\n        yield mkdirP(destDir);\n        const files = yield ioUtil.readdir(sourceDir);\n        for (const fileName of files) {\n            const srcFile = `${sourceDir}/${fileName}`;\n            const destFile = `${destDir}/${fileName}`;\n            const srcFileStat = yield ioUtil.lstat(srcFile);\n            if (srcFileStat.isDirectory()) {\n                // Recurse\n                yield cpDirRecursive(srcFile, destFile, currentDepth, force);\n            }\n            else {\n                yield copyFile(srcFile, destFile, force);\n            }\n        }\n        // Change the mode for the newly created directory\n        yield ioUtil.chmod(destDir, (yield ioUtil.stat(sourceDir)).mode);\n    });\n}\n// Buffered file copy\nfunction copyFile(srcFile, destFile, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if ((yield ioUtil.lstat(srcFile)).isSymbolicLink()) {\n            // unlink/re-link it\n            try {\n                yield ioUtil.lstat(destFile);\n                yield ioUtil.unlink(destFile);\n            }\n            catch (e) {\n                // Try to override file permission\n                if (e.code === 'EPERM') {\n                    yield ioUtil.chmod(destFile, '0666');\n                    yield ioUtil.unlink(destFile);\n                }\n                // other errors = it doesn't exist, no work to do\n            }\n            // Copy over symlink\n            const symlinkFull = yield ioUtil.readlink(srcFile);\n            yield ioUtil.symlink(symlinkFull, destFile, ioUtil.IS_WINDOWS ? 'junction' : null);\n        }\n        else if (!(yield ioUtil.exists(destFile)) || force) {\n            yield ioUtil.copyFile(srcFile, destFile);\n        }\n    });\n}\n//# sourceMappingURL=io.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports._readLinuxVersionFile = exports._getOsVersion = exports._findMatch = void 0;\nconst semver = __importStar(require(\"semver\"));\nconst core_1 = require(\"@actions/core\");\n// needs to be require for core node modules to be mocked\n/* eslint @typescript-eslint/no-require-imports: 0 */\nconst os = require(\"os\");\nconst cp = require(\"child_process\");\nconst fs = require(\"fs\");\nfunction _findMatch(versionSpec, stable, candidates, archFilter) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const platFilter = os.platform();\n        let result;\n        let match;\n        let file;\n        for (const candidate of candidates) {\n            const version = candidate.version;\n            core_1.debug(`check ${version} satisfies ${versionSpec}`);\n            if (semver.satisfies(version, versionSpec) &&\n                (!stable || candidate.stable === stable)) {\n                file = candidate.files.find(item => {\n                    core_1.debug(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);\n                    let chk = item.arch === archFilter && item.platform === platFilter;\n                    if (chk && item.platform_version) {\n                        const osVersion = module.exports._getOsVersion();\n                        if (osVersion === item.platform_version) {\n                            chk = true;\n                        }\n                        else {\n                            chk = semver.satisfies(osVersion, item.platform_version);\n                        }\n                    }\n                    return chk;\n                });\n                if (file) {\n                    core_1.debug(`matched ${candidate.version}`);\n                    match = candidate;\n                    break;\n                }\n            }\n        }\n        if (match && file) {\n            // clone since we're mutating the file list to be only the file that matches\n            result = Object.assign({}, match);\n            result.files = [file];\n        }\n        return result;\n    });\n}\nexports._findMatch = _findMatch;\nfunction _getOsVersion() {\n    // TODO: add windows and other linux, arm variants\n    // right now filtering on version is only an ubuntu and macos scenario for tools we build for hosted (python)\n    const plat = os.platform();\n    let version = '';\n    if (plat === 'darwin') {\n        version = cp.execSync('sw_vers -productVersion').toString();\n    }\n    else if (plat === 'linux') {\n        // lsb_release process not in some containers, readfile\n        // Run cat /etc/lsb-release\n        // DISTRIB_ID=Ubuntu\n        // DISTRIB_RELEASE=18.04\n        // DISTRIB_CODENAME=bionic\n        // DISTRIB_DESCRIPTION=\"Ubuntu 18.04.4 LTS\"\n        const lsbContents = module.exports._readLinuxVersionFile();\n        if (lsbContents) {\n            const lines = lsbContents.split('\\n');\n            for (const line of lines) {\n                const parts = line.split('=');\n                if (parts.length === 2 &&\n                    (parts[0].trim() === 'VERSION_ID' ||\n                        parts[0].trim() === 'DISTRIB_RELEASE')) {\n                    version = parts[1]\n                        .trim()\n                        .replace(/^\"/, '')\n                        .replace(/\"$/, '');\n                    break;\n                }\n            }\n        }\n    }\n    return version;\n}\nexports._getOsVersion = _getOsVersion;\nfunction _readLinuxVersionFile() {\n    const lsbReleaseFile = '/etc/lsb-release';\n    const osReleaseFile = '/etc/os-release';\n    let contents = '';\n    if (fs.existsSync(lsbReleaseFile)) {\n        contents = fs.readFileSync(lsbReleaseFile).toString();\n    }\n    else if (fs.existsSync(osReleaseFile)) {\n        contents = fs.readFileSync(osReleaseFile).toString();\n    }\n    return contents;\n}\nexports._readLinuxVersionFile = _readLinuxVersionFile;\n//# sourceMappingURL=manifest.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.RetryHelper = void 0;\nconst core = __importStar(require(\"@actions/core\"));\n/**\n * Internal class for retries\n */\nclass RetryHelper {\n    constructor(maxAttempts, minSeconds, maxSeconds) {\n        if (maxAttempts < 1) {\n            throw new Error('max attempts should be greater than or equal to 1');\n        }\n        this.maxAttempts = maxAttempts;\n        this.minSeconds = Math.floor(minSeconds);\n        this.maxSeconds = Math.floor(maxSeconds);\n        if (this.minSeconds > this.maxSeconds) {\n            throw new Error('min seconds should be less than or equal to max seconds');\n        }\n    }\n    execute(action, isRetryable) {\n        return __awaiter(this, void 0, void 0, function* () {\n            let attempt = 1;\n            while (attempt < this.maxAttempts) {\n                // Try\n                try {\n                    return yield action();\n                }\n                catch (err) {\n                    if (isRetryable && !isRetryable(err)) {\n                        throw err;\n                    }\n                    core.info(err.message);\n                }\n                // Sleep\n                const seconds = this.getSleepAmount();\n                core.info(`Waiting ${seconds} seconds before trying again`);\n                yield this.sleep(seconds);\n                attempt++;\n            }\n            // Last attempt\n            return yield action();\n        });\n    }\n    getSleepAmount() {\n        return (Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) +\n            this.minSeconds);\n    }\n    sleep(seconds) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise(resolve => setTimeout(resolve, seconds * 1000));\n        });\n    }\n}\nexports.RetryHelper = RetryHelper;\n//# sourceMappingURL=retry-helper.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar __importDefault = (this && this.__importDefault) || function (mod) {\n    return (mod && mod.__esModule) ? mod : { \"default\": mod };\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.evaluateVersions = exports.isExplicitVersion = exports.findFromManifest = exports.getManifestFromRepo = exports.findAllVersions = exports.find = exports.cacheFile = exports.cacheDir = exports.extractZip = exports.extractXar = exports.extractTar = exports.extract7z = exports.downloadTool = exports.HTTPError = void 0;\nconst core = __importStar(require(\"@actions/core\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst fs = __importStar(require(\"fs\"));\nconst mm = __importStar(require(\"./manifest\"));\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst httpm = __importStar(require(\"@actions/http-client\"));\nconst semver = __importStar(require(\"semver\"));\nconst stream = __importStar(require(\"stream\"));\nconst util = __importStar(require(\"util\"));\nconst assert_1 = require(\"assert\");\nconst v4_1 = __importDefault(require(\"uuid/v4\"));\nconst exec_1 = require(\"@actions/exec/lib/exec\");\nconst retry_helper_1 = require(\"./retry-helper\");\nclass HTTPError extends Error {\n    constructor(httpStatusCode) {\n        super(`Unexpected HTTP response: ${httpStatusCode}`);\n        this.httpStatusCode = httpStatusCode;\n        Object.setPrototypeOf(this, new.target.prototype);\n    }\n}\nexports.HTTPError = HTTPError;\nconst IS_WINDOWS = process.platform === 'win32';\nconst IS_MAC = process.platform === 'darwin';\nconst userAgent = 'actions/tool-cache';\n/**\n * Download a tool from an url and stream it into a file\n *\n * @param url       url of tool to download\n * @param dest      path to download tool\n * @param auth      authorization header\n * @param headers   other headers\n * @returns         path to downloaded tool\n */\nfunction downloadTool(url, dest, auth, headers) {\n    return __awaiter(this, void 0, void 0, function* () {\n        dest = dest || path.join(_getTempDirectory(), v4_1.default());\n        yield io.mkdirP(path.dirname(dest));\n        core.debug(`Downloading ${url}`);\n        core.debug(`Destination ${dest}`);\n        const maxAttempts = 3;\n        const minSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MIN_SECONDS', 10);\n        const maxSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MAX_SECONDS', 20);\n        const retryHelper = new retry_helper_1.RetryHelper(maxAttempts, minSeconds, maxSeconds);\n        return yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {\n            return yield downloadToolAttempt(url, dest || '', auth, headers);\n        }), (err) => {\n            if (err instanceof HTTPError && err.httpStatusCode) {\n                // Don't retry anything less than 500, except 408 Request Timeout and 429 Too Many Requests\n                if (err.httpStatusCode < 500 &&\n                    err.httpStatusCode !== 408 &&\n                    err.httpStatusCode !== 429) {\n                    return false;\n                }\n            }\n            // Otherwise retry\n            return true;\n        });\n    });\n}\nexports.downloadTool = downloadTool;\nfunction downloadToolAttempt(url, dest, auth, headers) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (fs.existsSync(dest)) {\n            throw new Error(`Destination file path ${dest} already exists`);\n        }\n        // Get the response headers\n        const http = new httpm.HttpClient(userAgent, [], {\n            allowRetries: false\n        });\n        if (auth) {\n            core.debug('set auth');\n            if (headers === undefined) {\n                headers = {};\n            }\n            headers.authorization = auth;\n        }\n        const response = yield http.get(url, headers);\n        if (response.message.statusCode !== 200) {\n            const err = new HTTPError(response.message.statusCode);\n            core.debug(`Failed to download from \"${url}\". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);\n            throw err;\n        }\n        // Download the response body\n        const pipeline = util.promisify(stream.pipeline);\n        const responseMessageFactory = _getGlobal('TEST_DOWNLOAD_TOOL_RESPONSE_MESSAGE_FACTORY', () => response.message);\n        const readStream = responseMessageFactory();\n        let succeeded = false;\n        try {\n            yield pipeline(readStream, fs.createWriteStream(dest));\n            core.debug('download complete');\n            succeeded = true;\n            return dest;\n        }\n        finally {\n            // Error, delete dest before retry\n            if (!succeeded) {\n                core.debug('download failed');\n                try {\n                    yield io.rmRF(dest);\n                }\n                catch (err) {\n                    core.debug(`Failed to delete '${dest}'. ${err.message}`);\n                }\n            }\n        }\n    });\n}\n/**\n * Extract a .7z file\n *\n * @param file     path to the .7z file\n * @param dest     destination directory. Optional.\n * @param _7zPath  path to 7zr.exe. Optional, for long path support. Most .7z archives do not have this\n * problem. If your .7z archive contains very long paths, you can pass the path to 7zr.exe which will\n * gracefully handle long paths. By default 7zdec.exe is used because it is a very small program and is\n * bundled with the tool lib. However it does not support long paths. 7zr.exe is the reduced command line\n * interface, it is smaller than the full command line interface, and it does support long paths. At the\n * time of this writing, it is freely available from the LZMA SDK that is available on the 7zip website.\n * Be sure to check the current license agreement. If 7zr.exe is bundled with your action, then the path\n * to 7zr.exe can be pass to this function.\n * @returns        path to the destination directory\n */\nfunction extract7z(file, dest, _7zPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(IS_WINDOWS, 'extract7z() not supported on current OS');\n        assert_1.ok(file, 'parameter \"file\" is required');\n        dest = yield _createExtractFolder(dest);\n        const originalCwd = process.cwd();\n        process.chdir(dest);\n        if (_7zPath) {\n            try {\n                const logLevel = core.isDebug() ? '-bb1' : '-bb0';\n                const args = [\n                    'x',\n                    logLevel,\n                    '-bd',\n                    '-sccUTF-8',\n                    file\n                ];\n                const options = {\n                    silent: true\n                };\n                yield exec_1.exec(`\"${_7zPath}\"`, args, options);\n            }\n            finally {\n                process.chdir(originalCwd);\n            }\n        }\n        else {\n            const escapedScript = path\n                .join(__dirname, '..', 'scripts', 'Invoke-7zdec.ps1')\n                .replace(/'/g, \"''\")\n                .replace(/\"|\\n|\\r/g, ''); // double-up single quotes, remove double quotes and newlines\n            const escapedFile = file.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n            const escapedTarget = dest.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n            const command = `& '${escapedScript}' -Source '${escapedFile}' -Target '${escapedTarget}'`;\n            const args = [\n                '-NoLogo',\n                '-Sta',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                command\n            ];\n            const options = {\n                silent: true\n            };\n            try {\n                const powershellPath = yield io.which('powershell', true);\n                yield exec_1.exec(`\"${powershellPath}\"`, args, options);\n            }\n            finally {\n                process.chdir(originalCwd);\n            }\n        }\n        return dest;\n    });\n}\nexports.extract7z = extract7z;\n/**\n * Extract a compressed tar archive\n *\n * @param file     path to the tar\n * @param dest     destination directory. Optional.\n * @param flags    flags for the tar command to use for extraction. Defaults to 'xz' (extracting gzipped tars). Optional.\n * @returns        path to the destination directory\n */\nfunction extractTar(file, dest, flags = 'xz') {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!file) {\n            throw new Error(\"parameter 'file' is required\");\n        }\n        // Create dest\n        dest = yield _createExtractFolder(dest);\n        // Determine whether GNU tar\n        core.debug('Checking tar --version');\n        let versionOutput = '';\n        yield exec_1.exec('tar --version', [], {\n            ignoreReturnCode: true,\n            silent: true,\n            listeners: {\n                stdout: (data) => (versionOutput += data.toString()),\n                stderr: (data) => (versionOutput += data.toString())\n            }\n        });\n        core.debug(versionOutput.trim());\n        const isGnuTar = versionOutput.toUpperCase().includes('GNU TAR');\n        // Initialize args\n        let args;\n        if (flags instanceof Array) {\n            args = flags;\n        }\n        else {\n            args = [flags];\n        }\n        if (core.isDebug() && !flags.includes('v')) {\n            args.push('-v');\n        }\n        let destArg = dest;\n        let fileArg = file;\n        if (IS_WINDOWS && isGnuTar) {\n            args.push('--force-local');\n            destArg = dest.replace(/\\\\/g, '/');\n            // Technically only the dest needs to have `/` but for aesthetic consistency\n            // convert slashes in the file arg too.\n            fileArg = file.replace(/\\\\/g, '/');\n        }\n        if (isGnuTar) {\n            // Suppress warnings when using GNU tar to extract archives created by BSD tar\n            args.push('--warning=no-unknown-keyword');\n            args.push('--overwrite');\n        }\n        args.push('-C', destArg, '-f', fileArg);\n        yield exec_1.exec(`tar`, args);\n        return dest;\n    });\n}\nexports.extractTar = extractTar;\n/**\n * Extract a xar compatible archive\n *\n * @param file     path to the archive\n * @param dest     destination directory. Optional.\n * @param flags    flags for the xar. Optional.\n * @returns        path to the destination directory\n */\nfunction extractXar(file, dest, flags = []) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(IS_MAC, 'extractXar() not supported on current OS');\n        assert_1.ok(file, 'parameter \"file\" is required');\n        dest = yield _createExtractFolder(dest);\n        let args;\n        if (flags instanceof Array) {\n            args = flags;\n        }\n        else {\n            args = [flags];\n        }\n        args.push('-x', '-C', dest, '-f', file);\n        if (core.isDebug()) {\n            args.push('-v');\n        }\n        const xarPath = yield io.which('xar', true);\n        yield exec_1.exec(`\"${xarPath}\"`, _unique(args));\n        return dest;\n    });\n}\nexports.extractXar = extractXar;\n/**\n * Extract a zip\n *\n * @param file     path to the zip\n * @param dest     destination directory. Optional.\n * @returns        path to the destination directory\n */\nfunction extractZip(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!file) {\n            throw new Error(\"parameter 'file' is required\");\n        }\n        dest = yield _createExtractFolder(dest);\n        if (IS_WINDOWS) {\n            yield extractZipWin(file, dest);\n        }\n        else {\n            yield extractZipNix(file, dest);\n        }\n        return dest;\n    });\n}\nexports.extractZip = extractZip;\nfunction extractZipWin(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // build the powershell command\n        const escapedFile = file.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, ''); // double-up single quotes, remove double quotes and newlines\n        const escapedDest = dest.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n        const pwshPath = yield io.which('pwsh', false);\n        //To match the file overwrite behavior on nix systems, we use the overwrite = true flag for ExtractToDirectory\n        //and the -Force flag for Expand-Archive as a fallback\n        if (pwshPath) {\n            //attempt to use pwsh with ExtractToDirectory, if this fails attempt Expand-Archive\n            const pwshCommand = [\n                `$ErrorActionPreference = 'Stop' ;`,\n                `try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ;`,\n                `try { [System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`,\n                `catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force } else { throw $_ } } ;`\n            ].join(' ');\n            const args = [\n                '-NoLogo',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                pwshCommand\n            ];\n            core.debug(`Using pwsh at path: ${pwshPath}`);\n            yield exec_1.exec(`\"${pwshPath}\"`, args);\n        }\n        else {\n            const powershellCommand = [\n                `$ErrorActionPreference = 'Stop' ;`,\n                `try { Add-Type -AssemblyName System.IO.Compression.FileSystem } catch { } ;`,\n                `if ((Get-Command -Name Expand-Archive -Module Microsoft.PowerShell.Archive -ErrorAction Ignore)) { Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force }`,\n                `else {[System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`\n            ].join(' ');\n            const args = [\n                '-NoLogo',\n                '-Sta',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                powershellCommand\n            ];\n            const powershellPath = yield io.which('powershell', true);\n            core.debug(`Using powershell at path: ${powershellPath}`);\n            yield exec_1.exec(`\"${powershellPath}\"`, args);\n        }\n    });\n}\nfunction extractZipNix(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const unzipPath = yield io.which('unzip', true);\n        const args = [file];\n        if (!core.isDebug()) {\n            args.unshift('-q');\n        }\n        args.unshift('-o'); //overwrite with -o, otherwise a prompt is shown which freezes the run\n        yield exec_1.exec(`\"${unzipPath}\"`, args, { cwd: dest });\n    });\n}\n/**\n * Caches a directory and installs it into the tool cacheDir\n *\n * @param sourceDir    the directory to cache into tools\n * @param tool          tool name\n * @param version       version of the tool.  semver format\n * @param arch          architecture of the tool.  Optional.  Defaults to machine architecture\n */\nfunction cacheDir(sourceDir, tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        version = semver.clean(version) || version;\n        arch = arch || os.arch();\n        core.debug(`Caching tool ${tool} ${version} ${arch}`);\n        core.debug(`source dir: ${sourceDir}`);\n        if (!fs.statSync(sourceDir).isDirectory()) {\n            throw new Error('sourceDir is not a directory');\n        }\n        // Create the tool dir\n        const destPath = yield _createToolPath(tool, version, arch);\n        // copy each child item. do not move. move can fail on Windows\n        // due to anti-virus software having an open handle on a file.\n        for (const itemName of fs.readdirSync(sourceDir)) {\n            const s = path.join(sourceDir, itemName);\n            yield io.cp(s, destPath, { recursive: true });\n        }\n        // write .complete\n        _completeToolPath(tool, version, arch);\n        return destPath;\n    });\n}\nexports.cacheDir = cacheDir;\n/**\n * Caches a downloaded file (GUID) and installs it\n * into the tool cache with a given targetName\n *\n * @param sourceFile    the file to cache into tools.  Typically a result of downloadTool which is a guid.\n * @param targetFile    the name of the file name in the tools directory\n * @param tool          tool name\n * @param version       version of the tool.  semver format\n * @param arch          architecture of the tool.  Optional.  Defaults to machine architecture\n */\nfunction cacheFile(sourceFile, targetFile, tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        version = semver.clean(version) || version;\n        arch = arch || os.arch();\n        core.debug(`Caching tool ${tool} ${version} ${arch}`);\n        core.debug(`source file: ${sourceFile}`);\n        if (!fs.statSync(sourceFile).isFile()) {\n            throw new Error('sourceFile is not a file');\n        }\n        // create the tool dir\n        const destFolder = yield _createToolPath(tool, version, arch);\n        // copy instead of move. move can fail on Windows due to\n        // anti-virus software having an open handle on a file.\n        const destPath = path.join(destFolder, targetFile);\n        core.debug(`destination file ${destPath}`);\n        yield io.cp(sourceFile, destPath);\n        // write .complete\n        _completeToolPath(tool, version, arch);\n        return destFolder;\n    });\n}\nexports.cacheFile = cacheFile;\n/**\n * Finds the path to a tool version in the local installed tool cache\n *\n * @param toolName      name of the tool\n * @param versionSpec   version of the tool\n * @param arch          optional arch.  defaults to arch of computer\n */\nfunction find(toolName, versionSpec, arch) {\n    if (!toolName) {\n        throw new Error('toolName parameter is required');\n    }\n    if (!versionSpec) {\n        throw new Error('versionSpec parameter is required');\n    }\n    arch = arch || os.arch();\n    // attempt to resolve an explicit version\n    if (!isExplicitVersion(versionSpec)) {\n        const localVersions = findAllVersions(toolName, arch);\n        const match = evaluateVersions(localVersions, versionSpec);\n        versionSpec = match;\n    }\n    // check for the explicit version in the cache\n    let toolPath = '';\n    if (versionSpec) {\n        versionSpec = semver.clean(versionSpec) || '';\n        const cachePath = path.join(_getCacheDirectory(), toolName, versionSpec, arch);\n        core.debug(`checking cache: ${cachePath}`);\n        if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) {\n            core.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch}`);\n            toolPath = cachePath;\n        }\n        else {\n            core.debug('not found');\n        }\n    }\n    return toolPath;\n}\nexports.find = find;\n/**\n * Finds the paths to all versions of a tool that are installed in the local tool cache\n *\n * @param toolName  name of the tool\n * @param arch      optional arch.  defaults to arch of computer\n */\nfunction findAllVersions(toolName, arch) {\n    const versions = [];\n    arch = arch || os.arch();\n    const toolPath = path.join(_getCacheDirectory(), toolName);\n    if (fs.existsSync(toolPath)) {\n        const children = fs.readdirSync(toolPath);\n        for (const child of children) {\n            if (isExplicitVersion(child)) {\n                const fullPath = path.join(toolPath, child, arch || '');\n                if (fs.existsSync(fullPath) && fs.existsSync(`${fullPath}.complete`)) {\n                    versions.push(child);\n                }\n            }\n        }\n    }\n    return versions;\n}\nexports.findAllVersions = findAllVersions;\nfunction getManifestFromRepo(owner, repo, auth, branch = 'master') {\n    return __awaiter(this, void 0, void 0, function* () {\n        let releases = [];\n        const treeUrl = `https://api.github.com/repos/${owner}/${repo}/git/trees/${branch}`;\n        const http = new httpm.HttpClient('tool-cache');\n        const headers = {};\n        if (auth) {\n            core.debug('set auth');\n            headers.authorization = auth;\n        }\n        const response = yield http.getJson(treeUrl, headers);\n        if (!response.result) {\n            return releases;\n        }\n        let manifestUrl = '';\n        for (const item of response.result.tree) {\n            if (item.path === 'versions-manifest.json') {\n                manifestUrl = item.url;\n                break;\n            }\n        }\n        headers['accept'] = 'application/vnd.github.VERSION.raw';\n        let versionsRaw = yield (yield http.get(manifestUrl, headers)).readBody();\n        if (versionsRaw) {\n            // shouldn't be needed but protects against invalid json saved with BOM\n            versionsRaw = versionsRaw.replace(/^\\uFEFF/, '');\n            try {\n                releases = JSON.parse(versionsRaw);\n            }\n            catch (_a) {\n                core.debug('Invalid json');\n            }\n        }\n        return releases;\n    });\n}\nexports.getManifestFromRepo = getManifestFromRepo;\nfunction findFromManifest(versionSpec, stable, manifest, archFilter = os.arch()) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // wrap the internal impl\n        const match = yield mm._findMatch(versionSpec, stable, manifest, archFilter);\n        return match;\n    });\n}\nexports.findFromManifest = findFromManifest;\nfunction _createExtractFolder(dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!dest) {\n            // create a temp dir\n            dest = path.join(_getTempDirectory(), v4_1.default());\n        }\n        yield io.mkdirP(dest);\n        return dest;\n    });\n}\nfunction _createToolPath(tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');\n        core.debug(`destination ${folderPath}`);\n        const markerPath = `${folderPath}.complete`;\n        yield io.rmRF(folderPath);\n        yield io.rmRF(markerPath);\n        yield io.mkdirP(folderPath);\n        return folderPath;\n    });\n}\nfunction _completeToolPath(tool, version, arch) {\n    const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');\n    const markerPath = `${folderPath}.complete`;\n    fs.writeFileSync(markerPath, '');\n    core.debug('finished caching tool');\n}\n/**\n * Check if version string is explicit\n *\n * @param versionSpec      version string to check\n */\nfunction isExplicitVersion(versionSpec) {\n    const c = semver.clean(versionSpec) || '';\n    core.debug(`isExplicit: ${c}`);\n    const valid = semver.valid(c) != null;\n    core.debug(`explicit? ${valid}`);\n    return valid;\n}\nexports.isExplicitVersion = isExplicitVersion;\n/**\n * Get the highest satisfiying semantic version in `versions` which satisfies `versionSpec`\n *\n * @param versions        array of versions to evaluate\n * @param versionSpec     semantic version spec to satisfy\n */\nfunction evaluateVersions(versions, versionSpec) {\n    let version = '';\n    core.debug(`evaluating ${versions.length} versions`);\n    versions = versions.sort((a, b) => {\n        if (semver.gt(a, b)) {\n            return 1;\n        }\n        return -1;\n    });\n    for (let i = versions.length - 1; i >= 0; i--) {\n        const potential = versions[i];\n        const satisfied = semver.satisfies(potential, versionSpec);\n        if (satisfied) {\n            version = potential;\n            break;\n        }\n    }\n    if (version) {\n        core.debug(`matched: ${version}`);\n    }\n    else {\n        core.debug('match not found');\n    }\n    return version;\n}\nexports.evaluateVersions = evaluateVersions;\n/**\n * Gets RUNNER_TOOL_CACHE\n */\nfunction _getCacheDirectory() {\n    const cacheDirectory = process.env['RUNNER_TOOL_CACHE'] || '';\n    assert_1.ok(cacheDirectory, 'Expected RUNNER_TOOL_CACHE to be defined');\n    return cacheDirectory;\n}\n/**\n * Gets RUNNER_TEMP\n */\nfunction _getTempDirectory() {\n    const tempDirectory = process.env['RUNNER_TEMP'] || '';\n    assert_1.ok(tempDirectory, 'Expected RUNNER_TEMP to be defined');\n    return tempDirectory;\n}\n/**\n * Gets a global variable\n */\nfunction _getGlobal(key, defaultValue) {\n    /* eslint-disable @typescript-eslint/no-explicit-any */\n    const value = global[key];\n    /* eslint-enable @typescript-eslint/no-explicit-any */\n    return value !== undefined ? value : defaultValue;\n}\n/**\n * Returns an array of unique values.\n * @param values Values to make unique.\n */\nfunction _unique(values) {\n    return Array.from(new Set(values));\n}\n//# sourceMappingURL=tool-cache.js.map","/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\nvar byteToHex = [];\nfor (var i = 0; i < 256; ++i) {\n  byteToHex[i] = (i + 0x100).toString(16).substr(1);\n}\n\nfunction bytesToUuid(buf, offset) {\n  var i = offset || 0;\n  var bth = byteToHex;\n  // join used to fix memory issue caused by concatenation: https://bugs.chromium.org/p/v8/issues/detail?id=3175#c4\n  return ([\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]]\n  ]).join('');\n}\n\nmodule.exports = bytesToUuid;\n","// Unique ID creation requires a high quality random # generator.  In node.js\n// this is pretty straight-forward - we use the crypto API.\n\nvar crypto = require('crypto');\n\nmodule.exports = function nodeRNG() {\n  return crypto.randomBytes(16);\n};\n","var rng = require('./lib/rng');\nvar bytesToUuid = require('./lib/bytesToUuid');\n\nfunction v4(options, buf, offset) {\n  var i = buf && offset || 0;\n\n  if (typeof(options) == 'string') {\n    buf = options === 'binary' ? new Array(16) : null;\n    options = null;\n  }\n  options = options || {};\n\n  var rnds = options.random || (options.rng || rng)();\n\n  // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n  rnds[6] = (rnds[6] & 0x0f) | 0x40;\n  rnds[8] = (rnds[8] & 0x3f) | 0x80;\n\n  // Copy bytes to buffer, if provided\n  if (buf) {\n    for (var ii = 0; ii < 16; ++ii) {\n      buf[i + ii] = rnds[ii];\n    }\n  }\n\n  return buf || bytesToUuid(rnds);\n}\n\nmodule.exports = v4;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nconst REGEX_IS_INSTALLATION_LEGACY = /^v1\\./;\nconst REGEX_IS_INSTALLATION = /^ghs_/;\nconst REGEX_IS_USER_TO_SERVER = /^ghu_/;\nasync function auth(token) {\n  const isApp = token.split(/\\./).length === 3;\n  const isInstallation = REGEX_IS_INSTALLATION_LEGACY.test(token) || REGEX_IS_INSTALLATION.test(token);\n  const isUserToServer = REGEX_IS_USER_TO_SERVER.test(token);\n  const tokenType = isApp ? \"app\" : isInstallation ? \"installation\" : isUserToServer ? \"user-to-server\" : \"oauth\";\n  return {\n    type: \"token\",\n    token: token,\n    tokenType\n  };\n}\n\n/**\n * Prefix token for usage in the Authorization header\n *\n * @param token OAuth token or JSON Web Token\n */\nfunction withAuthorizationPrefix(token) {\n  if (token.split(/\\./).length === 3) {\n    return `bearer ${token}`;\n  }\n\n  return `token ${token}`;\n}\n\nasync function hook(token, request, route, parameters) {\n  const endpoint = request.endpoint.merge(route, parameters);\n  endpoint.headers.authorization = withAuthorizationPrefix(token);\n  return request(endpoint);\n}\n\nconst createTokenAuth = function createTokenAuth(token) {\n  if (!token) {\n    throw new Error(\"[@octokit/auth-token] No token passed to createTokenAuth\");\n  }\n\n  if (typeof token !== \"string\") {\n    throw new Error(\"[@octokit/auth-token] Token passed to createTokenAuth is not a string\");\n  }\n\n  token = token.replace(/^(token|bearer) +/i, \"\");\n  return Object.assign(auth.bind(null, token), {\n    hook: hook.bind(null, token)\n  });\n};\n\nexports.createTokenAuth = createTokenAuth;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar universalUserAgent = require('universal-user-agent');\nvar beforeAfterHook = require('before-after-hook');\nvar request = require('@octokit/request');\nvar graphql = require('@octokit/graphql');\nvar authToken = require('@octokit/auth-token');\n\nfunction _objectWithoutPropertiesLoose(source, excluded) {\n  if (source == null) return {};\n  var target = {};\n  var sourceKeys = Object.keys(source);\n  var key, i;\n\n  for (i = 0; i < sourceKeys.length; i++) {\n    key = sourceKeys[i];\n    if (excluded.indexOf(key) >= 0) continue;\n    target[key] = source[key];\n  }\n\n  return target;\n}\n\nfunction _objectWithoutProperties(source, excluded) {\n  if (source == null) return {};\n\n  var target = _objectWithoutPropertiesLoose(source, excluded);\n\n  var key, i;\n\n  if (Object.getOwnPropertySymbols) {\n    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);\n\n    for (i = 0; i < sourceSymbolKeys.length; i++) {\n      key = sourceSymbolKeys[i];\n      if (excluded.indexOf(key) >= 0) continue;\n      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;\n      target[key] = source[key];\n    }\n  }\n\n  return target;\n}\n\nconst VERSION = \"3.6.0\";\n\nconst _excluded = [\"authStrategy\"];\nclass Octokit {\n  constructor(options = {}) {\n    const hook = new beforeAfterHook.Collection();\n    const requestDefaults = {\n      baseUrl: request.request.endpoint.DEFAULTS.baseUrl,\n      headers: {},\n      request: Object.assign({}, options.request, {\n        // @ts-ignore internal usage only, no need to type\n        hook: hook.bind(null, \"request\")\n      }),\n      mediaType: {\n        previews: [],\n        format: \"\"\n      }\n    }; // prepend default user agent with `options.userAgent` if set\n\n    requestDefaults.headers[\"user-agent\"] = [options.userAgent, `octokit-core.js/${VERSION} ${universalUserAgent.getUserAgent()}`].filter(Boolean).join(\" \");\n\n    if (options.baseUrl) {\n      requestDefaults.baseUrl = options.baseUrl;\n    }\n\n    if (options.previews) {\n      requestDefaults.mediaType.previews = options.previews;\n    }\n\n    if (options.timeZone) {\n      requestDefaults.headers[\"time-zone\"] = options.timeZone;\n    }\n\n    this.request = request.request.defaults(requestDefaults);\n    this.graphql = graphql.withCustomRequest(this.request).defaults(requestDefaults);\n    this.log = Object.assign({\n      debug: () => {},\n      info: () => {},\n      warn: console.warn.bind(console),\n      error: console.error.bind(console)\n    }, options.log);\n    this.hook = hook; // (1) If neither `options.authStrategy` nor `options.auth` are set, the `octokit` instance\n    //     is unauthenticated. The `this.auth()` method is a no-op and no request hook is registered.\n    // (2) If only `options.auth` is set, use the default token authentication strategy.\n    // (3) If `options.authStrategy` is set then use it and pass in `options.auth`. Always pass own request as many strategies accept a custom request instance.\n    // TODO: type `options.auth` based on `options.authStrategy`.\n\n    if (!options.authStrategy) {\n      if (!options.auth) {\n        // (1)\n        this.auth = async () => ({\n          type: \"unauthenticated\"\n        });\n      } else {\n        // (2)\n        const auth = authToken.createTokenAuth(options.auth); // @ts-ignore  ¯\\_(ツ)_/¯\n\n        hook.wrap(\"request\", auth.hook);\n        this.auth = auth;\n      }\n    } else {\n      const {\n        authStrategy\n      } = options,\n            otherOptions = _objectWithoutProperties(options, _excluded);\n\n      const auth = authStrategy(Object.assign({\n        request: this.request,\n        log: this.log,\n        // we pass the current octokit instance as well as its constructor options\n        // to allow for authentication strategies that return a new octokit instance\n        // that shares the same internal state as the current one. The original\n        // requirement for this was the \"event-octokit\" authentication strategy\n        // of https://github.com/probot/octokit-auth-probot.\n        octokit: this,\n        octokitOptions: otherOptions\n      }, options.auth)); // @ts-ignore  ¯\\_(ツ)_/¯\n\n      hook.wrap(\"request\", auth.hook);\n      this.auth = auth;\n    } // apply plugins\n    // https://stackoverflow.com/a/16345172\n\n\n    const classConstructor = this.constructor;\n    classConstructor.plugins.forEach(plugin => {\n      Object.assign(this, plugin(this, options));\n    });\n  }\n\n  static defaults(defaults) {\n    const OctokitWithDefaults = class extends this {\n      constructor(...args) {\n        const options = args[0] || {};\n\n        if (typeof defaults === \"function\") {\n          super(defaults(options));\n          return;\n        }\n\n        super(Object.assign({}, defaults, options, options.userAgent && defaults.userAgent ? {\n          userAgent: `${options.userAgent} ${defaults.userAgent}`\n        } : null));\n      }\n\n    };\n    return OctokitWithDefaults;\n  }\n  /**\n   * Attach a plugin (or many) to your Octokit instance.\n   *\n   * @example\n   * const API = Octokit.plugin(plugin1, plugin2, plugin3, ...)\n   */\n\n\n  static plugin(...newPlugins) {\n    var _a;\n\n    const currentPlugins = this.plugins;\n    const NewOctokit = (_a = class extends this {}, _a.plugins = currentPlugins.concat(newPlugins.filter(plugin => !currentPlugins.includes(plugin))), _a);\n    return NewOctokit;\n  }\n\n}\nOctokit.VERSION = VERSION;\nOctokit.plugins = [];\n\nexports.Octokit = Octokit;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar isPlainObject = require('is-plain-object');\nvar universalUserAgent = require('universal-user-agent');\n\nfunction lowercaseKeys(object) {\n  if (!object) {\n    return {};\n  }\n\n  return Object.keys(object).reduce((newObj, key) => {\n    newObj[key.toLowerCase()] = object[key];\n    return newObj;\n  }, {});\n}\n\nfunction mergeDeep(defaults, options) {\n  const result = Object.assign({}, defaults);\n  Object.keys(options).forEach(key => {\n    if (isPlainObject.isPlainObject(options[key])) {\n      if (!(key in defaults)) Object.assign(result, {\n        [key]: options[key]\n      });else result[key] = mergeDeep(defaults[key], options[key]);\n    } else {\n      Object.assign(result, {\n        [key]: options[key]\n      });\n    }\n  });\n  return result;\n}\n\nfunction removeUndefinedProperties(obj) {\n  for (const key in obj) {\n    if (obj[key] === undefined) {\n      delete obj[key];\n    }\n  }\n\n  return obj;\n}\n\nfunction merge(defaults, route, options) {\n  if (typeof route === \"string\") {\n    let [method, url] = route.split(\" \");\n    options = Object.assign(url ? {\n      method,\n      url\n    } : {\n      url: method\n    }, options);\n  } else {\n    options = Object.assign({}, route);\n  } // lowercase header names before merging with defaults to avoid duplicates\n\n\n  options.headers = lowercaseKeys(options.headers); // remove properties with undefined values before merging\n\n  removeUndefinedProperties(options);\n  removeUndefinedProperties(options.headers);\n  const mergedOptions = mergeDeep(defaults || {}, options); // mediaType.previews arrays are merged, instead of overwritten\n\n  if (defaults && defaults.mediaType.previews.length) {\n    mergedOptions.mediaType.previews = defaults.mediaType.previews.filter(preview => !mergedOptions.mediaType.previews.includes(preview)).concat(mergedOptions.mediaType.previews);\n  }\n\n  mergedOptions.mediaType.previews = mergedOptions.mediaType.previews.map(preview => preview.replace(/-preview/, \"\"));\n  return mergedOptions;\n}\n\nfunction addQueryParameters(url, parameters) {\n  const separator = /\\?/.test(url) ? \"&\" : \"?\";\n  const names = Object.keys(parameters);\n\n  if (names.length === 0) {\n    return url;\n  }\n\n  return url + separator + names.map(name => {\n    if (name === \"q\") {\n      return \"q=\" + parameters.q.split(\"+\").map(encodeURIComponent).join(\"+\");\n    }\n\n    return `${name}=${encodeURIComponent(parameters[name])}`;\n  }).join(\"&\");\n}\n\nconst urlVariableRegex = /\\{[^}]+\\}/g;\n\nfunction removeNonChars(variableName) {\n  return variableName.replace(/^\\W+|\\W+$/g, \"\").split(/,/);\n}\n\nfunction extractUrlVariableNames(url) {\n  const matches = url.match(urlVariableRegex);\n\n  if (!matches) {\n    return [];\n  }\n\n  return matches.map(removeNonChars).reduce((a, b) => a.concat(b), []);\n}\n\nfunction omit(object, keysToOmit) {\n  return Object.keys(object).filter(option => !keysToOmit.includes(option)).reduce((obj, key) => {\n    obj[key] = object[key];\n    return obj;\n  }, {});\n}\n\n// Based on https://github.com/bramstein/url-template, licensed under BSD\n// TODO: create separate package.\n//\n// Copyright (c) 2012-2014, Bram Stein\n// All rights reserved.\n// Redistribution and use in source and binary forms, with or without\n// modification, are permitted provided that the following conditions\n// are met:\n//  1. Redistributions of source code must retain the above copyright\n//     notice, this list of conditions and the following disclaimer.\n//  2. Redistributions in binary form must reproduce the above copyright\n//     notice, this list of conditions and the following disclaimer in the\n//     documentation and/or other materials provided with the distribution.\n//  3. The name of the author may not be used to endorse or promote products\n//     derived from this software without specific prior written permission.\n// THIS SOFTWARE IS PROVIDED BY THE AUTHOR \"AS IS\" AND ANY EXPRESS OR IMPLIED\n// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\n// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO\n// EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,\n// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\n// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY\n// OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\n// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\n// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n/* istanbul ignore file */\nfunction encodeReserved(str) {\n  return str.split(/(%[0-9A-Fa-f]{2})/g).map(function (part) {\n    if (!/%[0-9A-Fa-f]/.test(part)) {\n      part = encodeURI(part).replace(/%5B/g, \"[\").replace(/%5D/g, \"]\");\n    }\n\n    return part;\n  }).join(\"\");\n}\n\nfunction encodeUnreserved(str) {\n  return encodeURIComponent(str).replace(/[!'()*]/g, function (c) {\n    return \"%\" + c.charCodeAt(0).toString(16).toUpperCase();\n  });\n}\n\nfunction encodeValue(operator, value, key) {\n  value = operator === \"+\" || operator === \"#\" ? encodeReserved(value) : encodeUnreserved(value);\n\n  if (key) {\n    return encodeUnreserved(key) + \"=\" + value;\n  } else {\n    return value;\n  }\n}\n\nfunction isDefined(value) {\n  return value !== undefined && value !== null;\n}\n\nfunction isKeyOperator(operator) {\n  return operator === \";\" || operator === \"&\" || operator === \"?\";\n}\n\nfunction getValues(context, operator, key, modifier) {\n  var value = context[key],\n      result = [];\n\n  if (isDefined(value) && value !== \"\") {\n    if (typeof value === \"string\" || typeof value === \"number\" || typeof value === \"boolean\") {\n      value = value.toString();\n\n      if (modifier && modifier !== \"*\") {\n        value = value.substring(0, parseInt(modifier, 10));\n      }\n\n      result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : \"\"));\n    } else {\n      if (modifier === \"*\") {\n        if (Array.isArray(value)) {\n          value.filter(isDefined).forEach(function (value) {\n            result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : \"\"));\n          });\n        } else {\n          Object.keys(value).forEach(function (k) {\n            if (isDefined(value[k])) {\n              result.push(encodeValue(operator, value[k], k));\n            }\n          });\n        }\n      } else {\n        const tmp = [];\n\n        if (Array.isArray(value)) {\n          value.filter(isDefined).forEach(function (value) {\n            tmp.push(encodeValue(operator, value));\n          });\n        } else {\n          Object.keys(value).forEach(function (k) {\n            if (isDefined(value[k])) {\n              tmp.push(encodeUnreserved(k));\n              tmp.push(encodeValue(operator, value[k].toString()));\n            }\n          });\n        }\n\n        if (isKeyOperator(operator)) {\n          result.push(encodeUnreserved(key) + \"=\" + tmp.join(\",\"));\n        } else if (tmp.length !== 0) {\n          result.push(tmp.join(\",\"));\n        }\n      }\n    }\n  } else {\n    if (operator === \";\") {\n      if (isDefined(value)) {\n        result.push(encodeUnreserved(key));\n      }\n    } else if (value === \"\" && (operator === \"&\" || operator === \"?\")) {\n      result.push(encodeUnreserved(key) + \"=\");\n    } else if (value === \"\") {\n      result.push(\"\");\n    }\n  }\n\n  return result;\n}\n\nfunction parseUrl(template) {\n  return {\n    expand: expand.bind(null, template)\n  };\n}\n\nfunction expand(template, context) {\n  var operators = [\"+\", \"#\", \".\", \"/\", \";\", \"?\", \"&\"];\n  return template.replace(/\\{([^\\{\\}]+)\\}|([^\\{\\}]+)/g, function (_, expression, literal) {\n    if (expression) {\n      let operator = \"\";\n      const values = [];\n\n      if (operators.indexOf(expression.charAt(0)) !== -1) {\n        operator = expression.charAt(0);\n        expression = expression.substr(1);\n      }\n\n      expression.split(/,/g).forEach(function (variable) {\n        var tmp = /([^:\\*]*)(?::(\\d+)|(\\*))?/.exec(variable);\n        values.push(getValues(context, operator, tmp[1], tmp[2] || tmp[3]));\n      });\n\n      if (operator && operator !== \"+\") {\n        var separator = \",\";\n\n        if (operator === \"?\") {\n          separator = \"&\";\n        } else if (operator !== \"#\") {\n          separator = operator;\n        }\n\n        return (values.length !== 0 ? operator : \"\") + values.join(separator);\n      } else {\n        return values.join(\",\");\n      }\n    } else {\n      return encodeReserved(literal);\n    }\n  });\n}\n\nfunction parse(options) {\n  // https://fetch.spec.whatwg.org/#methods\n  let method = options.method.toUpperCase(); // replace :varname with {varname} to make it RFC 6570 compatible\n\n  let url = (options.url || \"/\").replace(/:([a-z]\\w+)/g, \"{$1}\");\n  let headers = Object.assign({}, options.headers);\n  let body;\n  let parameters = omit(options, [\"method\", \"baseUrl\", \"url\", \"headers\", \"request\", \"mediaType\"]); // extract variable names from URL to calculate remaining variables later\n\n  const urlVariableNames = extractUrlVariableNames(url);\n  url = parseUrl(url).expand(parameters);\n\n  if (!/^http/.test(url)) {\n    url = options.baseUrl + url;\n  }\n\n  const omittedParameters = Object.keys(options).filter(option => urlVariableNames.includes(option)).concat(\"baseUrl\");\n  const remainingParameters = omit(parameters, omittedParameters);\n  const isBinaryRequest = /application\\/octet-stream/i.test(headers.accept);\n\n  if (!isBinaryRequest) {\n    if (options.mediaType.format) {\n      // e.g. application/vnd.github.v3+json => application/vnd.github.v3.raw\n      headers.accept = headers.accept.split(/,/).map(preview => preview.replace(/application\\/vnd(\\.\\w+)(\\.v3)?(\\.\\w+)?(\\+json)?$/, `application/vnd$1$2.${options.mediaType.format}`)).join(\",\");\n    }\n\n    if (options.mediaType.previews.length) {\n      const previewsFromAcceptHeader = headers.accept.match(/[\\w-]+(?=-preview)/g) || [];\n      headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map(preview => {\n        const format = options.mediaType.format ? `.${options.mediaType.format}` : \"+json\";\n        return `application/vnd.github.${preview}-preview${format}`;\n      }).join(\",\");\n    }\n  } // for GET/HEAD requests, set URL query parameters from remaining parameters\n  // for PATCH/POST/PUT/DELETE requests, set request body from remaining parameters\n\n\n  if ([\"GET\", \"HEAD\"].includes(method)) {\n    url = addQueryParameters(url, remainingParameters);\n  } else {\n    if (\"data\" in remainingParameters) {\n      body = remainingParameters.data;\n    } else {\n      if (Object.keys(remainingParameters).length) {\n        body = remainingParameters;\n      } else {\n        headers[\"content-length\"] = 0;\n      }\n    }\n  } // default content-type for JSON if body is set\n\n\n  if (!headers[\"content-type\"] && typeof body !== \"undefined\") {\n    headers[\"content-type\"] = \"application/json; charset=utf-8\";\n  } // GitHub expects 'content-length: 0' header for PUT/PATCH requests without body.\n  // fetch does not allow to set `content-length` header, but we can set body to an empty string\n\n\n  if ([\"PATCH\", \"PUT\"].includes(method) && typeof body === \"undefined\") {\n    body = \"\";\n  } // Only return body/request keys if present\n\n\n  return Object.assign({\n    method,\n    url,\n    headers\n  }, typeof body !== \"undefined\" ? {\n    body\n  } : null, options.request ? {\n    request: options.request\n  } : null);\n}\n\nfunction endpointWithDefaults(defaults, route, options) {\n  return parse(merge(defaults, route, options));\n}\n\nfunction withDefaults(oldDefaults, newDefaults) {\n  const DEFAULTS = merge(oldDefaults, newDefaults);\n  const endpoint = endpointWithDefaults.bind(null, DEFAULTS);\n  return Object.assign(endpoint, {\n    DEFAULTS,\n    defaults: withDefaults.bind(null, DEFAULTS),\n    merge: merge.bind(null, DEFAULTS),\n    parse\n  });\n}\n\nconst VERSION = \"6.0.12\";\n\nconst userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`; // DEFAULTS has all properties set that EndpointOptions has, except url.\n// So we use RequestParameters and add method as additional required property.\n\nconst DEFAULTS = {\n  method: \"GET\",\n  baseUrl: \"https://api.github.com\",\n  headers: {\n    accept: \"application/vnd.github.v3+json\",\n    \"user-agent\": userAgent\n  },\n  mediaType: {\n    format: \"\",\n    previews: []\n  }\n};\n\nconst endpoint = withDefaults(null, DEFAULTS);\n\nexports.endpoint = endpoint;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar request = require('@octokit/request');\nvar universalUserAgent = require('universal-user-agent');\n\nconst VERSION = \"4.8.0\";\n\nfunction _buildMessageForResponseErrors(data) {\n  return `Request failed due to following response errors:\\n` + data.errors.map(e => ` - ${e.message}`).join(\"\\n\");\n}\n\nclass GraphqlResponseError extends Error {\n  constructor(request, headers, response) {\n    super(_buildMessageForResponseErrors(response));\n    this.request = request;\n    this.headers = headers;\n    this.response = response;\n    this.name = \"GraphqlResponseError\"; // Expose the errors and response data in their shorthand properties.\n\n    this.errors = response.errors;\n    this.data = response.data; // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n  }\n\n}\n\nconst NON_VARIABLE_OPTIONS = [\"method\", \"baseUrl\", \"url\", \"headers\", \"request\", \"query\", \"mediaType\"];\nconst FORBIDDEN_VARIABLE_OPTIONS = [\"query\", \"method\", \"url\"];\nconst GHES_V3_SUFFIX_REGEX = /\\/api\\/v3\\/?$/;\nfunction graphql(request, query, options) {\n  if (options) {\n    if (typeof query === \"string\" && \"query\" in options) {\n      return Promise.reject(new Error(`[@octokit/graphql] \"query\" cannot be used as variable name`));\n    }\n\n    for (const key in options) {\n      if (!FORBIDDEN_VARIABLE_OPTIONS.includes(key)) continue;\n      return Promise.reject(new Error(`[@octokit/graphql] \"${key}\" cannot be used as variable name`));\n    }\n  }\n\n  const parsedOptions = typeof query === \"string\" ? Object.assign({\n    query\n  }, options) : query;\n  const requestOptions = Object.keys(parsedOptions).reduce((result, key) => {\n    if (NON_VARIABLE_OPTIONS.includes(key)) {\n      result[key] = parsedOptions[key];\n      return result;\n    }\n\n    if (!result.variables) {\n      result.variables = {};\n    }\n\n    result.variables[key] = parsedOptions[key];\n    return result;\n  }, {}); // workaround for GitHub Enterprise baseUrl set with /api/v3 suffix\n  // https://github.com/octokit/auth-app.js/issues/111#issuecomment-657610451\n\n  const baseUrl = parsedOptions.baseUrl || request.endpoint.DEFAULTS.baseUrl;\n\n  if (GHES_V3_SUFFIX_REGEX.test(baseUrl)) {\n    requestOptions.url = baseUrl.replace(GHES_V3_SUFFIX_REGEX, \"/api/graphql\");\n  }\n\n  return request(requestOptions).then(response => {\n    if (response.data.errors) {\n      const headers = {};\n\n      for (const key of Object.keys(response.headers)) {\n        headers[key] = response.headers[key];\n      }\n\n      throw new GraphqlResponseError(requestOptions, headers, response.data);\n    }\n\n    return response.data.data;\n  });\n}\n\nfunction withDefaults(request$1, newDefaults) {\n  const newRequest = request$1.defaults(newDefaults);\n\n  const newApi = (query, options) => {\n    return graphql(newRequest, query, options);\n  };\n\n  return Object.assign(newApi, {\n    defaults: withDefaults.bind(null, newRequest),\n    endpoint: request.request.endpoint\n  });\n}\n\nconst graphql$1 = withDefaults(request.request, {\n  headers: {\n    \"user-agent\": `octokit-graphql.js/${VERSION} ${universalUserAgent.getUserAgent()}`\n  },\n  method: \"POST\",\n  url: \"/graphql\"\n});\nfunction withCustomRequest(customRequest) {\n  return withDefaults(customRequest, {\n    method: \"POST\",\n    url: \"/graphql\"\n  });\n}\n\nexports.GraphqlResponseError = GraphqlResponseError;\nexports.graphql = graphql$1;\nexports.withCustomRequest = withCustomRequest;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nconst VERSION = \"2.21.3\";\n\nfunction ownKeys(object, enumerableOnly) {\n  var keys = Object.keys(object);\n\n  if (Object.getOwnPropertySymbols) {\n    var symbols = Object.getOwnPropertySymbols(object);\n    enumerableOnly && (symbols = symbols.filter(function (sym) {\n      return Object.getOwnPropertyDescriptor(object, sym).enumerable;\n    })), keys.push.apply(keys, symbols);\n  }\n\n  return keys;\n}\n\nfunction _objectSpread2(target) {\n  for (var i = 1; i < arguments.length; i++) {\n    var source = null != arguments[i] ? arguments[i] : {};\n    i % 2 ? ownKeys(Object(source), !0).forEach(function (key) {\n      _defineProperty(target, key, source[key]);\n    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) {\n      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));\n    });\n  }\n\n  return target;\n}\n\nfunction _defineProperty(obj, key, value) {\n  if (key in obj) {\n    Object.defineProperty(obj, key, {\n      value: value,\n      enumerable: true,\n      configurable: true,\n      writable: true\n    });\n  } else {\n    obj[key] = value;\n  }\n\n  return obj;\n}\n\n/**\n * Some “list” response that can be paginated have a different response structure\n *\n * They have a `total_count` key in the response (search also has `incomplete_results`,\n * /installation/repositories also has `repository_selection`), as well as a key with\n * the list of the items which name varies from endpoint to endpoint.\n *\n * Octokit normalizes these responses so that paginated results are always returned following\n * the same structure. One challenge is that if the list response has only one page, no Link\n * header is provided, so this header alone is not sufficient to check wether a response is\n * paginated or not.\n *\n * We check if a \"total_count\" key is present in the response data, but also make sure that\n * a \"url\" property is not, as the \"Get the combined status for a specific ref\" endpoint would\n * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref\n */\nfunction normalizePaginatedListResponse(response) {\n  // endpoints can respond with 204 if repository is empty\n  if (!response.data) {\n    return _objectSpread2(_objectSpread2({}, response), {}, {\n      data: []\n    });\n  }\n\n  const responseNeedsNormalization = \"total_count\" in response.data && !(\"url\" in response.data);\n  if (!responseNeedsNormalization) return response; // keep the additional properties intact as there is currently no other way\n  // to retrieve the same information.\n\n  const incompleteResults = response.data.incomplete_results;\n  const repositorySelection = response.data.repository_selection;\n  const totalCount = response.data.total_count;\n  delete response.data.incomplete_results;\n  delete response.data.repository_selection;\n  delete response.data.total_count;\n  const namespaceKey = Object.keys(response.data)[0];\n  const data = response.data[namespaceKey];\n  response.data = data;\n\n  if (typeof incompleteResults !== \"undefined\") {\n    response.data.incomplete_results = incompleteResults;\n  }\n\n  if (typeof repositorySelection !== \"undefined\") {\n    response.data.repository_selection = repositorySelection;\n  }\n\n  response.data.total_count = totalCount;\n  return response;\n}\n\nfunction iterator(octokit, route, parameters) {\n  const options = typeof route === \"function\" ? route.endpoint(parameters) : octokit.request.endpoint(route, parameters);\n  const requestMethod = typeof route === \"function\" ? route : octokit.request;\n  const method = options.method;\n  const headers = options.headers;\n  let url = options.url;\n  return {\n    [Symbol.asyncIterator]: () => ({\n      async next() {\n        if (!url) return {\n          done: true\n        };\n\n        try {\n          const response = await requestMethod({\n            method,\n            url,\n            headers\n          });\n          const normalizedResponse = normalizePaginatedListResponse(response); // `response.headers.link` format:\n          // '<https://api.github.com/users/aseemk/followers?page=2>; rel=\"next\", <https://api.github.com/users/aseemk/followers?page=2>; rel=\"last\"'\n          // sets `url` to undefined if \"next\" URL is not present or `link` header is not set\n\n          url = ((normalizedResponse.headers.link || \"\").match(/<([^>]+)>;\\s*rel=\"next\"/) || [])[1];\n          return {\n            value: normalizedResponse\n          };\n        } catch (error) {\n          if (error.status !== 409) throw error;\n          url = \"\";\n          return {\n            value: {\n              status: 200,\n              headers: {},\n              data: []\n            }\n          };\n        }\n      }\n\n    })\n  };\n}\n\nfunction paginate(octokit, route, parameters, mapFn) {\n  if (typeof parameters === \"function\") {\n    mapFn = parameters;\n    parameters = undefined;\n  }\n\n  return gather(octokit, [], iterator(octokit, route, parameters)[Symbol.asyncIterator](), mapFn);\n}\n\nfunction gather(octokit, results, iterator, mapFn) {\n  return iterator.next().then(result => {\n    if (result.done) {\n      return results;\n    }\n\n    let earlyExit = false;\n\n    function done() {\n      earlyExit = true;\n    }\n\n    results = results.concat(mapFn ? mapFn(result.value, done) : result.value.data);\n\n    if (earlyExit) {\n      return results;\n    }\n\n    return gather(octokit, results, iterator, mapFn);\n  });\n}\n\nconst composePaginateRest = Object.assign(paginate, {\n  iterator\n});\n\nconst paginatingEndpoints = [\"GET /app/hook/deliveries\", \"GET /app/installations\", \"GET /applications/grants\", \"GET /authorizations\", \"GET /enterprises/{enterprise}/actions/permissions/organizations\", \"GET /enterprises/{enterprise}/actions/runner-groups\", \"GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations\", \"GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners\", \"GET /enterprises/{enterprise}/actions/runners\", \"GET /enterprises/{enterprise}/audit-log\", \"GET /enterprises/{enterprise}/secret-scanning/alerts\", \"GET /enterprises/{enterprise}/settings/billing/advanced-security\", \"GET /events\", \"GET /gists\", \"GET /gists/public\", \"GET /gists/starred\", \"GET /gists/{gist_id}/comments\", \"GET /gists/{gist_id}/commits\", \"GET /gists/{gist_id}/forks\", \"GET /installation/repositories\", \"GET /issues\", \"GET /licenses\", \"GET /marketplace_listing/plans\", \"GET /marketplace_listing/plans/{plan_id}/accounts\", \"GET /marketplace_listing/stubbed/plans\", \"GET /marketplace_listing/stubbed/plans/{plan_id}/accounts\", \"GET /networks/{owner}/{repo}/events\", \"GET /notifications\", \"GET /organizations\", \"GET /orgs/{org}/actions/cache/usage-by-repository\", \"GET /orgs/{org}/actions/permissions/repositories\", \"GET /orgs/{org}/actions/runner-groups\", \"GET /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories\", \"GET /orgs/{org}/actions/runner-groups/{runner_group_id}/runners\", \"GET /orgs/{org}/actions/runners\", \"GET /orgs/{org}/actions/secrets\", \"GET /orgs/{org}/actions/secrets/{secret_name}/repositories\", \"GET /orgs/{org}/audit-log\", \"GET /orgs/{org}/blocks\", \"GET /orgs/{org}/code-scanning/alerts\", \"GET /orgs/{org}/codespaces\", \"GET /orgs/{org}/credential-authorizations\", \"GET /orgs/{org}/dependabot/secrets\", \"GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories\", \"GET /orgs/{org}/events\", \"GET /orgs/{org}/external-groups\", \"GET /orgs/{org}/failed_invitations\", \"GET /orgs/{org}/hooks\", \"GET /orgs/{org}/hooks/{hook_id}/deliveries\", \"GET /orgs/{org}/installations\", \"GET /orgs/{org}/invitations\", \"GET /orgs/{org}/invitations/{invitation_id}/teams\", \"GET /orgs/{org}/issues\", \"GET /orgs/{org}/members\", \"GET /orgs/{org}/migrations\", \"GET /orgs/{org}/migrations/{migration_id}/repositories\", \"GET /orgs/{org}/outside_collaborators\", \"GET /orgs/{org}/packages\", \"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\", \"GET /orgs/{org}/projects\", \"GET /orgs/{org}/public_members\", \"GET /orgs/{org}/repos\", \"GET /orgs/{org}/secret-scanning/alerts\", \"GET /orgs/{org}/settings/billing/advanced-security\", \"GET /orgs/{org}/team-sync/groups\", \"GET /orgs/{org}/teams\", \"GET /orgs/{org}/teams/{team_slug}/discussions\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\", \"GET /orgs/{org}/teams/{team_slug}/invitations\", \"GET /orgs/{org}/teams/{team_slug}/members\", \"GET /orgs/{org}/teams/{team_slug}/projects\", \"GET /orgs/{org}/teams/{team_slug}/repos\", \"GET /orgs/{org}/teams/{team_slug}/teams\", \"GET /projects/columns/{column_id}/cards\", \"GET /projects/{project_id}/collaborators\", \"GET /projects/{project_id}/columns\", \"GET /repos/{owner}/{repo}/actions/artifacts\", \"GET /repos/{owner}/{repo}/actions/caches\", \"GET /repos/{owner}/{repo}/actions/runners\", \"GET /repos/{owner}/{repo}/actions/runs\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs\", \"GET /repos/{owner}/{repo}/actions/secrets\", \"GET /repos/{owner}/{repo}/actions/workflows\", \"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs\", \"GET /repos/{owner}/{repo}/assignees\", \"GET /repos/{owner}/{repo}/branches\", \"GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations\", \"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs\", \"GET /repos/{owner}/{repo}/code-scanning/alerts\", \"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\", \"GET /repos/{owner}/{repo}/code-scanning/analyses\", \"GET /repos/{owner}/{repo}/codespaces\", \"GET /repos/{owner}/{repo}/codespaces/devcontainers\", \"GET /repos/{owner}/{repo}/codespaces/secrets\", \"GET /repos/{owner}/{repo}/collaborators\", \"GET /repos/{owner}/{repo}/comments\", \"GET /repos/{owner}/{repo}/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/commits\", \"GET /repos/{owner}/{repo}/commits/{commit_sha}/comments\", \"GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls\", \"GET /repos/{owner}/{repo}/commits/{ref}/check-runs\", \"GET /repos/{owner}/{repo}/commits/{ref}/check-suites\", \"GET /repos/{owner}/{repo}/commits/{ref}/status\", \"GET /repos/{owner}/{repo}/commits/{ref}/statuses\", \"GET /repos/{owner}/{repo}/contributors\", \"GET /repos/{owner}/{repo}/dependabot/secrets\", \"GET /repos/{owner}/{repo}/deployments\", \"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\", \"GET /repos/{owner}/{repo}/environments\", \"GET /repos/{owner}/{repo}/events\", \"GET /repos/{owner}/{repo}/forks\", \"GET /repos/{owner}/{repo}/git/matching-refs/{ref}\", \"GET /repos/{owner}/{repo}/hooks\", \"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries\", \"GET /repos/{owner}/{repo}/invitations\", \"GET /repos/{owner}/{repo}/issues\", \"GET /repos/{owner}/{repo}/issues/comments\", \"GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/issues/events\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/comments\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/events\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/labels\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/reactions\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/timeline\", \"GET /repos/{owner}/{repo}/keys\", \"GET /repos/{owner}/{repo}/labels\", \"GET /repos/{owner}/{repo}/milestones\", \"GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels\", \"GET /repos/{owner}/{repo}/notifications\", \"GET /repos/{owner}/{repo}/pages/builds\", \"GET /repos/{owner}/{repo}/projects\", \"GET /repos/{owner}/{repo}/pulls\", \"GET /repos/{owner}/{repo}/pulls/comments\", \"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/comments\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/commits\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments\", \"GET /repos/{owner}/{repo}/releases\", \"GET /repos/{owner}/{repo}/releases/{release_id}/assets\", \"GET /repos/{owner}/{repo}/releases/{release_id}/reactions\", \"GET /repos/{owner}/{repo}/secret-scanning/alerts\", \"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations\", \"GET /repos/{owner}/{repo}/stargazers\", \"GET /repos/{owner}/{repo}/subscribers\", \"GET /repos/{owner}/{repo}/tags\", \"GET /repos/{owner}/{repo}/teams\", \"GET /repos/{owner}/{repo}/topics\", \"GET /repositories\", \"GET /repositories/{repository_id}/environments/{environment_name}/secrets\", \"GET /search/code\", \"GET /search/commits\", \"GET /search/issues\", \"GET /search/labels\", \"GET /search/repositories\", \"GET /search/topics\", \"GET /search/users\", \"GET /teams/{team_id}/discussions\", \"GET /teams/{team_id}/discussions/{discussion_number}/comments\", \"GET /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions\", \"GET /teams/{team_id}/discussions/{discussion_number}/reactions\", \"GET /teams/{team_id}/invitations\", \"GET /teams/{team_id}/members\", \"GET /teams/{team_id}/projects\", \"GET /teams/{team_id}/repos\", \"GET /teams/{team_id}/teams\", \"GET /user/blocks\", \"GET /user/codespaces\", \"GET /user/codespaces/secrets\", \"GET /user/emails\", \"GET /user/followers\", \"GET /user/following\", \"GET /user/gpg_keys\", \"GET /user/installations\", \"GET /user/installations/{installation_id}/repositories\", \"GET /user/issues\", \"GET /user/keys\", \"GET /user/marketplace_purchases\", \"GET /user/marketplace_purchases/stubbed\", \"GET /user/memberships/orgs\", \"GET /user/migrations\", \"GET /user/migrations/{migration_id}/repositories\", \"GET /user/orgs\", \"GET /user/packages\", \"GET /user/packages/{package_type}/{package_name}/versions\", \"GET /user/public_emails\", \"GET /user/repos\", \"GET /user/repository_invitations\", \"GET /user/starred\", \"GET /user/subscriptions\", \"GET /user/teams\", \"GET /users\", \"GET /users/{username}/events\", \"GET /users/{username}/events/orgs/{org}\", \"GET /users/{username}/events/public\", \"GET /users/{username}/followers\", \"GET /users/{username}/following\", \"GET /users/{username}/gists\", \"GET /users/{username}/gpg_keys\", \"GET /users/{username}/keys\", \"GET /users/{username}/orgs\", \"GET /users/{username}/packages\", \"GET /users/{username}/projects\", \"GET /users/{username}/received_events\", \"GET /users/{username}/received_events/public\", \"GET /users/{username}/repos\", \"GET /users/{username}/starred\", \"GET /users/{username}/subscriptions\"];\n\nfunction isPaginatingEndpoint(arg) {\n  if (typeof arg === \"string\") {\n    return paginatingEndpoints.includes(arg);\n  } else {\n    return false;\n  }\n}\n\n/**\n * @param octokit Octokit instance\n * @param options Options passed to Octokit constructor\n */\n\nfunction paginateRest(octokit) {\n  return {\n    paginate: Object.assign(paginate.bind(null, octokit), {\n      iterator: iterator.bind(null, octokit)\n    })\n  };\n}\npaginateRest.VERSION = VERSION;\n\nexports.composePaginateRest = composePaginateRest;\nexports.isPaginatingEndpoint = isPaginatingEndpoint;\nexports.paginateRest = paginateRest;\nexports.paginatingEndpoints = paginatingEndpoints;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction ownKeys(object, enumerableOnly) {\n  var keys = Object.keys(object);\n\n  if (Object.getOwnPropertySymbols) {\n    var symbols = Object.getOwnPropertySymbols(object);\n\n    if (enumerableOnly) {\n      symbols = symbols.filter(function (sym) {\n        return Object.getOwnPropertyDescriptor(object, sym).enumerable;\n      });\n    }\n\n    keys.push.apply(keys, symbols);\n  }\n\n  return keys;\n}\n\nfunction _objectSpread2(target) {\n  for (var i = 1; i < arguments.length; i++) {\n    var source = arguments[i] != null ? arguments[i] : {};\n\n    if (i % 2) {\n      ownKeys(Object(source), true).forEach(function (key) {\n        _defineProperty(target, key, source[key]);\n      });\n    } else if (Object.getOwnPropertyDescriptors) {\n      Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));\n    } else {\n      ownKeys(Object(source)).forEach(function (key) {\n        Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));\n      });\n    }\n  }\n\n  return target;\n}\n\nfunction _defineProperty(obj, key, value) {\n  if (key in obj) {\n    Object.defineProperty(obj, key, {\n      value: value,\n      enumerable: true,\n      configurable: true,\n      writable: true\n    });\n  } else {\n    obj[key] = value;\n  }\n\n  return obj;\n}\n\nconst Endpoints = {\n  actions: {\n    addCustomLabelsToSelfHostedRunnerForOrg: [\"POST /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    addCustomLabelsToSelfHostedRunnerForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    addSelectedRepoToOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}\"],\n    approveWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve\"],\n    cancelWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel\"],\n    createOrUpdateEnvironmentSecret: [\"PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    createOrUpdateOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    createRegistrationTokenForOrg: [\"POST /orgs/{org}/actions/runners/registration-token\"],\n    createRegistrationTokenForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/registration-token\"],\n    createRemoveTokenForOrg: [\"POST /orgs/{org}/actions/runners/remove-token\"],\n    createRemoveTokenForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/remove-token\"],\n    createWorkflowDispatch: [\"POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches\"],\n    deleteActionsCacheById: [\"DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}\"],\n    deleteActionsCacheByKey: [\"DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}\"],\n    deleteArtifact: [\"DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}\"],\n    deleteEnvironmentSecret: [\"DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    deleteOrgSecret: [\"DELETE /orgs/{org}/actions/secrets/{secret_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    deleteSelfHostedRunnerFromOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}\"],\n    deleteSelfHostedRunnerFromRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}\"],\n    deleteWorkflowRun: [\"DELETE /repos/{owner}/{repo}/actions/runs/{run_id}\"],\n    deleteWorkflowRunLogs: [\"DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs\"],\n    disableSelectedRepositoryGithubActionsOrganization: [\"DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}\"],\n    disableWorkflow: [\"PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable\"],\n    downloadArtifact: [\"GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}\"],\n    downloadJobLogsForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs\"],\n    downloadWorkflowRunAttemptLogs: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs\"],\n    downloadWorkflowRunLogs: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs\"],\n    enableSelectedRepositoryGithubActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/repositories/{repository_id}\"],\n    enableWorkflow: [\"PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable\"],\n    getActionsCacheList: [\"GET /repos/{owner}/{repo}/actions/caches\"],\n    getActionsCacheUsage: [\"GET /repos/{owner}/{repo}/actions/cache/usage\"],\n    getActionsCacheUsageByRepoForOrg: [\"GET /orgs/{org}/actions/cache/usage-by-repository\"],\n    getActionsCacheUsageForEnterprise: [\"GET /enterprises/{enterprise}/actions/cache/usage\"],\n    getActionsCacheUsageForOrg: [\"GET /orgs/{org}/actions/cache/usage\"],\n    getAllowedActionsOrganization: [\"GET /orgs/{org}/actions/permissions/selected-actions\"],\n    getAllowedActionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/selected-actions\"],\n    getArtifact: [\"GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}\"],\n    getEnvironmentPublicKey: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key\"],\n    getEnvironmentSecret: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    getGithubActionsDefaultWorkflowPermissionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/workflow\"],\n    getGithubActionsDefaultWorkflowPermissionsOrganization: [\"GET /orgs/{org}/actions/permissions/workflow\"],\n    getGithubActionsDefaultWorkflowPermissionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/workflow\"],\n    getGithubActionsPermissionsOrganization: [\"GET /orgs/{org}/actions/permissions\"],\n    getGithubActionsPermissionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions\"],\n    getJobForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/jobs/{job_id}\"],\n    getOrgPublicKey: [\"GET /orgs/{org}/actions/secrets/public-key\"],\n    getOrgSecret: [\"GET /orgs/{org}/actions/secrets/{secret_name}\"],\n    getPendingDeploymentsForRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments\"],\n    getRepoPermissions: [\"GET /repos/{owner}/{repo}/actions/permissions\", {}, {\n      renamed: [\"actions\", \"getGithubActionsPermissionsRepository\"]\n    }],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/actions/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    getReviewsForRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals\"],\n    getSelfHostedRunnerForOrg: [\"GET /orgs/{org}/actions/runners/{runner_id}\"],\n    getSelfHostedRunnerForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/{runner_id}\"],\n    getWorkflow: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}\"],\n    getWorkflowAccessToRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/access\"],\n    getWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}\"],\n    getWorkflowRunAttempt: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}\"],\n    getWorkflowRunUsage: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing\"],\n    getWorkflowUsage: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing\"],\n    listArtifactsForRepo: [\"GET /repos/{owner}/{repo}/actions/artifacts\"],\n    listEnvironmentSecrets: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets\"],\n    listJobsForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs\"],\n    listJobsForWorkflowRunAttempt: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs\"],\n    listLabelsForSelfHostedRunnerForOrg: [\"GET /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    listLabelsForSelfHostedRunnerForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    listOrgSecrets: [\"GET /orgs/{org}/actions/secrets\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/actions/secrets\"],\n    listRepoWorkflows: [\"GET /repos/{owner}/{repo}/actions/workflows\"],\n    listRunnerApplicationsForOrg: [\"GET /orgs/{org}/actions/runners/downloads\"],\n    listRunnerApplicationsForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/downloads\"],\n    listSelectedReposForOrgSecret: [\"GET /orgs/{org}/actions/secrets/{secret_name}/repositories\"],\n    listSelectedRepositoriesEnabledGithubActionsOrganization: [\"GET /orgs/{org}/actions/permissions/repositories\"],\n    listSelfHostedRunnersForOrg: [\"GET /orgs/{org}/actions/runners\"],\n    listSelfHostedRunnersForRepo: [\"GET /repos/{owner}/{repo}/actions/runners\"],\n    listWorkflowRunArtifacts: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts\"],\n    listWorkflowRuns: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs\"],\n    listWorkflowRunsForRepo: [\"GET /repos/{owner}/{repo}/actions/runs\"],\n    reRunJobForWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun\"],\n    reRunWorkflow: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun\"],\n    reRunWorkflowFailedJobs: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    removeCustomLabelFromSelfHostedRunnerForOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}/labels/{name}\"],\n    removeCustomLabelFromSelfHostedRunnerForRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}\"],\n    removeSelectedRepoFromOrgSecret: [\"DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}\"],\n    reviewPendingDeploymentsForRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments\"],\n    setAllowedActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/selected-actions\"],\n    setAllowedActionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/selected-actions\"],\n    setCustomLabelsForSelfHostedRunnerForOrg: [\"PUT /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    setCustomLabelsForSelfHostedRunnerForRepo: [\"PUT /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    setGithubActionsDefaultWorkflowPermissionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/workflow\"],\n    setGithubActionsDefaultWorkflowPermissionsOrganization: [\"PUT /orgs/{org}/actions/permissions/workflow\"],\n    setGithubActionsDefaultWorkflowPermissionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/workflow\"],\n    setGithubActionsPermissionsOrganization: [\"PUT /orgs/{org}/actions/permissions\"],\n    setGithubActionsPermissionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions\"],\n    setSelectedReposForOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}/repositories\"],\n    setSelectedRepositoriesEnabledGithubActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/repositories\"],\n    setWorkflowAccessToRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/access\"]\n  },\n  activity: {\n    checkRepoIsStarredByAuthenticatedUser: [\"GET /user/starred/{owner}/{repo}\"],\n    deleteRepoSubscription: [\"DELETE /repos/{owner}/{repo}/subscription\"],\n    deleteThreadSubscription: [\"DELETE /notifications/threads/{thread_id}/subscription\"],\n    getFeeds: [\"GET /feeds\"],\n    getRepoSubscription: [\"GET /repos/{owner}/{repo}/subscription\"],\n    getThread: [\"GET /notifications/threads/{thread_id}\"],\n    getThreadSubscriptionForAuthenticatedUser: [\"GET /notifications/threads/{thread_id}/subscription\"],\n    listEventsForAuthenticatedUser: [\"GET /users/{username}/events\"],\n    listNotificationsForAuthenticatedUser: [\"GET /notifications\"],\n    listOrgEventsForAuthenticatedUser: [\"GET /users/{username}/events/orgs/{org}\"],\n    listPublicEvents: [\"GET /events\"],\n    listPublicEventsForRepoNetwork: [\"GET /networks/{owner}/{repo}/events\"],\n    listPublicEventsForUser: [\"GET /users/{username}/events/public\"],\n    listPublicOrgEvents: [\"GET /orgs/{org}/events\"],\n    listReceivedEventsForUser: [\"GET /users/{username}/received_events\"],\n    listReceivedPublicEventsForUser: [\"GET /users/{username}/received_events/public\"],\n    listRepoEvents: [\"GET /repos/{owner}/{repo}/events\"],\n    listRepoNotificationsForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/notifications\"],\n    listReposStarredByAuthenticatedUser: [\"GET /user/starred\"],\n    listReposStarredByUser: [\"GET /users/{username}/starred\"],\n    listReposWatchedByUser: [\"GET /users/{username}/subscriptions\"],\n    listStargazersForRepo: [\"GET /repos/{owner}/{repo}/stargazers\"],\n    listWatchedReposForAuthenticatedUser: [\"GET /user/subscriptions\"],\n    listWatchersForRepo: [\"GET /repos/{owner}/{repo}/subscribers\"],\n    markNotificationsAsRead: [\"PUT /notifications\"],\n    markRepoNotificationsAsRead: [\"PUT /repos/{owner}/{repo}/notifications\"],\n    markThreadAsRead: [\"PATCH /notifications/threads/{thread_id}\"],\n    setRepoSubscription: [\"PUT /repos/{owner}/{repo}/subscription\"],\n    setThreadSubscription: [\"PUT /notifications/threads/{thread_id}/subscription\"],\n    starRepoForAuthenticatedUser: [\"PUT /user/starred/{owner}/{repo}\"],\n    unstarRepoForAuthenticatedUser: [\"DELETE /user/starred/{owner}/{repo}\"]\n  },\n  apps: {\n    addRepoToInstallation: [\"PUT /user/installations/{installation_id}/repositories/{repository_id}\", {}, {\n      renamed: [\"apps\", \"addRepoToInstallationForAuthenticatedUser\"]\n    }],\n    addRepoToInstallationForAuthenticatedUser: [\"PUT /user/installations/{installation_id}/repositories/{repository_id}\"],\n    checkToken: [\"POST /applications/{client_id}/token\"],\n    createFromManifest: [\"POST /app-manifests/{code}/conversions\"],\n    createInstallationAccessToken: [\"POST /app/installations/{installation_id}/access_tokens\"],\n    deleteAuthorization: [\"DELETE /applications/{client_id}/grant\"],\n    deleteInstallation: [\"DELETE /app/installations/{installation_id}\"],\n    deleteToken: [\"DELETE /applications/{client_id}/token\"],\n    getAuthenticated: [\"GET /app\"],\n    getBySlug: [\"GET /apps/{app_slug}\"],\n    getInstallation: [\"GET /app/installations/{installation_id}\"],\n    getOrgInstallation: [\"GET /orgs/{org}/installation\"],\n    getRepoInstallation: [\"GET /repos/{owner}/{repo}/installation\"],\n    getSubscriptionPlanForAccount: [\"GET /marketplace_listing/accounts/{account_id}\"],\n    getSubscriptionPlanForAccountStubbed: [\"GET /marketplace_listing/stubbed/accounts/{account_id}\"],\n    getUserInstallation: [\"GET /users/{username}/installation\"],\n    getWebhookConfigForApp: [\"GET /app/hook/config\"],\n    getWebhookDelivery: [\"GET /app/hook/deliveries/{delivery_id}\"],\n    listAccountsForPlan: [\"GET /marketplace_listing/plans/{plan_id}/accounts\"],\n    listAccountsForPlanStubbed: [\"GET /marketplace_listing/stubbed/plans/{plan_id}/accounts\"],\n    listInstallationReposForAuthenticatedUser: [\"GET /user/installations/{installation_id}/repositories\"],\n    listInstallations: [\"GET /app/installations\"],\n    listInstallationsForAuthenticatedUser: [\"GET /user/installations\"],\n    listPlans: [\"GET /marketplace_listing/plans\"],\n    listPlansStubbed: [\"GET /marketplace_listing/stubbed/plans\"],\n    listReposAccessibleToInstallation: [\"GET /installation/repositories\"],\n    listSubscriptionsForAuthenticatedUser: [\"GET /user/marketplace_purchases\"],\n    listSubscriptionsForAuthenticatedUserStubbed: [\"GET /user/marketplace_purchases/stubbed\"],\n    listWebhookDeliveries: [\"GET /app/hook/deliveries\"],\n    redeliverWebhookDelivery: [\"POST /app/hook/deliveries/{delivery_id}/attempts\"],\n    removeRepoFromInstallation: [\"DELETE /user/installations/{installation_id}/repositories/{repository_id}\", {}, {\n      renamed: [\"apps\", \"removeRepoFromInstallationForAuthenticatedUser\"]\n    }],\n    removeRepoFromInstallationForAuthenticatedUser: [\"DELETE /user/installations/{installation_id}/repositories/{repository_id}\"],\n    resetToken: [\"PATCH /applications/{client_id}/token\"],\n    revokeInstallationAccessToken: [\"DELETE /installation/token\"],\n    scopeToken: [\"POST /applications/{client_id}/token/scoped\"],\n    suspendInstallation: [\"PUT /app/installations/{installation_id}/suspended\"],\n    unsuspendInstallation: [\"DELETE /app/installations/{installation_id}/suspended\"],\n    updateWebhookConfigForApp: [\"PATCH /app/hook/config\"]\n  },\n  billing: {\n    getGithubActionsBillingOrg: [\"GET /orgs/{org}/settings/billing/actions\"],\n    getGithubActionsBillingUser: [\"GET /users/{username}/settings/billing/actions\"],\n    getGithubAdvancedSecurityBillingGhe: [\"GET /enterprises/{enterprise}/settings/billing/advanced-security\"],\n    getGithubAdvancedSecurityBillingOrg: [\"GET /orgs/{org}/settings/billing/advanced-security\"],\n    getGithubPackagesBillingOrg: [\"GET /orgs/{org}/settings/billing/packages\"],\n    getGithubPackagesBillingUser: [\"GET /users/{username}/settings/billing/packages\"],\n    getSharedStorageBillingOrg: [\"GET /orgs/{org}/settings/billing/shared-storage\"],\n    getSharedStorageBillingUser: [\"GET /users/{username}/settings/billing/shared-storage\"]\n  },\n  checks: {\n    create: [\"POST /repos/{owner}/{repo}/check-runs\"],\n    createSuite: [\"POST /repos/{owner}/{repo}/check-suites\"],\n    get: [\"GET /repos/{owner}/{repo}/check-runs/{check_run_id}\"],\n    getSuite: [\"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}\"],\n    listAnnotations: [\"GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations\"],\n    listForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/check-runs\"],\n    listForSuite: [\"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs\"],\n    listSuitesForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/check-suites\"],\n    rerequestRun: [\"POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest\"],\n    rerequestSuite: [\"POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest\"],\n    setSuitesPreferences: [\"PATCH /repos/{owner}/{repo}/check-suites/preferences\"],\n    update: [\"PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}\"]\n  },\n  codeScanning: {\n    deleteAnalysis: [\"DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}\"],\n    getAlert: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}\", {}, {\n      renamedParameters: {\n        alert_id: \"alert_number\"\n      }\n    }],\n    getAnalysis: [\"GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}\"],\n    getSarif: [\"GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}\"],\n    listAlertInstances: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\"],\n    listAlertsForOrg: [\"GET /orgs/{org}/code-scanning/alerts\"],\n    listAlertsForRepo: [\"GET /repos/{owner}/{repo}/code-scanning/alerts\"],\n    listAlertsInstances: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\", {}, {\n      renamed: [\"codeScanning\", \"listAlertInstances\"]\n    }],\n    listRecentAnalyses: [\"GET /repos/{owner}/{repo}/code-scanning/analyses\"],\n    updateAlert: [\"PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}\"],\n    uploadSarif: [\"POST /repos/{owner}/{repo}/code-scanning/sarifs\"]\n  },\n  codesOfConduct: {\n    getAllCodesOfConduct: [\"GET /codes_of_conduct\"],\n    getConductCode: [\"GET /codes_of_conduct/{key}\"]\n  },\n  codespaces: {\n    addRepositoryForSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}\"],\n    codespaceMachinesForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}/machines\"],\n    createForAuthenticatedUser: [\"POST /user/codespaces\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    createOrUpdateSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}\"],\n    createWithPrForAuthenticatedUser: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces\"],\n    createWithRepoForAuthenticatedUser: [\"POST /repos/{owner}/{repo}/codespaces\"],\n    deleteForAuthenticatedUser: [\"DELETE /user/codespaces/{codespace_name}\"],\n    deleteFromOrganization: [\"DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    deleteSecretForAuthenticatedUser: [\"DELETE /user/codespaces/secrets/{secret_name}\"],\n    exportForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/exports\"],\n    getExportDetailsForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}/exports/{export_id}\"],\n    getForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}\"],\n    getPublicKeyForAuthenticatedUser: [\"GET /user/codespaces/secrets/public-key\"],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/codespaces/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    getSecretForAuthenticatedUser: [\"GET /user/codespaces/secrets/{secret_name}\"],\n    listDevcontainersInRepositoryForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces/devcontainers\"],\n    listForAuthenticatedUser: [\"GET /user/codespaces\"],\n    listInOrganization: [\"GET /orgs/{org}/codespaces\", {}, {\n      renamedParameters: {\n        org_id: \"org\"\n      }\n    }],\n    listInRepositoryForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/codespaces/secrets\"],\n    listRepositoriesForSecretForAuthenticatedUser: [\"GET /user/codespaces/secrets/{secret_name}/repositories\"],\n    listSecretsForAuthenticatedUser: [\"GET /user/codespaces/secrets\"],\n    removeRepositoryForSecretForAuthenticatedUser: [\"DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}\"],\n    repoMachinesForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces/machines\"],\n    setRepositoriesForSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}/repositories\"],\n    startForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/start\"],\n    stopForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/stop\"],\n    stopInOrganization: [\"POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop\"],\n    updateForAuthenticatedUser: [\"PATCH /user/codespaces/{codespace_name}\"]\n  },\n  dependabot: {\n    addSelectedRepoToOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}\"],\n    createOrUpdateOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    deleteOrgSecret: [\"DELETE /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    getOrgPublicKey: [\"GET /orgs/{org}/dependabot/secrets/public-key\"],\n    getOrgSecret: [\"GET /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/dependabot/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    listOrgSecrets: [\"GET /orgs/{org}/dependabot/secrets\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/dependabot/secrets\"],\n    listSelectedReposForOrgSecret: [\"GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories\"],\n    removeSelectedRepoFromOrgSecret: [\"DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}\"],\n    setSelectedReposForOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories\"]\n  },\n  dependencyGraph: {\n    createRepositorySnapshot: [\"POST /repos/{owner}/{repo}/dependency-graph/snapshots\"],\n    diffRange: [\"GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}\"]\n  },\n  emojis: {\n    get: [\"GET /emojis\"]\n  },\n  enterpriseAdmin: {\n    addCustomLabelsToSelfHostedRunnerForEnterprise: [\"POST /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    disableSelectedOrganizationGithubActionsEnterprise: [\"DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}\"],\n    enableSelectedOrganizationGithubActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}\"],\n    getAllowedActionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/selected-actions\"],\n    getGithubActionsPermissionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions\"],\n    getServerStatistics: [\"GET /enterprise-installation/{enterprise_or_org}/server-statistics\"],\n    listLabelsForSelfHostedRunnerForEnterprise: [\"GET /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    listSelectedOrganizationsEnabledGithubActionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/organizations\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForEnterprise: [\"DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    removeCustomLabelFromSelfHostedRunnerForEnterprise: [\"DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels/{name}\"],\n    setAllowedActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/selected-actions\"],\n    setCustomLabelsForSelfHostedRunnerForEnterprise: [\"PUT /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    setGithubActionsPermissionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions\"],\n    setSelectedOrganizationsEnabledGithubActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/organizations\"]\n  },\n  gists: {\n    checkIsStarred: [\"GET /gists/{gist_id}/star\"],\n    create: [\"POST /gists\"],\n    createComment: [\"POST /gists/{gist_id}/comments\"],\n    delete: [\"DELETE /gists/{gist_id}\"],\n    deleteComment: [\"DELETE /gists/{gist_id}/comments/{comment_id}\"],\n    fork: [\"POST /gists/{gist_id}/forks\"],\n    get: [\"GET /gists/{gist_id}\"],\n    getComment: [\"GET /gists/{gist_id}/comments/{comment_id}\"],\n    getRevision: [\"GET /gists/{gist_id}/{sha}\"],\n    list: [\"GET /gists\"],\n    listComments: [\"GET /gists/{gist_id}/comments\"],\n    listCommits: [\"GET /gists/{gist_id}/commits\"],\n    listForUser: [\"GET /users/{username}/gists\"],\n    listForks: [\"GET /gists/{gist_id}/forks\"],\n    listPublic: [\"GET /gists/public\"],\n    listStarred: [\"GET /gists/starred\"],\n    star: [\"PUT /gists/{gist_id}/star\"],\n    unstar: [\"DELETE /gists/{gist_id}/star\"],\n    update: [\"PATCH /gists/{gist_id}\"],\n    updateComment: [\"PATCH /gists/{gist_id}/comments/{comment_id}\"]\n  },\n  git: {\n    createBlob: [\"POST /repos/{owner}/{repo}/git/blobs\"],\n    createCommit: [\"POST /repos/{owner}/{repo}/git/commits\"],\n    createRef: [\"POST /repos/{owner}/{repo}/git/refs\"],\n    createTag: [\"POST /repos/{owner}/{repo}/git/tags\"],\n    createTree: [\"POST /repos/{owner}/{repo}/git/trees\"],\n    deleteRef: [\"DELETE /repos/{owner}/{repo}/git/refs/{ref}\"],\n    getBlob: [\"GET /repos/{owner}/{repo}/git/blobs/{file_sha}\"],\n    getCommit: [\"GET /repos/{owner}/{repo}/git/commits/{commit_sha}\"],\n    getRef: [\"GET /repos/{owner}/{repo}/git/ref/{ref}\"],\n    getTag: [\"GET /repos/{owner}/{repo}/git/tags/{tag_sha}\"],\n    getTree: [\"GET /repos/{owner}/{repo}/git/trees/{tree_sha}\"],\n    listMatchingRefs: [\"GET /repos/{owner}/{repo}/git/matching-refs/{ref}\"],\n    updateRef: [\"PATCH /repos/{owner}/{repo}/git/refs/{ref}\"]\n  },\n  gitignore: {\n    getAllTemplates: [\"GET /gitignore/templates\"],\n    getTemplate: [\"GET /gitignore/templates/{name}\"]\n  },\n  interactions: {\n    getRestrictionsForAuthenticatedUser: [\"GET /user/interaction-limits\"],\n    getRestrictionsForOrg: [\"GET /orgs/{org}/interaction-limits\"],\n    getRestrictionsForRepo: [\"GET /repos/{owner}/{repo}/interaction-limits\"],\n    getRestrictionsForYourPublicRepos: [\"GET /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"getRestrictionsForAuthenticatedUser\"]\n    }],\n    removeRestrictionsForAuthenticatedUser: [\"DELETE /user/interaction-limits\"],\n    removeRestrictionsForOrg: [\"DELETE /orgs/{org}/interaction-limits\"],\n    removeRestrictionsForRepo: [\"DELETE /repos/{owner}/{repo}/interaction-limits\"],\n    removeRestrictionsForYourPublicRepos: [\"DELETE /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"removeRestrictionsForAuthenticatedUser\"]\n    }],\n    setRestrictionsForAuthenticatedUser: [\"PUT /user/interaction-limits\"],\n    setRestrictionsForOrg: [\"PUT /orgs/{org}/interaction-limits\"],\n    setRestrictionsForRepo: [\"PUT /repos/{owner}/{repo}/interaction-limits\"],\n    setRestrictionsForYourPublicRepos: [\"PUT /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"setRestrictionsForAuthenticatedUser\"]\n    }]\n  },\n  issues: {\n    addAssignees: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/assignees\"],\n    addLabels: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    checkUserCanBeAssigned: [\"GET /repos/{owner}/{repo}/assignees/{assignee}\"],\n    create: [\"POST /repos/{owner}/{repo}/issues\"],\n    createComment: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/comments\"],\n    createLabel: [\"POST /repos/{owner}/{repo}/labels\"],\n    createMilestone: [\"POST /repos/{owner}/{repo}/milestones\"],\n    deleteComment: [\"DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    deleteLabel: [\"DELETE /repos/{owner}/{repo}/labels/{name}\"],\n    deleteMilestone: [\"DELETE /repos/{owner}/{repo}/milestones/{milestone_number}\"],\n    get: [\"GET /repos/{owner}/{repo}/issues/{issue_number}\"],\n    getComment: [\"GET /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    getEvent: [\"GET /repos/{owner}/{repo}/issues/events/{event_id}\"],\n    getLabel: [\"GET /repos/{owner}/{repo}/labels/{name}\"],\n    getMilestone: [\"GET /repos/{owner}/{repo}/milestones/{milestone_number}\"],\n    list: [\"GET /issues\"],\n    listAssignees: [\"GET /repos/{owner}/{repo}/assignees\"],\n    listComments: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/comments\"],\n    listCommentsForRepo: [\"GET /repos/{owner}/{repo}/issues/comments\"],\n    listEvents: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/events\"],\n    listEventsForRepo: [\"GET /repos/{owner}/{repo}/issues/events\"],\n    listEventsForTimeline: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/timeline\"],\n    listForAuthenticatedUser: [\"GET /user/issues\"],\n    listForOrg: [\"GET /orgs/{org}/issues\"],\n    listForRepo: [\"GET /repos/{owner}/{repo}/issues\"],\n    listLabelsForMilestone: [\"GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels\"],\n    listLabelsForRepo: [\"GET /repos/{owner}/{repo}/labels\"],\n    listLabelsOnIssue: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    listMilestones: [\"GET /repos/{owner}/{repo}/milestones\"],\n    lock: [\"PUT /repos/{owner}/{repo}/issues/{issue_number}/lock\"],\n    removeAllLabels: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    removeAssignees: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees\"],\n    removeLabel: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}\"],\n    setLabels: [\"PUT /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    unlock: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock\"],\n    update: [\"PATCH /repos/{owner}/{repo}/issues/{issue_number}\"],\n    updateComment: [\"PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    updateLabel: [\"PATCH /repos/{owner}/{repo}/labels/{name}\"],\n    updateMilestone: [\"PATCH /repos/{owner}/{repo}/milestones/{milestone_number}\"]\n  },\n  licenses: {\n    get: [\"GET /licenses/{license}\"],\n    getAllCommonlyUsed: [\"GET /licenses\"],\n    getForRepo: [\"GET /repos/{owner}/{repo}/license\"]\n  },\n  markdown: {\n    render: [\"POST /markdown\"],\n    renderRaw: [\"POST /markdown/raw\", {\n      headers: {\n        \"content-type\": \"text/plain; charset=utf-8\"\n      }\n    }]\n  },\n  meta: {\n    get: [\"GET /meta\"],\n    getOctocat: [\"GET /octocat\"],\n    getZen: [\"GET /zen\"],\n    root: [\"GET /\"]\n  },\n  migrations: {\n    cancelImport: [\"DELETE /repos/{owner}/{repo}/import\"],\n    deleteArchiveForAuthenticatedUser: [\"DELETE /user/migrations/{migration_id}/archive\"],\n    deleteArchiveForOrg: [\"DELETE /orgs/{org}/migrations/{migration_id}/archive\"],\n    downloadArchiveForOrg: [\"GET /orgs/{org}/migrations/{migration_id}/archive\"],\n    getArchiveForAuthenticatedUser: [\"GET /user/migrations/{migration_id}/archive\"],\n    getCommitAuthors: [\"GET /repos/{owner}/{repo}/import/authors\"],\n    getImportStatus: [\"GET /repos/{owner}/{repo}/import\"],\n    getLargeFiles: [\"GET /repos/{owner}/{repo}/import/large_files\"],\n    getStatusForAuthenticatedUser: [\"GET /user/migrations/{migration_id}\"],\n    getStatusForOrg: [\"GET /orgs/{org}/migrations/{migration_id}\"],\n    listForAuthenticatedUser: [\"GET /user/migrations\"],\n    listForOrg: [\"GET /orgs/{org}/migrations\"],\n    listReposForAuthenticatedUser: [\"GET /user/migrations/{migration_id}/repositories\"],\n    listReposForOrg: [\"GET /orgs/{org}/migrations/{migration_id}/repositories\"],\n    listReposForUser: [\"GET /user/migrations/{migration_id}/repositories\", {}, {\n      renamed: [\"migrations\", \"listReposForAuthenticatedUser\"]\n    }],\n    mapCommitAuthor: [\"PATCH /repos/{owner}/{repo}/import/authors/{author_id}\"],\n    setLfsPreference: [\"PATCH /repos/{owner}/{repo}/import/lfs\"],\n    startForAuthenticatedUser: [\"POST /user/migrations\"],\n    startForOrg: [\"POST /orgs/{org}/migrations\"],\n    startImport: [\"PUT /repos/{owner}/{repo}/import\"],\n    unlockRepoForAuthenticatedUser: [\"DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock\"],\n    unlockRepoForOrg: [\"DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock\"],\n    updateImport: [\"PATCH /repos/{owner}/{repo}/import\"]\n  },\n  orgs: {\n    blockUser: [\"PUT /orgs/{org}/blocks/{username}\"],\n    cancelInvitation: [\"DELETE /orgs/{org}/invitations/{invitation_id}\"],\n    checkBlockedUser: [\"GET /orgs/{org}/blocks/{username}\"],\n    checkMembershipForUser: [\"GET /orgs/{org}/members/{username}\"],\n    checkPublicMembershipForUser: [\"GET /orgs/{org}/public_members/{username}\"],\n    convertMemberToOutsideCollaborator: [\"PUT /orgs/{org}/outside_collaborators/{username}\"],\n    createInvitation: [\"POST /orgs/{org}/invitations\"],\n    createWebhook: [\"POST /orgs/{org}/hooks\"],\n    deleteWebhook: [\"DELETE /orgs/{org}/hooks/{hook_id}\"],\n    get: [\"GET /orgs/{org}\"],\n    getMembershipForAuthenticatedUser: [\"GET /user/memberships/orgs/{org}\"],\n    getMembershipForUser: [\"GET /orgs/{org}/memberships/{username}\"],\n    getWebhook: [\"GET /orgs/{org}/hooks/{hook_id}\"],\n    getWebhookConfigForOrg: [\"GET /orgs/{org}/hooks/{hook_id}/config\"],\n    getWebhookDelivery: [\"GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}\"],\n    list: [\"GET /organizations\"],\n    listAppInstallations: [\"GET /orgs/{org}/installations\"],\n    listBlockedUsers: [\"GET /orgs/{org}/blocks\"],\n    listCustomRoles: [\"GET /organizations/{organization_id}/custom_roles\"],\n    listFailedInvitations: [\"GET /orgs/{org}/failed_invitations\"],\n    listForAuthenticatedUser: [\"GET /user/orgs\"],\n    listForUser: [\"GET /users/{username}/orgs\"],\n    listInvitationTeams: [\"GET /orgs/{org}/invitations/{invitation_id}/teams\"],\n    listMembers: [\"GET /orgs/{org}/members\"],\n    listMembershipsForAuthenticatedUser: [\"GET /user/memberships/orgs\"],\n    listOutsideCollaborators: [\"GET /orgs/{org}/outside_collaborators\"],\n    listPendingInvitations: [\"GET /orgs/{org}/invitations\"],\n    listPublicMembers: [\"GET /orgs/{org}/public_members\"],\n    listWebhookDeliveries: [\"GET /orgs/{org}/hooks/{hook_id}/deliveries\"],\n    listWebhooks: [\"GET /orgs/{org}/hooks\"],\n    pingWebhook: [\"POST /orgs/{org}/hooks/{hook_id}/pings\"],\n    redeliverWebhookDelivery: [\"POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts\"],\n    removeMember: [\"DELETE /orgs/{org}/members/{username}\"],\n    removeMembershipForUser: [\"DELETE /orgs/{org}/memberships/{username}\"],\n    removeOutsideCollaborator: [\"DELETE /orgs/{org}/outside_collaborators/{username}\"],\n    removePublicMembershipForAuthenticatedUser: [\"DELETE /orgs/{org}/public_members/{username}\"],\n    setMembershipForUser: [\"PUT /orgs/{org}/memberships/{username}\"],\n    setPublicMembershipForAuthenticatedUser: [\"PUT /orgs/{org}/public_members/{username}\"],\n    unblockUser: [\"DELETE /orgs/{org}/blocks/{username}\"],\n    update: [\"PATCH /orgs/{org}\"],\n    updateMembershipForAuthenticatedUser: [\"PATCH /user/memberships/orgs/{org}\"],\n    updateWebhook: [\"PATCH /orgs/{org}/hooks/{hook_id}\"],\n    updateWebhookConfigForOrg: [\"PATCH /orgs/{org}/hooks/{hook_id}/config\"]\n  },\n  packages: {\n    deletePackageForAuthenticatedUser: [\"DELETE /user/packages/{package_type}/{package_name}\"],\n    deletePackageForOrg: [\"DELETE /orgs/{org}/packages/{package_type}/{package_name}\"],\n    deletePackageForUser: [\"DELETE /users/{username}/packages/{package_type}/{package_name}\"],\n    deletePackageVersionForAuthenticatedUser: [\"DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    deletePackageVersionForOrg: [\"DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    deletePackageVersionForUser: [\"DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getAllPackageVersionsForAPackageOwnedByAnOrg: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\", {}, {\n      renamed: [\"packages\", \"getAllPackageVersionsForPackageOwnedByOrg\"]\n    }],\n    getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions\", {}, {\n      renamed: [\"packages\", \"getAllPackageVersionsForPackageOwnedByAuthenticatedUser\"]\n    }],\n    getAllPackageVersionsForPackageOwnedByAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions\"],\n    getAllPackageVersionsForPackageOwnedByOrg: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\"],\n    getAllPackageVersionsForPackageOwnedByUser: [\"GET /users/{username}/packages/{package_type}/{package_name}/versions\"],\n    getPackageForAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}\"],\n    getPackageForOrganization: [\"GET /orgs/{org}/packages/{package_type}/{package_name}\"],\n    getPackageForUser: [\"GET /users/{username}/packages/{package_type}/{package_name}\"],\n    getPackageVersionForAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getPackageVersionForOrganization: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getPackageVersionForUser: [\"GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    listPackagesForAuthenticatedUser: [\"GET /user/packages\"],\n    listPackagesForOrganization: [\"GET /orgs/{org}/packages\"],\n    listPackagesForUser: [\"GET /users/{username}/packages\"],\n    restorePackageForAuthenticatedUser: [\"POST /user/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageForOrg: [\"POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageForUser: [\"POST /users/{username}/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageVersionForAuthenticatedUser: [\"POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"],\n    restorePackageVersionForOrg: [\"POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"],\n    restorePackageVersionForUser: [\"POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"]\n  },\n  projects: {\n    addCollaborator: [\"PUT /projects/{project_id}/collaborators/{username}\"],\n    createCard: [\"POST /projects/columns/{column_id}/cards\"],\n    createColumn: [\"POST /projects/{project_id}/columns\"],\n    createForAuthenticatedUser: [\"POST /user/projects\"],\n    createForOrg: [\"POST /orgs/{org}/projects\"],\n    createForRepo: [\"POST /repos/{owner}/{repo}/projects\"],\n    delete: [\"DELETE /projects/{project_id}\"],\n    deleteCard: [\"DELETE /projects/columns/cards/{card_id}\"],\n    deleteColumn: [\"DELETE /projects/columns/{column_id}\"],\n    get: [\"GET /projects/{project_id}\"],\n    getCard: [\"GET /projects/columns/cards/{card_id}\"],\n    getColumn: [\"GET /projects/columns/{column_id}\"],\n    getPermissionForUser: [\"GET /projects/{project_id}/collaborators/{username}/permission\"],\n    listCards: [\"GET /projects/columns/{column_id}/cards\"],\n    listCollaborators: [\"GET /projects/{project_id}/collaborators\"],\n    listColumns: [\"GET /projects/{project_id}/columns\"],\n    listForOrg: [\"GET /orgs/{org}/projects\"],\n    listForRepo: [\"GET /repos/{owner}/{repo}/projects\"],\n    listForUser: [\"GET /users/{username}/projects\"],\n    moveCard: [\"POST /projects/columns/cards/{card_id}/moves\"],\n    moveColumn: [\"POST /projects/columns/{column_id}/moves\"],\n    removeCollaborator: [\"DELETE /projects/{project_id}/collaborators/{username}\"],\n    update: [\"PATCH /projects/{project_id}\"],\n    updateCard: [\"PATCH /projects/columns/cards/{card_id}\"],\n    updateColumn: [\"PATCH /projects/columns/{column_id}\"]\n  },\n  pulls: {\n    checkIfMerged: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/merge\"],\n    create: [\"POST /repos/{owner}/{repo}/pulls\"],\n    createReplyForReviewComment: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies\"],\n    createReview: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews\"],\n    createReviewComment: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/comments\"],\n    deletePendingReview: [\"DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    deleteReviewComment: [\"DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}\"],\n    dismissReview: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals\"],\n    get: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}\"],\n    getReview: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    getReviewComment: [\"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}\"],\n    list: [\"GET /repos/{owner}/{repo}/pulls\"],\n    listCommentsForReview: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments\"],\n    listCommits: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/commits\"],\n    listFiles: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\"],\n    listRequestedReviewers: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    listReviewComments: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/comments\"],\n    listReviewCommentsForRepo: [\"GET /repos/{owner}/{repo}/pulls/comments\"],\n    listReviews: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews\"],\n    merge: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge\"],\n    removeRequestedReviewers: [\"DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    requestReviewers: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    submitReview: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events\"],\n    update: [\"PATCH /repos/{owner}/{repo}/pulls/{pull_number}\"],\n    updateBranch: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch\"],\n    updateReview: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    updateReviewComment: [\"PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}\"]\n  },\n  rateLimit: {\n    get: [\"GET /rate_limit\"]\n  },\n  reactions: {\n    createForCommitComment: [\"POST /repos/{owner}/{repo}/comments/{comment_id}/reactions\"],\n    createForIssue: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/reactions\"],\n    createForIssueComment: [\"POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\"],\n    createForPullRequestReviewComment: [\"POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\"],\n    createForRelease: [\"POST /repos/{owner}/{repo}/releases/{release_id}/reactions\"],\n    createForTeamDiscussionCommentInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\"],\n    createForTeamDiscussionInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\"],\n    deleteForCommitComment: [\"DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForIssue: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}\"],\n    deleteForIssueComment: [\"DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForPullRequestComment: [\"DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForRelease: [\"DELETE /repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}\"],\n    deleteForTeamDiscussion: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}\"],\n    deleteForTeamDiscussionComment: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}\"],\n    listForCommitComment: [\"GET /repos/{owner}/{repo}/comments/{comment_id}/reactions\"],\n    listForIssue: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/reactions\"],\n    listForIssueComment: [\"GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\"],\n    listForPullRequestReviewComment: [\"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\"],\n    listForRelease: [\"GET /repos/{owner}/{repo}/releases/{release_id}/reactions\"],\n    listForTeamDiscussionCommentInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\"],\n    listForTeamDiscussionInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\"]\n  },\n  repos: {\n    acceptInvitation: [\"PATCH /user/repository_invitations/{invitation_id}\", {}, {\n      renamed: [\"repos\", \"acceptInvitationForAuthenticatedUser\"]\n    }],\n    acceptInvitationForAuthenticatedUser: [\"PATCH /user/repository_invitations/{invitation_id}\"],\n    addAppAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    addCollaborator: [\"PUT /repos/{owner}/{repo}/collaborators/{username}\"],\n    addStatusCheckContexts: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    addTeamAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    addUserAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    checkCollaborator: [\"GET /repos/{owner}/{repo}/collaborators/{username}\"],\n    checkVulnerabilityAlerts: [\"GET /repos/{owner}/{repo}/vulnerability-alerts\"],\n    codeownersErrors: [\"GET /repos/{owner}/{repo}/codeowners/errors\"],\n    compareCommits: [\"GET /repos/{owner}/{repo}/compare/{base}...{head}\"],\n    compareCommitsWithBasehead: [\"GET /repos/{owner}/{repo}/compare/{basehead}\"],\n    createAutolink: [\"POST /repos/{owner}/{repo}/autolinks\"],\n    createCommitComment: [\"POST /repos/{owner}/{repo}/commits/{commit_sha}/comments\"],\n    createCommitSignatureProtection: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    createCommitStatus: [\"POST /repos/{owner}/{repo}/statuses/{sha}\"],\n    createDeployKey: [\"POST /repos/{owner}/{repo}/keys\"],\n    createDeployment: [\"POST /repos/{owner}/{repo}/deployments\"],\n    createDeploymentStatus: [\"POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\"],\n    createDispatchEvent: [\"POST /repos/{owner}/{repo}/dispatches\"],\n    createForAuthenticatedUser: [\"POST /user/repos\"],\n    createFork: [\"POST /repos/{owner}/{repo}/forks\"],\n    createInOrg: [\"POST /orgs/{org}/repos\"],\n    createOrUpdateEnvironment: [\"PUT /repos/{owner}/{repo}/environments/{environment_name}\"],\n    createOrUpdateFileContents: [\"PUT /repos/{owner}/{repo}/contents/{path}\"],\n    createPagesSite: [\"POST /repos/{owner}/{repo}/pages\"],\n    createRelease: [\"POST /repos/{owner}/{repo}/releases\"],\n    createTagProtection: [\"POST /repos/{owner}/{repo}/tags/protection\"],\n    createUsingTemplate: [\"POST /repos/{template_owner}/{template_repo}/generate\"],\n    createWebhook: [\"POST /repos/{owner}/{repo}/hooks\"],\n    declineInvitation: [\"DELETE /user/repository_invitations/{invitation_id}\", {}, {\n      renamed: [\"repos\", \"declineInvitationForAuthenticatedUser\"]\n    }],\n    declineInvitationForAuthenticatedUser: [\"DELETE /user/repository_invitations/{invitation_id}\"],\n    delete: [\"DELETE /repos/{owner}/{repo}\"],\n    deleteAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions\"],\n    deleteAdminBranchProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    deleteAnEnvironment: [\"DELETE /repos/{owner}/{repo}/environments/{environment_name}\"],\n    deleteAutolink: [\"DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}\"],\n    deleteBranchProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    deleteCommitComment: [\"DELETE /repos/{owner}/{repo}/comments/{comment_id}\"],\n    deleteCommitSignatureProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    deleteDeployKey: [\"DELETE /repos/{owner}/{repo}/keys/{key_id}\"],\n    deleteDeployment: [\"DELETE /repos/{owner}/{repo}/deployments/{deployment_id}\"],\n    deleteFile: [\"DELETE /repos/{owner}/{repo}/contents/{path}\"],\n    deleteInvitation: [\"DELETE /repos/{owner}/{repo}/invitations/{invitation_id}\"],\n    deletePagesSite: [\"DELETE /repos/{owner}/{repo}/pages\"],\n    deletePullRequestReviewProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    deleteRelease: [\"DELETE /repos/{owner}/{repo}/releases/{release_id}\"],\n    deleteReleaseAsset: [\"DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    deleteTagProtection: [\"DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}\"],\n    deleteWebhook: [\"DELETE /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    disableAutomatedSecurityFixes: [\"DELETE /repos/{owner}/{repo}/automated-security-fixes\"],\n    disableLfsForRepo: [\"DELETE /repos/{owner}/{repo}/lfs\"],\n    disableVulnerabilityAlerts: [\"DELETE /repos/{owner}/{repo}/vulnerability-alerts\"],\n    downloadArchive: [\"GET /repos/{owner}/{repo}/zipball/{ref}\", {}, {\n      renamed: [\"repos\", \"downloadZipballArchive\"]\n    }],\n    downloadTarballArchive: [\"GET /repos/{owner}/{repo}/tarball/{ref}\"],\n    downloadZipballArchive: [\"GET /repos/{owner}/{repo}/zipball/{ref}\"],\n    enableAutomatedSecurityFixes: [\"PUT /repos/{owner}/{repo}/automated-security-fixes\"],\n    enableLfsForRepo: [\"PUT /repos/{owner}/{repo}/lfs\"],\n    enableVulnerabilityAlerts: [\"PUT /repos/{owner}/{repo}/vulnerability-alerts\"],\n    generateReleaseNotes: [\"POST /repos/{owner}/{repo}/releases/generate-notes\"],\n    get: [\"GET /repos/{owner}/{repo}\"],\n    getAccessRestrictions: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions\"],\n    getAdminBranchProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    getAllEnvironments: [\"GET /repos/{owner}/{repo}/environments\"],\n    getAllStatusCheckContexts: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\"],\n    getAllTopics: [\"GET /repos/{owner}/{repo}/topics\"],\n    getAppsWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\"],\n    getAutolink: [\"GET /repos/{owner}/{repo}/autolinks/{autolink_id}\"],\n    getBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}\"],\n    getBranchProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    getClones: [\"GET /repos/{owner}/{repo}/traffic/clones\"],\n    getCodeFrequencyStats: [\"GET /repos/{owner}/{repo}/stats/code_frequency\"],\n    getCollaboratorPermissionLevel: [\"GET /repos/{owner}/{repo}/collaborators/{username}/permission\"],\n    getCombinedStatusForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/status\"],\n    getCommit: [\"GET /repos/{owner}/{repo}/commits/{ref}\"],\n    getCommitActivityStats: [\"GET /repos/{owner}/{repo}/stats/commit_activity\"],\n    getCommitComment: [\"GET /repos/{owner}/{repo}/comments/{comment_id}\"],\n    getCommitSignatureProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    getCommunityProfileMetrics: [\"GET /repos/{owner}/{repo}/community/profile\"],\n    getContent: [\"GET /repos/{owner}/{repo}/contents/{path}\"],\n    getContributorsStats: [\"GET /repos/{owner}/{repo}/stats/contributors\"],\n    getDeployKey: [\"GET /repos/{owner}/{repo}/keys/{key_id}\"],\n    getDeployment: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}\"],\n    getDeploymentStatus: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}\"],\n    getEnvironment: [\"GET /repos/{owner}/{repo}/environments/{environment_name}\"],\n    getLatestPagesBuild: [\"GET /repos/{owner}/{repo}/pages/builds/latest\"],\n    getLatestRelease: [\"GET /repos/{owner}/{repo}/releases/latest\"],\n    getPages: [\"GET /repos/{owner}/{repo}/pages\"],\n    getPagesBuild: [\"GET /repos/{owner}/{repo}/pages/builds/{build_id}\"],\n    getPagesHealthCheck: [\"GET /repos/{owner}/{repo}/pages/health\"],\n    getParticipationStats: [\"GET /repos/{owner}/{repo}/stats/participation\"],\n    getPullRequestReviewProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    getPunchCardStats: [\"GET /repos/{owner}/{repo}/stats/punch_card\"],\n    getReadme: [\"GET /repos/{owner}/{repo}/readme\"],\n    getReadmeInDirectory: [\"GET /repos/{owner}/{repo}/readme/{dir}\"],\n    getRelease: [\"GET /repos/{owner}/{repo}/releases/{release_id}\"],\n    getReleaseAsset: [\"GET /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    getReleaseByTag: [\"GET /repos/{owner}/{repo}/releases/tags/{tag}\"],\n    getStatusChecksProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    getTeamsWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\"],\n    getTopPaths: [\"GET /repos/{owner}/{repo}/traffic/popular/paths\"],\n    getTopReferrers: [\"GET /repos/{owner}/{repo}/traffic/popular/referrers\"],\n    getUsersWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\"],\n    getViews: [\"GET /repos/{owner}/{repo}/traffic/views\"],\n    getWebhook: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    getWebhookConfigForRepo: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/config\"],\n    getWebhookDelivery: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}\"],\n    listAutolinks: [\"GET /repos/{owner}/{repo}/autolinks\"],\n    listBranches: [\"GET /repos/{owner}/{repo}/branches\"],\n    listBranchesForHeadCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head\"],\n    listCollaborators: [\"GET /repos/{owner}/{repo}/collaborators\"],\n    listCommentsForCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/comments\"],\n    listCommitCommentsForRepo: [\"GET /repos/{owner}/{repo}/comments\"],\n    listCommitStatusesForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/statuses\"],\n    listCommits: [\"GET /repos/{owner}/{repo}/commits\"],\n    listContributors: [\"GET /repos/{owner}/{repo}/contributors\"],\n    listDeployKeys: [\"GET /repos/{owner}/{repo}/keys\"],\n    listDeploymentStatuses: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\"],\n    listDeployments: [\"GET /repos/{owner}/{repo}/deployments\"],\n    listForAuthenticatedUser: [\"GET /user/repos\"],\n    listForOrg: [\"GET /orgs/{org}/repos\"],\n    listForUser: [\"GET /users/{username}/repos\"],\n    listForks: [\"GET /repos/{owner}/{repo}/forks\"],\n    listInvitations: [\"GET /repos/{owner}/{repo}/invitations\"],\n    listInvitationsForAuthenticatedUser: [\"GET /user/repository_invitations\"],\n    listLanguages: [\"GET /repos/{owner}/{repo}/languages\"],\n    listPagesBuilds: [\"GET /repos/{owner}/{repo}/pages/builds\"],\n    listPublic: [\"GET /repositories\"],\n    listPullRequestsAssociatedWithCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls\"],\n    listReleaseAssets: [\"GET /repos/{owner}/{repo}/releases/{release_id}/assets\"],\n    listReleases: [\"GET /repos/{owner}/{repo}/releases\"],\n    listTagProtection: [\"GET /repos/{owner}/{repo}/tags/protection\"],\n    listTags: [\"GET /repos/{owner}/{repo}/tags\"],\n    listTeams: [\"GET /repos/{owner}/{repo}/teams\"],\n    listWebhookDeliveries: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries\"],\n    listWebhooks: [\"GET /repos/{owner}/{repo}/hooks\"],\n    merge: [\"POST /repos/{owner}/{repo}/merges\"],\n    mergeUpstream: [\"POST /repos/{owner}/{repo}/merge-upstream\"],\n    pingWebhook: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/pings\"],\n    redeliverWebhookDelivery: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts\"],\n    removeAppAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    removeCollaborator: [\"DELETE /repos/{owner}/{repo}/collaborators/{username}\"],\n    removeStatusCheckContexts: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    removeStatusCheckProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    removeTeamAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    removeUserAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    renameBranch: [\"POST /repos/{owner}/{repo}/branches/{branch}/rename\"],\n    replaceAllTopics: [\"PUT /repos/{owner}/{repo}/topics\"],\n    requestPagesBuild: [\"POST /repos/{owner}/{repo}/pages/builds\"],\n    setAdminBranchProtection: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    setAppAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    setStatusCheckContexts: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    setTeamAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    setUserAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    testPushWebhook: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/tests\"],\n    transfer: [\"POST /repos/{owner}/{repo}/transfer\"],\n    update: [\"PATCH /repos/{owner}/{repo}\"],\n    updateBranchProtection: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    updateCommitComment: [\"PATCH /repos/{owner}/{repo}/comments/{comment_id}\"],\n    updateInformationAboutPagesSite: [\"PUT /repos/{owner}/{repo}/pages\"],\n    updateInvitation: [\"PATCH /repos/{owner}/{repo}/invitations/{invitation_id}\"],\n    updatePullRequestReviewProtection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    updateRelease: [\"PATCH /repos/{owner}/{repo}/releases/{release_id}\"],\n    updateReleaseAsset: [\"PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    updateStatusCheckPotection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\", {}, {\n      renamed: [\"repos\", \"updateStatusCheckProtection\"]\n    }],\n    updateStatusCheckProtection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    updateWebhook: [\"PATCH /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    updateWebhookConfigForRepo: [\"PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config\"],\n    uploadReleaseAsset: [\"POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}\", {\n      baseUrl: \"https://uploads.github.com\"\n    }]\n  },\n  search: {\n    code: [\"GET /search/code\"],\n    commits: [\"GET /search/commits\"],\n    issuesAndPullRequests: [\"GET /search/issues\"],\n    labels: [\"GET /search/labels\"],\n    repos: [\"GET /search/repositories\"],\n    topics: [\"GET /search/topics\"],\n    users: [\"GET /search/users\"]\n  },\n  secretScanning: {\n    getAlert: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}\"],\n    listAlertsForEnterprise: [\"GET /enterprises/{enterprise}/secret-scanning/alerts\"],\n    listAlertsForOrg: [\"GET /orgs/{org}/secret-scanning/alerts\"],\n    listAlertsForRepo: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts\"],\n    listLocationsForAlert: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations\"],\n    updateAlert: [\"PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}\"]\n  },\n  teams: {\n    addOrUpdateMembershipForUserInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    addOrUpdateProjectPermissionsInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    addOrUpdateRepoPermissionsInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    checkPermissionsForProjectInOrg: [\"GET /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    checkPermissionsForRepoInOrg: [\"GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    create: [\"POST /orgs/{org}/teams\"],\n    createDiscussionCommentInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\"],\n    createDiscussionInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions\"],\n    deleteDiscussionCommentInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    deleteDiscussionInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    deleteInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}\"],\n    getByName: [\"GET /orgs/{org}/teams/{team_slug}\"],\n    getDiscussionCommentInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    getDiscussionInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    getMembershipForUserInOrg: [\"GET /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    list: [\"GET /orgs/{org}/teams\"],\n    listChildInOrg: [\"GET /orgs/{org}/teams/{team_slug}/teams\"],\n    listDiscussionCommentsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\"],\n    listDiscussionsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions\"],\n    listForAuthenticatedUser: [\"GET /user/teams\"],\n    listMembersInOrg: [\"GET /orgs/{org}/teams/{team_slug}/members\"],\n    listPendingInvitationsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/invitations\"],\n    listProjectsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/projects\"],\n    listReposInOrg: [\"GET /orgs/{org}/teams/{team_slug}/repos\"],\n    removeMembershipForUserInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    removeProjectInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    removeRepoInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    updateDiscussionCommentInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    updateDiscussionInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    updateInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}\"]\n  },\n  users: {\n    addEmailForAuthenticated: [\"POST /user/emails\", {}, {\n      renamed: [\"users\", \"addEmailForAuthenticatedUser\"]\n    }],\n    addEmailForAuthenticatedUser: [\"POST /user/emails\"],\n    block: [\"PUT /user/blocks/{username}\"],\n    checkBlocked: [\"GET /user/blocks/{username}\"],\n    checkFollowingForUser: [\"GET /users/{username}/following/{target_user}\"],\n    checkPersonIsFollowedByAuthenticated: [\"GET /user/following/{username}\"],\n    createGpgKeyForAuthenticated: [\"POST /user/gpg_keys\", {}, {\n      renamed: [\"users\", \"createGpgKeyForAuthenticatedUser\"]\n    }],\n    createGpgKeyForAuthenticatedUser: [\"POST /user/gpg_keys\"],\n    createPublicSshKeyForAuthenticated: [\"POST /user/keys\", {}, {\n      renamed: [\"users\", \"createPublicSshKeyForAuthenticatedUser\"]\n    }],\n    createPublicSshKeyForAuthenticatedUser: [\"POST /user/keys\"],\n    deleteEmailForAuthenticated: [\"DELETE /user/emails\", {}, {\n      renamed: [\"users\", \"deleteEmailForAuthenticatedUser\"]\n    }],\n    deleteEmailForAuthenticatedUser: [\"DELETE /user/emails\"],\n    deleteGpgKeyForAuthenticated: [\"DELETE /user/gpg_keys/{gpg_key_id}\", {}, {\n      renamed: [\"users\", \"deleteGpgKeyForAuthenticatedUser\"]\n    }],\n    deleteGpgKeyForAuthenticatedUser: [\"DELETE /user/gpg_keys/{gpg_key_id}\"],\n    deletePublicSshKeyForAuthenticated: [\"DELETE /user/keys/{key_id}\", {}, {\n      renamed: [\"users\", \"deletePublicSshKeyForAuthenticatedUser\"]\n    }],\n    deletePublicSshKeyForAuthenticatedUser: [\"DELETE /user/keys/{key_id}\"],\n    follow: [\"PUT /user/following/{username}\"],\n    getAuthenticated: [\"GET /user\"],\n    getByUsername: [\"GET /users/{username}\"],\n    getContextForUser: [\"GET /users/{username}/hovercard\"],\n    getGpgKeyForAuthenticated: [\"GET /user/gpg_keys/{gpg_key_id}\", {}, {\n      renamed: [\"users\", \"getGpgKeyForAuthenticatedUser\"]\n    }],\n    getGpgKeyForAuthenticatedUser: [\"GET /user/gpg_keys/{gpg_key_id}\"],\n    getPublicSshKeyForAuthenticated: [\"GET /user/keys/{key_id}\", {}, {\n      renamed: [\"users\", \"getPublicSshKeyForAuthenticatedUser\"]\n    }],\n    getPublicSshKeyForAuthenticatedUser: [\"GET /user/keys/{key_id}\"],\n    list: [\"GET /users\"],\n    listBlockedByAuthenticated: [\"GET /user/blocks\", {}, {\n      renamed: [\"users\", \"listBlockedByAuthenticatedUser\"]\n    }],\n    listBlockedByAuthenticatedUser: [\"GET /user/blocks\"],\n    listEmailsForAuthenticated: [\"GET /user/emails\", {}, {\n      renamed: [\"users\", \"listEmailsForAuthenticatedUser\"]\n    }],\n    listEmailsForAuthenticatedUser: [\"GET /user/emails\"],\n    listFollowedByAuthenticated: [\"GET /user/following\", {}, {\n      renamed: [\"users\", \"listFollowedByAuthenticatedUser\"]\n    }],\n    listFollowedByAuthenticatedUser: [\"GET /user/following\"],\n    listFollowersForAuthenticatedUser: [\"GET /user/followers\"],\n    listFollowersForUser: [\"GET /users/{username}/followers\"],\n    listFollowingForUser: [\"GET /users/{username}/following\"],\n    listGpgKeysForAuthenticated: [\"GET /user/gpg_keys\", {}, {\n      renamed: [\"users\", \"listGpgKeysForAuthenticatedUser\"]\n    }],\n    listGpgKeysForAuthenticatedUser: [\"GET /user/gpg_keys\"],\n    listGpgKeysForUser: [\"GET /users/{username}/gpg_keys\"],\n    listPublicEmailsForAuthenticated: [\"GET /user/public_emails\", {}, {\n      renamed: [\"users\", \"listPublicEmailsForAuthenticatedUser\"]\n    }],\n    listPublicEmailsForAuthenticatedUser: [\"GET /user/public_emails\"],\n    listPublicKeysForUser: [\"GET /users/{username}/keys\"],\n    listPublicSshKeysForAuthenticated: [\"GET /user/keys\", {}, {\n      renamed: [\"users\", \"listPublicSshKeysForAuthenticatedUser\"]\n    }],\n    listPublicSshKeysForAuthenticatedUser: [\"GET /user/keys\"],\n    setPrimaryEmailVisibilityForAuthenticated: [\"PATCH /user/email/visibility\", {}, {\n      renamed: [\"users\", \"setPrimaryEmailVisibilityForAuthenticatedUser\"]\n    }],\n    setPrimaryEmailVisibilityForAuthenticatedUser: [\"PATCH /user/email/visibility\"],\n    unblock: [\"DELETE /user/blocks/{username}\"],\n    unfollow: [\"DELETE /user/following/{username}\"],\n    updateAuthenticated: [\"PATCH /user\"]\n  }\n};\n\nconst VERSION = \"5.16.2\";\n\nfunction endpointsToMethods(octokit, endpointsMap) {\n  const newMethods = {};\n\n  for (const [scope, endpoints] of Object.entries(endpointsMap)) {\n    for (const [methodName, endpoint] of Object.entries(endpoints)) {\n      const [route, defaults, decorations] = endpoint;\n      const [method, url] = route.split(/ /);\n      const endpointDefaults = Object.assign({\n        method,\n        url\n      }, defaults);\n\n      if (!newMethods[scope]) {\n        newMethods[scope] = {};\n      }\n\n      const scopeMethods = newMethods[scope];\n\n      if (decorations) {\n        scopeMethods[methodName] = decorate(octokit, scope, methodName, endpointDefaults, decorations);\n        continue;\n      }\n\n      scopeMethods[methodName] = octokit.request.defaults(endpointDefaults);\n    }\n  }\n\n  return newMethods;\n}\n\nfunction decorate(octokit, scope, methodName, defaults, decorations) {\n  const requestWithDefaults = octokit.request.defaults(defaults);\n  /* istanbul ignore next */\n\n  function withDecorations(...args) {\n    // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n    let options = requestWithDefaults.endpoint.merge(...args); // There are currently no other decorations than `.mapToData`\n\n    if (decorations.mapToData) {\n      options = Object.assign({}, options, {\n        data: options[decorations.mapToData],\n        [decorations.mapToData]: undefined\n      });\n      return requestWithDefaults(options);\n    }\n\n    if (decorations.renamed) {\n      const [newScope, newMethodName] = decorations.renamed;\n      octokit.log.warn(`octokit.${scope}.${methodName}() has been renamed to octokit.${newScope}.${newMethodName}()`);\n    }\n\n    if (decorations.deprecated) {\n      octokit.log.warn(decorations.deprecated);\n    }\n\n    if (decorations.renamedParameters) {\n      // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n      const options = requestWithDefaults.endpoint.merge(...args);\n\n      for (const [name, alias] of Object.entries(decorations.renamedParameters)) {\n        if (name in options) {\n          octokit.log.warn(`\"${name}\" parameter is deprecated for \"octokit.${scope}.${methodName}()\". Use \"${alias}\" instead`);\n\n          if (!(alias in options)) {\n            options[alias] = options[name];\n          }\n\n          delete options[name];\n        }\n      }\n\n      return requestWithDefaults(options);\n    } // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n\n\n    return requestWithDefaults(...args);\n  }\n\n  return Object.assign(withDecorations, requestWithDefaults);\n}\n\nfunction restEndpointMethods(octokit) {\n  const api = endpointsToMethods(octokit, Endpoints);\n  return {\n    rest: api\n  };\n}\nrestEndpointMethods.VERSION = VERSION;\nfunction legacyRestEndpointMethods(octokit) {\n  const api = endpointsToMethods(octokit, Endpoints);\n  return _objectSpread2(_objectSpread2({}, api), {}, {\n    rest: api\n  });\n}\nlegacyRestEndpointMethods.VERSION = VERSION;\n\nexports.legacyRestEndpointMethods = legacyRestEndpointMethods;\nexports.restEndpointMethods = restEndpointMethods;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar deprecation = require('deprecation');\nvar once = _interopDefault(require('once'));\n\nconst logOnceCode = once(deprecation => console.warn(deprecation));\nconst logOnceHeaders = once(deprecation => console.warn(deprecation));\n/**\n * Error with extra properties to help with debugging\n */\n\nclass RequestError extends Error {\n  constructor(message, statusCode, options) {\n    super(message); // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n\n    this.name = \"HttpError\";\n    this.status = statusCode;\n    let headers;\n\n    if (\"headers\" in options && typeof options.headers !== \"undefined\") {\n      headers = options.headers;\n    }\n\n    if (\"response\" in options) {\n      this.response = options.response;\n      headers = options.response.headers;\n    } // redact request credentials without mutating original request options\n\n\n    const requestCopy = Object.assign({}, options.request);\n\n    if (options.request.headers.authorization) {\n      requestCopy.headers = Object.assign({}, options.request.headers, {\n        authorization: options.request.headers.authorization.replace(/ .*$/, \" [REDACTED]\")\n      });\n    }\n\n    requestCopy.url = requestCopy.url // client_id & client_secret can be passed as URL query parameters to increase rate limit\n    // see https://developer.github.com/v3/#increasing-the-unauthenticated-rate-limit-for-oauth-applications\n    .replace(/\\bclient_secret=\\w+/g, \"client_secret=[REDACTED]\") // OAuth tokens can be passed as URL query parameters, although it is not recommended\n    // see https://developer.github.com/v3/#oauth2-token-sent-in-a-header\n    .replace(/\\baccess_token=\\w+/g, \"access_token=[REDACTED]\");\n    this.request = requestCopy; // deprecations\n\n    Object.defineProperty(this, \"code\", {\n      get() {\n        logOnceCode(new deprecation.Deprecation(\"[@octokit/request-error] `error.code` is deprecated, use `error.status`.\"));\n        return statusCode;\n      }\n\n    });\n    Object.defineProperty(this, \"headers\", {\n      get() {\n        logOnceHeaders(new deprecation.Deprecation(\"[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`.\"));\n        return headers || {};\n      }\n\n    });\n  }\n\n}\n\nexports.RequestError = RequestError;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar endpoint = require('@octokit/endpoint');\nvar universalUserAgent = require('universal-user-agent');\nvar isPlainObject = require('is-plain-object');\nvar nodeFetch = _interopDefault(require('node-fetch'));\nvar requestError = require('@octokit/request-error');\n\nconst VERSION = \"5.6.3\";\n\nfunction getBufferResponse(response) {\n  return response.arrayBuffer();\n}\n\nfunction fetchWrapper(requestOptions) {\n  const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;\n\n  if (isPlainObject.isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) {\n    requestOptions.body = JSON.stringify(requestOptions.body);\n  }\n\n  let headers = {};\n  let status;\n  let url;\n  const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch;\n  return fetch(requestOptions.url, Object.assign({\n    method: requestOptions.method,\n    body: requestOptions.body,\n    headers: requestOptions.headers,\n    redirect: requestOptions.redirect\n  }, // `requestOptions.request.agent` type is incompatible\n  // see https://github.com/octokit/types.ts/pull/264\n  requestOptions.request)).then(async response => {\n    url = response.url;\n    status = response.status;\n\n    for (const keyAndValue of response.headers) {\n      headers[keyAndValue[0]] = keyAndValue[1];\n    }\n\n    if (\"deprecation\" in headers) {\n      const matches = headers.link && headers.link.match(/<([^>]+)>; rel=\"deprecation\"/);\n      const deprecationLink = matches && matches.pop();\n      log.warn(`[@octokit/request] \"${requestOptions.method} ${requestOptions.url}\" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : \"\"}`);\n    }\n\n    if (status === 204 || status === 205) {\n      return;\n    } // GitHub API returns 200 for HEAD requests\n\n\n    if (requestOptions.method === \"HEAD\") {\n      if (status < 400) {\n        return;\n      }\n\n      throw new requestError.RequestError(response.statusText, status, {\n        response: {\n          url,\n          status,\n          headers,\n          data: undefined\n        },\n        request: requestOptions\n      });\n    }\n\n    if (status === 304) {\n      throw new requestError.RequestError(\"Not modified\", status, {\n        response: {\n          url,\n          status,\n          headers,\n          data: await getResponseData(response)\n        },\n        request: requestOptions\n      });\n    }\n\n    if (status >= 400) {\n      const data = await getResponseData(response);\n      const error = new requestError.RequestError(toErrorMessage(data), status, {\n        response: {\n          url,\n          status,\n          headers,\n          data\n        },\n        request: requestOptions\n      });\n      throw error;\n    }\n\n    return getResponseData(response);\n  }).then(data => {\n    return {\n      status,\n      url,\n      headers,\n      data\n    };\n  }).catch(error => {\n    if (error instanceof requestError.RequestError) throw error;\n    throw new requestError.RequestError(error.message, 500, {\n      request: requestOptions\n    });\n  });\n}\n\nasync function getResponseData(response) {\n  const contentType = response.headers.get(\"content-type\");\n\n  if (/application\\/json/.test(contentType)) {\n    return response.json();\n  }\n\n  if (!contentType || /^text\\/|charset=utf-8$/.test(contentType)) {\n    return response.text();\n  }\n\n  return getBufferResponse(response);\n}\n\nfunction toErrorMessage(data) {\n  if (typeof data === \"string\") return data; // istanbul ignore else - just in case\n\n  if (\"message\" in data) {\n    if (Array.isArray(data.errors)) {\n      return `${data.message}: ${data.errors.map(JSON.stringify).join(\", \")}`;\n    }\n\n    return data.message;\n  } // istanbul ignore next - just in case\n\n\n  return `Unknown error: ${JSON.stringify(data)}`;\n}\n\nfunction withDefaults(oldEndpoint, newDefaults) {\n  const endpoint = oldEndpoint.defaults(newDefaults);\n\n  const newApi = function (route, parameters) {\n    const endpointOptions = endpoint.merge(route, parameters);\n\n    if (!endpointOptions.request || !endpointOptions.request.hook) {\n      return fetchWrapper(endpoint.parse(endpointOptions));\n    }\n\n    const request = (route, parameters) => {\n      return fetchWrapper(endpoint.parse(endpoint.merge(route, parameters)));\n    };\n\n    Object.assign(request, {\n      endpoint,\n      defaults: withDefaults.bind(null, endpoint)\n    });\n    return endpointOptions.request.hook(request, endpointOptions);\n  };\n\n  return Object.assign(newApi, {\n    endpoint,\n    defaults: withDefaults.bind(null, endpoint)\n  });\n}\n\nconst request = withDefaults(endpoint.endpoint, {\n  headers: {\n    \"user-agent\": `octokit-request.js/${VERSION} ${universalUserAgent.getUserAgent()}`\n  }\n});\n\nexports.request = request;\n//# sourceMappingURL=index.js.map\n","var register = require('./lib/register')\nvar addHook = require('./lib/add')\nvar removeHook = require('./lib/remove')\n\n// bind with array of arguments: https://stackoverflow.com/a/21792913\nvar bind = Function.bind\nvar bindable = bind.bind(bind)\n\nfunction bindApi (hook, state, name) {\n  var removeHookRef = bindable(removeHook, null).apply(null, name ? [state, name] : [state])\n  hook.api = { remove: removeHookRef }\n  hook.remove = removeHookRef\n\n  ;['before', 'error', 'after', 'wrap'].forEach(function (kind) {\n    var args = name ? [state, kind, name] : [state, kind]\n    hook[kind] = hook.api[kind] = bindable(addHook, null).apply(null, args)\n  })\n}\n\nfunction HookSingular () {\n  var singularHookName = 'h'\n  var singularHookState = {\n    registry: {}\n  }\n  var singularHook = register.bind(null, singularHookState, singularHookName)\n  bindApi(singularHook, singularHookState, singularHookName)\n  return singularHook\n}\n\nfunction HookCollection () {\n  var state = {\n    registry: {}\n  }\n\n  var hook = register.bind(null, state)\n  bindApi(hook, state)\n\n  return hook\n}\n\nvar collectionHookDeprecationMessageDisplayed = false\nfunction Hook () {\n  if (!collectionHookDeprecationMessageDisplayed) {\n    console.warn('[before-after-hook]: \"Hook()\" repurposing warning, use \"Hook.Collection()\". Read more: https://git.io/upgrade-before-after-hook-to-1.4')\n    collectionHookDeprecationMessageDisplayed = true\n  }\n  return HookCollection()\n}\n\nHook.Singular = HookSingular.bind()\nHook.Collection = HookCollection.bind()\n\nmodule.exports = Hook\n// expose constructors as a named property for TypeScript\nmodule.exports.Hook = Hook\nmodule.exports.Singular = Hook.Singular\nmodule.exports.Collection = Hook.Collection\n","module.exports = addHook;\n\nfunction addHook(state, kind, name, hook) {\n  var orig = hook;\n  if (!state.registry[name]) {\n    state.registry[name] = [];\n  }\n\n  if (kind === \"before\") {\n    hook = function (method, options) {\n      return Promise.resolve()\n        .then(orig.bind(null, options))\n        .then(method.bind(null, options));\n    };\n  }\n\n  if (kind === \"after\") {\n    hook = function (method, options) {\n      var result;\n      return Promise.resolve()\n        .then(method.bind(null, options))\n        .then(function (result_) {\n          result = result_;\n          return orig(result, options);\n        })\n        .then(function () {\n          return result;\n        });\n    };\n  }\n\n  if (kind === \"error\") {\n    hook = function (method, options) {\n      return Promise.resolve()\n        .then(method.bind(null, options))\n        .catch(function (error) {\n          return orig(error, options);\n        });\n    };\n  }\n\n  state.registry[name].push({\n    hook: hook,\n    orig: orig,\n  });\n}\n","module.exports = register;\n\nfunction register(state, name, method, options) {\n  if (typeof method !== \"function\") {\n    throw new Error(\"method for before hook must be a function\");\n  }\n\n  if (!options) {\n    options = {};\n  }\n\n  if (Array.isArray(name)) {\n    return name.reverse().reduce(function (callback, name) {\n      return register.bind(null, state, name, callback, options);\n    }, method)();\n  }\n\n  return Promise.resolve().then(function () {\n    if (!state.registry[name]) {\n      return method(options);\n    }\n\n    return state.registry[name].reduce(function (method, registered) {\n      return registered.hook.bind(null, method, options);\n    }, method)();\n  });\n}\n","module.exports = removeHook;\n\nfunction removeHook(state, name, method) {\n  if (!state.registry[name]) {\n    return;\n  }\n\n  var index = state.registry[name]\n    .map(function (registered) {\n      return registered.orig;\n    })\n    .indexOf(method);\n\n  if (index === -1) {\n    return;\n  }\n\n  state.registry[name].splice(index, 1);\n}\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nclass Deprecation extends Error {\n  constructor(message) {\n    super(message); // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n\n    this.name = 'Deprecation';\n  }\n\n}\n\nexports.Deprecation = Deprecation;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\n/*!\n * is-plain-object <https://github.com/jonschlinkert/is-plain-object>\n *\n * Copyright (c) 2014-2017, Jon Schlinkert.\n * Released under the MIT License.\n */\n\nfunction isObject(o) {\n  return Object.prototype.toString.call(o) === '[object Object]';\n}\n\nfunction isPlainObject(o) {\n  var ctor,prot;\n\n  if (isObject(o) === false) return false;\n\n  // If has modified constructor\n  ctor = o.constructor;\n  if (ctor === undefined) return true;\n\n  // If has modified prototype\n  prot = ctor.prototype;\n  if (isObject(prot) === false) return false;\n\n  // If constructor does not have an Object-specific method\n  if (prot.hasOwnProperty('isPrototypeOf') === false) {\n    return false;\n  }\n\n  // Most likely a plain Object\n  return true;\n}\n\nexports.isPlainObject = isPlainObject;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar Stream = _interopDefault(require('stream'));\nvar http = _interopDefault(require('http'));\nvar Url = _interopDefault(require('url'));\nvar whatwgUrl = _interopDefault(require('whatwg-url'));\nvar https = _interopDefault(require('https'));\nvar zlib = _interopDefault(require('zlib'));\n\n// Based on https://github.com/tmpvar/jsdom/blob/aa85b2abf07766ff7bf5c1f6daafb3726f2f2db5/lib/jsdom/living/blob.js\n\n// fix for \"Readable\" isn't a named export issue\nconst Readable = Stream.Readable;\n\nconst BUFFER = Symbol('buffer');\nconst TYPE = Symbol('type');\n\nclass Blob {\n\tconstructor() {\n\t\tthis[TYPE] = '';\n\n\t\tconst blobParts = arguments[0];\n\t\tconst options = arguments[1];\n\n\t\tconst buffers = [];\n\t\tlet size = 0;\n\n\t\tif (blobParts) {\n\t\t\tconst a = blobParts;\n\t\t\tconst length = Number(a.length);\n\t\t\tfor (let i = 0; i < length; i++) {\n\t\t\t\tconst element = a[i];\n\t\t\t\tlet buffer;\n\t\t\t\tif (element instanceof Buffer) {\n\t\t\t\t\tbuffer = element;\n\t\t\t\t} else if (ArrayBuffer.isView(element)) {\n\t\t\t\t\tbuffer = Buffer.from(element.buffer, element.byteOffset, element.byteLength);\n\t\t\t\t} else if (element instanceof ArrayBuffer) {\n\t\t\t\t\tbuffer = Buffer.from(element);\n\t\t\t\t} else if (element instanceof Blob) {\n\t\t\t\t\tbuffer = element[BUFFER];\n\t\t\t\t} else {\n\t\t\t\t\tbuffer = Buffer.from(typeof element === 'string' ? element : String(element));\n\t\t\t\t}\n\t\t\t\tsize += buffer.length;\n\t\t\t\tbuffers.push(buffer);\n\t\t\t}\n\t\t}\n\n\t\tthis[BUFFER] = Buffer.concat(buffers);\n\n\t\tlet type = options && options.type !== undefined && String(options.type).toLowerCase();\n\t\tif (type && !/[^\\u0020-\\u007E]/.test(type)) {\n\t\t\tthis[TYPE] = type;\n\t\t}\n\t}\n\tget size() {\n\t\treturn this[BUFFER].length;\n\t}\n\tget type() {\n\t\treturn this[TYPE];\n\t}\n\ttext() {\n\t\treturn Promise.resolve(this[BUFFER].toString());\n\t}\n\tarrayBuffer() {\n\t\tconst buf = this[BUFFER];\n\t\tconst ab = buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);\n\t\treturn Promise.resolve(ab);\n\t}\n\tstream() {\n\t\tconst readable = new Readable();\n\t\treadable._read = function () {};\n\t\treadable.push(this[BUFFER]);\n\t\treadable.push(null);\n\t\treturn readable;\n\t}\n\ttoString() {\n\t\treturn '[object Blob]';\n\t}\n\tslice() {\n\t\tconst size = this.size;\n\n\t\tconst start = arguments[0];\n\t\tconst end = arguments[1];\n\t\tlet relativeStart, relativeEnd;\n\t\tif (start === undefined) {\n\t\t\trelativeStart = 0;\n\t\t} else if (start < 0) {\n\t\t\trelativeStart = Math.max(size + start, 0);\n\t\t} else {\n\t\t\trelativeStart = Math.min(start, size);\n\t\t}\n\t\tif (end === undefined) {\n\t\t\trelativeEnd = size;\n\t\t} else if (end < 0) {\n\t\t\trelativeEnd = Math.max(size + end, 0);\n\t\t} else {\n\t\t\trelativeEnd = Math.min(end, size);\n\t\t}\n\t\tconst span = Math.max(relativeEnd - relativeStart, 0);\n\n\t\tconst buffer = this[BUFFER];\n\t\tconst slicedBuffer = buffer.slice(relativeStart, relativeStart + span);\n\t\tconst blob = new Blob([], { type: arguments[2] });\n\t\tblob[BUFFER] = slicedBuffer;\n\t\treturn blob;\n\t}\n}\n\nObject.defineProperties(Blob.prototype, {\n\tsize: { enumerable: true },\n\ttype: { enumerable: true },\n\tslice: { enumerable: true }\n});\n\nObject.defineProperty(Blob.prototype, Symbol.toStringTag, {\n\tvalue: 'Blob',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\n/**\n * fetch-error.js\n *\n * FetchError interface for operational errors\n */\n\n/**\n * Create FetchError instance\n *\n * @param   String      message      Error message for human\n * @param   String      type         Error type for machine\n * @param   String      systemError  For Node.js system error\n * @return  FetchError\n */\nfunction FetchError(message, type, systemError) {\n  Error.call(this, message);\n\n  this.message = message;\n  this.type = type;\n\n  // when err.type is `system`, err.code contains system error code\n  if (systemError) {\n    this.code = this.errno = systemError.code;\n  }\n\n  // hide custom error implementation details from end-users\n  Error.captureStackTrace(this, this.constructor);\n}\n\nFetchError.prototype = Object.create(Error.prototype);\nFetchError.prototype.constructor = FetchError;\nFetchError.prototype.name = 'FetchError';\n\nlet convert;\ntry {\n\tconvert = require('encoding').convert;\n} catch (e) {}\n\nconst INTERNALS = Symbol('Body internals');\n\n// fix an issue where \"PassThrough\" isn't a named export for node <10\nconst PassThrough = Stream.PassThrough;\n\n/**\n * Body mixin\n *\n * Ref: https://fetch.spec.whatwg.org/#body\n *\n * @param   Stream  body  Readable stream\n * @param   Object  opts  Response options\n * @return  Void\n */\nfunction Body(body) {\n\tvar _this = this;\n\n\tvar _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},\n\t    _ref$size = _ref.size;\n\n\tlet size = _ref$size === undefined ? 0 : _ref$size;\n\tvar _ref$timeout = _ref.timeout;\n\tlet timeout = _ref$timeout === undefined ? 0 : _ref$timeout;\n\n\tif (body == null) {\n\t\t// body is undefined or null\n\t\tbody = null;\n\t} else if (isURLSearchParams(body)) {\n\t\t// body is a URLSearchParams\n\t\tbody = Buffer.from(body.toString());\n\t} else if (isBlob(body)) ; else if (Buffer.isBuffer(body)) ; else if (Object.prototype.toString.call(body) === '[object ArrayBuffer]') {\n\t\t// body is ArrayBuffer\n\t\tbody = Buffer.from(body);\n\t} else if (ArrayBuffer.isView(body)) {\n\t\t// body is ArrayBufferView\n\t\tbody = Buffer.from(body.buffer, body.byteOffset, body.byteLength);\n\t} else if (body instanceof Stream) ; else {\n\t\t// none of the above\n\t\t// coerce to string then buffer\n\t\tbody = Buffer.from(String(body));\n\t}\n\tthis[INTERNALS] = {\n\t\tbody,\n\t\tdisturbed: false,\n\t\terror: null\n\t};\n\tthis.size = size;\n\tthis.timeout = timeout;\n\n\tif (body instanceof Stream) {\n\t\tbody.on('error', function (err) {\n\t\t\tconst error = err.name === 'AbortError' ? err : new FetchError(`Invalid response body while trying to fetch ${_this.url}: ${err.message}`, 'system', err);\n\t\t\t_this[INTERNALS].error = error;\n\t\t});\n\t}\n}\n\nBody.prototype = {\n\tget body() {\n\t\treturn this[INTERNALS].body;\n\t},\n\n\tget bodyUsed() {\n\t\treturn this[INTERNALS].disturbed;\n\t},\n\n\t/**\n  * Decode response as ArrayBuffer\n  *\n  * @return  Promise\n  */\n\tarrayBuffer() {\n\t\treturn consumeBody.call(this).then(function (buf) {\n\t\t\treturn buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);\n\t\t});\n\t},\n\n\t/**\n  * Return raw response as Blob\n  *\n  * @return Promise\n  */\n\tblob() {\n\t\tlet ct = this.headers && this.headers.get('content-type') || '';\n\t\treturn consumeBody.call(this).then(function (buf) {\n\t\t\treturn Object.assign(\n\t\t\t// Prevent copying\n\t\t\tnew Blob([], {\n\t\t\t\ttype: ct.toLowerCase()\n\t\t\t}), {\n\t\t\t\t[BUFFER]: buf\n\t\t\t});\n\t\t});\n\t},\n\n\t/**\n  * Decode response as json\n  *\n  * @return  Promise\n  */\n\tjson() {\n\t\tvar _this2 = this;\n\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\ttry {\n\t\t\t\treturn JSON.parse(buffer.toString());\n\t\t\t} catch (err) {\n\t\t\t\treturn Body.Promise.reject(new FetchError(`invalid json response body at ${_this2.url} reason: ${err.message}`, 'invalid-json'));\n\t\t\t}\n\t\t});\n\t},\n\n\t/**\n  * Decode response as text\n  *\n  * @return  Promise\n  */\n\ttext() {\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\treturn buffer.toString();\n\t\t});\n\t},\n\n\t/**\n  * Decode response as buffer (non-spec api)\n  *\n  * @return  Promise\n  */\n\tbuffer() {\n\t\treturn consumeBody.call(this);\n\t},\n\n\t/**\n  * Decode response as text, while automatically detecting the encoding and\n  * trying to decode to UTF-8 (non-spec api)\n  *\n  * @return  Promise\n  */\n\ttextConverted() {\n\t\tvar _this3 = this;\n\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\treturn convertBody(buffer, _this3.headers);\n\t\t});\n\t}\n};\n\n// In browsers, all properties are enumerable.\nObject.defineProperties(Body.prototype, {\n\tbody: { enumerable: true },\n\tbodyUsed: { enumerable: true },\n\tarrayBuffer: { enumerable: true },\n\tblob: { enumerable: true },\n\tjson: { enumerable: true },\n\ttext: { enumerable: true }\n});\n\nBody.mixIn = function (proto) {\n\tfor (const name of Object.getOwnPropertyNames(Body.prototype)) {\n\t\t// istanbul ignore else: future proof\n\t\tif (!(name in proto)) {\n\t\t\tconst desc = Object.getOwnPropertyDescriptor(Body.prototype, name);\n\t\t\tObject.defineProperty(proto, name, desc);\n\t\t}\n\t}\n};\n\n/**\n * Consume and convert an entire Body to a Buffer.\n *\n * Ref: https://fetch.spec.whatwg.org/#concept-body-consume-body\n *\n * @return  Promise\n */\nfunction consumeBody() {\n\tvar _this4 = this;\n\n\tif (this[INTERNALS].disturbed) {\n\t\treturn Body.Promise.reject(new TypeError(`body used already for: ${this.url}`));\n\t}\n\n\tthis[INTERNALS].disturbed = true;\n\n\tif (this[INTERNALS].error) {\n\t\treturn Body.Promise.reject(this[INTERNALS].error);\n\t}\n\n\tlet body = this.body;\n\n\t// body is null\n\tif (body === null) {\n\t\treturn Body.Promise.resolve(Buffer.alloc(0));\n\t}\n\n\t// body is blob\n\tif (isBlob(body)) {\n\t\tbody = body.stream();\n\t}\n\n\t// body is buffer\n\tif (Buffer.isBuffer(body)) {\n\t\treturn Body.Promise.resolve(body);\n\t}\n\n\t// istanbul ignore if: should never happen\n\tif (!(body instanceof Stream)) {\n\t\treturn Body.Promise.resolve(Buffer.alloc(0));\n\t}\n\n\t// body is stream\n\t// get ready to actually consume the body\n\tlet accum = [];\n\tlet accumBytes = 0;\n\tlet abort = false;\n\n\treturn new Body.Promise(function (resolve, reject) {\n\t\tlet resTimeout;\n\n\t\t// allow timeout on slow response body\n\t\tif (_this4.timeout) {\n\t\t\tresTimeout = setTimeout(function () {\n\t\t\t\tabort = true;\n\t\t\t\treject(new FetchError(`Response timeout while trying to fetch ${_this4.url} (over ${_this4.timeout}ms)`, 'body-timeout'));\n\t\t\t}, _this4.timeout);\n\t\t}\n\n\t\t// handle stream errors\n\t\tbody.on('error', function (err) {\n\t\t\tif (err.name === 'AbortError') {\n\t\t\t\t// if the request was aborted, reject with this Error\n\t\t\t\tabort = true;\n\t\t\t\treject(err);\n\t\t\t} else {\n\t\t\t\t// other errors, such as incorrect content-encoding\n\t\t\t\treject(new FetchError(`Invalid response body while trying to fetch ${_this4.url}: ${err.message}`, 'system', err));\n\t\t\t}\n\t\t});\n\n\t\tbody.on('data', function (chunk) {\n\t\t\tif (abort || chunk === null) {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\tif (_this4.size && accumBytes + chunk.length > _this4.size) {\n\t\t\t\tabort = true;\n\t\t\t\treject(new FetchError(`content size at ${_this4.url} over limit: ${_this4.size}`, 'max-size'));\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\taccumBytes += chunk.length;\n\t\t\taccum.push(chunk);\n\t\t});\n\n\t\tbody.on('end', function () {\n\t\t\tif (abort) {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\tclearTimeout(resTimeout);\n\n\t\t\ttry {\n\t\t\t\tresolve(Buffer.concat(accum, accumBytes));\n\t\t\t} catch (err) {\n\t\t\t\t// handle streams that have accumulated too much data (issue #414)\n\t\t\t\treject(new FetchError(`Could not create Buffer from response body for ${_this4.url}: ${err.message}`, 'system', err));\n\t\t\t}\n\t\t});\n\t});\n}\n\n/**\n * Detect buffer encoding and convert to target encoding\n * ref: http://www.w3.org/TR/2011/WD-html5-20110113/parsing.html#determining-the-character-encoding\n *\n * @param   Buffer  buffer    Incoming buffer\n * @param   String  encoding  Target encoding\n * @return  String\n */\nfunction convertBody(buffer, headers) {\n\tif (typeof convert !== 'function') {\n\t\tthrow new Error('The package `encoding` must be installed to use the textConverted() function');\n\t}\n\n\tconst ct = headers.get('content-type');\n\tlet charset = 'utf-8';\n\tlet res, str;\n\n\t// header\n\tif (ct) {\n\t\tres = /charset=([^;]*)/i.exec(ct);\n\t}\n\n\t// no charset in content type, peek at response body for at most 1024 bytes\n\tstr = buffer.slice(0, 1024).toString();\n\n\t// html5\n\tif (!res && str) {\n\t\tres = /<meta.+?charset=(['\"])(.+?)\\1/i.exec(str);\n\t}\n\n\t// html4\n\tif (!res && str) {\n\t\tres = /<meta[\\s]+?http-equiv=(['\"])content-type\\1[\\s]+?content=(['\"])(.+?)\\2/i.exec(str);\n\t\tif (!res) {\n\t\t\tres = /<meta[\\s]+?content=(['\"])(.+?)\\1[\\s]+?http-equiv=(['\"])content-type\\3/i.exec(str);\n\t\t\tif (res) {\n\t\t\t\tres.pop(); // drop last quote\n\t\t\t}\n\t\t}\n\n\t\tif (res) {\n\t\t\tres = /charset=(.*)/i.exec(res.pop());\n\t\t}\n\t}\n\n\t// xml\n\tif (!res && str) {\n\t\tres = /<\\?xml.+?encoding=(['\"])(.+?)\\1/i.exec(str);\n\t}\n\n\t// found charset\n\tif (res) {\n\t\tcharset = res.pop();\n\n\t\t// prevent decode issues when sites use incorrect encoding\n\t\t// ref: https://hsivonen.fi/encoding-menu/\n\t\tif (charset === 'gb2312' || charset === 'gbk') {\n\t\t\tcharset = 'gb18030';\n\t\t}\n\t}\n\n\t// turn raw buffers into a single utf-8 buffer\n\treturn convert(buffer, 'UTF-8', charset).toString();\n}\n\n/**\n * Detect a URLSearchParams object\n * ref: https://github.com/bitinn/node-fetch/issues/296#issuecomment-307598143\n *\n * @param   Object  obj     Object to detect by type or brand\n * @return  String\n */\nfunction isURLSearchParams(obj) {\n\t// Duck-typing as a necessary condition.\n\tif (typeof obj !== 'object' || typeof obj.append !== 'function' || typeof obj.delete !== 'function' || typeof obj.get !== 'function' || typeof obj.getAll !== 'function' || typeof obj.has !== 'function' || typeof obj.set !== 'function') {\n\t\treturn false;\n\t}\n\n\t// Brand-checking and more duck-typing as optional condition.\n\treturn obj.constructor.name === 'URLSearchParams' || Object.prototype.toString.call(obj) === '[object URLSearchParams]' || typeof obj.sort === 'function';\n}\n\n/**\n * Check if `obj` is a W3C `Blob` object (which `File` inherits from)\n * @param  {*} obj\n * @return {boolean}\n */\nfunction isBlob(obj) {\n\treturn typeof obj === 'object' && typeof obj.arrayBuffer === 'function' && typeof obj.type === 'string' && typeof obj.stream === 'function' && typeof obj.constructor === 'function' && typeof obj.constructor.name === 'string' && /^(Blob|File)$/.test(obj.constructor.name) && /^(Blob|File)$/.test(obj[Symbol.toStringTag]);\n}\n\n/**\n * Clone body given Res/Req instance\n *\n * @param   Mixed  instance  Response or Request instance\n * @return  Mixed\n */\nfunction clone(instance) {\n\tlet p1, p2;\n\tlet body = instance.body;\n\n\t// don't allow cloning a used body\n\tif (instance.bodyUsed) {\n\t\tthrow new Error('cannot clone body after it is used');\n\t}\n\n\t// check that body is a stream and not form-data object\n\t// note: we can't clone the form-data object without having it as a dependency\n\tif (body instanceof Stream && typeof body.getBoundary !== 'function') {\n\t\t// tee instance body\n\t\tp1 = new PassThrough();\n\t\tp2 = new PassThrough();\n\t\tbody.pipe(p1);\n\t\tbody.pipe(p2);\n\t\t// set instance body to teed body and return the other teed body\n\t\tinstance[INTERNALS].body = p1;\n\t\tbody = p2;\n\t}\n\n\treturn body;\n}\n\n/**\n * Performs the operation \"extract a `Content-Type` value from |object|\" as\n * specified in the specification:\n * https://fetch.spec.whatwg.org/#concept-bodyinit-extract\n *\n * This function assumes that instance.body is present.\n *\n * @param   Mixed  instance  Any options.body input\n */\nfunction extractContentType(body) {\n\tif (body === null) {\n\t\t// body is null\n\t\treturn null;\n\t} else if (typeof body === 'string') {\n\t\t// body is string\n\t\treturn 'text/plain;charset=UTF-8';\n\t} else if (isURLSearchParams(body)) {\n\t\t// body is a URLSearchParams\n\t\treturn 'application/x-www-form-urlencoded;charset=UTF-8';\n\t} else if (isBlob(body)) {\n\t\t// body is blob\n\t\treturn body.type || null;\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\treturn null;\n\t} else if (Object.prototype.toString.call(body) === '[object ArrayBuffer]') {\n\t\t// body is ArrayBuffer\n\t\treturn null;\n\t} else if (ArrayBuffer.isView(body)) {\n\t\t// body is ArrayBufferView\n\t\treturn null;\n\t} else if (typeof body.getBoundary === 'function') {\n\t\t// detect form data input from form-data module\n\t\treturn `multipart/form-data;boundary=${body.getBoundary()}`;\n\t} else if (body instanceof Stream) {\n\t\t// body is stream\n\t\t// can't really do much about this\n\t\treturn null;\n\t} else {\n\t\t// Body constructor defaults other things to string\n\t\treturn 'text/plain;charset=UTF-8';\n\t}\n}\n\n/**\n * The Fetch Standard treats this as if \"total bytes\" is a property on the body.\n * For us, we have to explicitly get it with a function.\n *\n * ref: https://fetch.spec.whatwg.org/#concept-body-total-bytes\n *\n * @param   Body    instance   Instance of Body\n * @return  Number?            Number of bytes, or null if not possible\n */\nfunction getTotalBytes(instance) {\n\tconst body = instance.body;\n\n\n\tif (body === null) {\n\t\t// body is null\n\t\treturn 0;\n\t} else if (isBlob(body)) {\n\t\treturn body.size;\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\treturn body.length;\n\t} else if (body && typeof body.getLengthSync === 'function') {\n\t\t// detect form data input from form-data module\n\t\tif (body._lengthRetrievers && body._lengthRetrievers.length == 0 || // 1.x\n\t\tbody.hasKnownLength && body.hasKnownLength()) {\n\t\t\t// 2.x\n\t\t\treturn body.getLengthSync();\n\t\t}\n\t\treturn null;\n\t} else {\n\t\t// body is stream\n\t\treturn null;\n\t}\n}\n\n/**\n * Write a Body to a Node.js WritableStream (e.g. http.Request) object.\n *\n * @param   Body    instance   Instance of Body\n * @return  Void\n */\nfunction writeToStream(dest, instance) {\n\tconst body = instance.body;\n\n\n\tif (body === null) {\n\t\t// body is null\n\t\tdest.end();\n\t} else if (isBlob(body)) {\n\t\tbody.stream().pipe(dest);\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\tdest.write(body);\n\t\tdest.end();\n\t} else {\n\t\t// body is stream\n\t\tbody.pipe(dest);\n\t}\n}\n\n// expose Promise\nBody.Promise = global.Promise;\n\n/**\n * headers.js\n *\n * Headers class offers convenient helpers\n */\n\nconst invalidTokenRegex = /[^\\^_`a-zA-Z\\-0-9!#$%&'*+.|~]/;\nconst invalidHeaderCharRegex = /[^\\t\\x20-\\x7e\\x80-\\xff]/;\n\nfunction validateName(name) {\n\tname = `${name}`;\n\tif (invalidTokenRegex.test(name) || name === '') {\n\t\tthrow new TypeError(`${name} is not a legal HTTP header name`);\n\t}\n}\n\nfunction validateValue(value) {\n\tvalue = `${value}`;\n\tif (invalidHeaderCharRegex.test(value)) {\n\t\tthrow new TypeError(`${value} is not a legal HTTP header value`);\n\t}\n}\n\n/**\n * Find the key in the map object given a header name.\n *\n * Returns undefined if not found.\n *\n * @param   String  name  Header name\n * @return  String|Undefined\n */\nfunction find(map, name) {\n\tname = name.toLowerCase();\n\tfor (const key in map) {\n\t\tif (key.toLowerCase() === name) {\n\t\t\treturn key;\n\t\t}\n\t}\n\treturn undefined;\n}\n\nconst MAP = Symbol('map');\nclass Headers {\n\t/**\n  * Headers class\n  *\n  * @param   Object  headers  Response headers\n  * @return  Void\n  */\n\tconstructor() {\n\t\tlet init = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : undefined;\n\n\t\tthis[MAP] = Object.create(null);\n\n\t\tif (init instanceof Headers) {\n\t\t\tconst rawHeaders = init.raw();\n\t\t\tconst headerNames = Object.keys(rawHeaders);\n\n\t\t\tfor (const headerName of headerNames) {\n\t\t\t\tfor (const value of rawHeaders[headerName]) {\n\t\t\t\t\tthis.append(headerName, value);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn;\n\t\t}\n\n\t\t// We don't worry about converting prop to ByteString here as append()\n\t\t// will handle it.\n\t\tif (init == null) ; else if (typeof init === 'object') {\n\t\t\tconst method = init[Symbol.iterator];\n\t\t\tif (method != null) {\n\t\t\t\tif (typeof method !== 'function') {\n\t\t\t\t\tthrow new TypeError('Header pairs must be iterable');\n\t\t\t\t}\n\n\t\t\t\t// sequence<sequence<ByteString>>\n\t\t\t\t// Note: per spec we have to first exhaust the lists then process them\n\t\t\t\tconst pairs = [];\n\t\t\t\tfor (const pair of init) {\n\t\t\t\t\tif (typeof pair !== 'object' || typeof pair[Symbol.iterator] !== 'function') {\n\t\t\t\t\t\tthrow new TypeError('Each header pair must be iterable');\n\t\t\t\t\t}\n\t\t\t\t\tpairs.push(Array.from(pair));\n\t\t\t\t}\n\n\t\t\t\tfor (const pair of pairs) {\n\t\t\t\t\tif (pair.length !== 2) {\n\t\t\t\t\t\tthrow new TypeError('Each header pair must be a name/value tuple');\n\t\t\t\t\t}\n\t\t\t\t\tthis.append(pair[0], pair[1]);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// record<ByteString, ByteString>\n\t\t\t\tfor (const key of Object.keys(init)) {\n\t\t\t\t\tconst value = init[key];\n\t\t\t\t\tthis.append(key, value);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tthrow new TypeError('Provided initializer must be an object');\n\t\t}\n\t}\n\n\t/**\n  * Return combined header value given name\n  *\n  * @param   String  name  Header name\n  * @return  Mixed\n  */\n\tget(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key === undefined) {\n\t\t\treturn null;\n\t\t}\n\n\t\treturn this[MAP][key].join(', ');\n\t}\n\n\t/**\n  * Iterate over all headers\n  *\n  * @param   Function  callback  Executed for each item with parameters (value, name, thisArg)\n  * @param   Boolean   thisArg   `this` context for callback function\n  * @return  Void\n  */\n\tforEach(callback) {\n\t\tlet thisArg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;\n\n\t\tlet pairs = getHeaders(this);\n\t\tlet i = 0;\n\t\twhile (i < pairs.length) {\n\t\t\tvar _pairs$i = pairs[i];\n\t\t\tconst name = _pairs$i[0],\n\t\t\t      value = _pairs$i[1];\n\n\t\t\tcallback.call(thisArg, value, name, this);\n\t\t\tpairs = getHeaders(this);\n\t\t\ti++;\n\t\t}\n\t}\n\n\t/**\n  * Overwrite header values given name\n  *\n  * @param   String  name   Header name\n  * @param   String  value  Header value\n  * @return  Void\n  */\n\tset(name, value) {\n\t\tname = `${name}`;\n\t\tvalue = `${value}`;\n\t\tvalidateName(name);\n\t\tvalidateValue(value);\n\t\tconst key = find(this[MAP], name);\n\t\tthis[MAP][key !== undefined ? key : name] = [value];\n\t}\n\n\t/**\n  * Append a value onto existing header\n  *\n  * @param   String  name   Header name\n  * @param   String  value  Header value\n  * @return  Void\n  */\n\tappend(name, value) {\n\t\tname = `${name}`;\n\t\tvalue = `${value}`;\n\t\tvalidateName(name);\n\t\tvalidateValue(value);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key !== undefined) {\n\t\t\tthis[MAP][key].push(value);\n\t\t} else {\n\t\t\tthis[MAP][name] = [value];\n\t\t}\n\t}\n\n\t/**\n  * Check for header name existence\n  *\n  * @param   String   name  Header name\n  * @return  Boolean\n  */\n\thas(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\treturn find(this[MAP], name) !== undefined;\n\t}\n\n\t/**\n  * Delete all header values given name\n  *\n  * @param   String  name  Header name\n  * @return  Void\n  */\n\tdelete(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key !== undefined) {\n\t\t\tdelete this[MAP][key];\n\t\t}\n\t}\n\n\t/**\n  * Return raw headers (non-spec api)\n  *\n  * @return  Object\n  */\n\traw() {\n\t\treturn this[MAP];\n\t}\n\n\t/**\n  * Get an iterator on keys.\n  *\n  * @return  Iterator\n  */\n\tkeys() {\n\t\treturn createHeadersIterator(this, 'key');\n\t}\n\n\t/**\n  * Get an iterator on values.\n  *\n  * @return  Iterator\n  */\n\tvalues() {\n\t\treturn createHeadersIterator(this, 'value');\n\t}\n\n\t/**\n  * Get an iterator on entries.\n  *\n  * This is the default iterator of the Headers object.\n  *\n  * @return  Iterator\n  */\n\t[Symbol.iterator]() {\n\t\treturn createHeadersIterator(this, 'key+value');\n\t}\n}\nHeaders.prototype.entries = Headers.prototype[Symbol.iterator];\n\nObject.defineProperty(Headers.prototype, Symbol.toStringTag, {\n\tvalue: 'Headers',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nObject.defineProperties(Headers.prototype, {\n\tget: { enumerable: true },\n\tforEach: { enumerable: true },\n\tset: { enumerable: true },\n\tappend: { enumerable: true },\n\thas: { enumerable: true },\n\tdelete: { enumerable: true },\n\tkeys: { enumerable: true },\n\tvalues: { enumerable: true },\n\tentries: { enumerable: true }\n});\n\nfunction getHeaders(headers) {\n\tlet kind = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'key+value';\n\n\tconst keys = Object.keys(headers[MAP]).sort();\n\treturn keys.map(kind === 'key' ? function (k) {\n\t\treturn k.toLowerCase();\n\t} : kind === 'value' ? function (k) {\n\t\treturn headers[MAP][k].join(', ');\n\t} : function (k) {\n\t\treturn [k.toLowerCase(), headers[MAP][k].join(', ')];\n\t});\n}\n\nconst INTERNAL = Symbol('internal');\n\nfunction createHeadersIterator(target, kind) {\n\tconst iterator = Object.create(HeadersIteratorPrototype);\n\titerator[INTERNAL] = {\n\t\ttarget,\n\t\tkind,\n\t\tindex: 0\n\t};\n\treturn iterator;\n}\n\nconst HeadersIteratorPrototype = Object.setPrototypeOf({\n\tnext() {\n\t\t// istanbul ignore if\n\t\tif (!this || Object.getPrototypeOf(this) !== HeadersIteratorPrototype) {\n\t\t\tthrow new TypeError('Value of `this` is not a HeadersIterator');\n\t\t}\n\n\t\tvar _INTERNAL = this[INTERNAL];\n\t\tconst target = _INTERNAL.target,\n\t\t      kind = _INTERNAL.kind,\n\t\t      index = _INTERNAL.index;\n\n\t\tconst values = getHeaders(target, kind);\n\t\tconst len = values.length;\n\t\tif (index >= len) {\n\t\t\treturn {\n\t\t\t\tvalue: undefined,\n\t\t\t\tdone: true\n\t\t\t};\n\t\t}\n\n\t\tthis[INTERNAL].index = index + 1;\n\n\t\treturn {\n\t\t\tvalue: values[index],\n\t\t\tdone: false\n\t\t};\n\t}\n}, Object.getPrototypeOf(Object.getPrototypeOf([][Symbol.iterator]())));\n\nObject.defineProperty(HeadersIteratorPrototype, Symbol.toStringTag, {\n\tvalue: 'HeadersIterator',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\n/**\n * Export the Headers object in a form that Node.js can consume.\n *\n * @param   Headers  headers\n * @return  Object\n */\nfunction exportNodeCompatibleHeaders(headers) {\n\tconst obj = Object.assign({ __proto__: null }, headers[MAP]);\n\n\t// http.request() only supports string as Host header. This hack makes\n\t// specifying custom Host header possible.\n\tconst hostHeaderKey = find(headers[MAP], 'Host');\n\tif (hostHeaderKey !== undefined) {\n\t\tobj[hostHeaderKey] = obj[hostHeaderKey][0];\n\t}\n\n\treturn obj;\n}\n\n/**\n * Create a Headers object from an object of headers, ignoring those that do\n * not conform to HTTP grammar productions.\n *\n * @param   Object  obj  Object of headers\n * @return  Headers\n */\nfunction createHeadersLenient(obj) {\n\tconst headers = new Headers();\n\tfor (const name of Object.keys(obj)) {\n\t\tif (invalidTokenRegex.test(name)) {\n\t\t\tcontinue;\n\t\t}\n\t\tif (Array.isArray(obj[name])) {\n\t\t\tfor (const val of obj[name]) {\n\t\t\t\tif (invalidHeaderCharRegex.test(val)) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\tif (headers[MAP][name] === undefined) {\n\t\t\t\t\theaders[MAP][name] = [val];\n\t\t\t\t} else {\n\t\t\t\t\theaders[MAP][name].push(val);\n\t\t\t\t}\n\t\t\t}\n\t\t} else if (!invalidHeaderCharRegex.test(obj[name])) {\n\t\t\theaders[MAP][name] = [obj[name]];\n\t\t}\n\t}\n\treturn headers;\n}\n\nconst INTERNALS$1 = Symbol('Response internals');\n\n// fix an issue where \"STATUS_CODES\" aren't a named export for node <10\nconst STATUS_CODES = http.STATUS_CODES;\n\n/**\n * Response class\n *\n * @param   Stream  body  Readable stream\n * @param   Object  opts  Response options\n * @return  Void\n */\nclass Response {\n\tconstructor() {\n\t\tlet body = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;\n\t\tlet opts = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};\n\n\t\tBody.call(this, body, opts);\n\n\t\tconst status = opts.status || 200;\n\t\tconst headers = new Headers(opts.headers);\n\n\t\tif (body != null && !headers.has('Content-Type')) {\n\t\t\tconst contentType = extractContentType(body);\n\t\t\tif (contentType) {\n\t\t\t\theaders.append('Content-Type', contentType);\n\t\t\t}\n\t\t}\n\n\t\tthis[INTERNALS$1] = {\n\t\t\turl: opts.url,\n\t\t\tstatus,\n\t\t\tstatusText: opts.statusText || STATUS_CODES[status],\n\t\t\theaders,\n\t\t\tcounter: opts.counter\n\t\t};\n\t}\n\n\tget url() {\n\t\treturn this[INTERNALS$1].url || '';\n\t}\n\n\tget status() {\n\t\treturn this[INTERNALS$1].status;\n\t}\n\n\t/**\n  * Convenience property representing if the request ended normally\n  */\n\tget ok() {\n\t\treturn this[INTERNALS$1].status >= 200 && this[INTERNALS$1].status < 300;\n\t}\n\n\tget redirected() {\n\t\treturn this[INTERNALS$1].counter > 0;\n\t}\n\n\tget statusText() {\n\t\treturn this[INTERNALS$1].statusText;\n\t}\n\n\tget headers() {\n\t\treturn this[INTERNALS$1].headers;\n\t}\n\n\t/**\n  * Clone this response\n  *\n  * @return  Response\n  */\n\tclone() {\n\t\treturn new Response(clone(this), {\n\t\t\turl: this.url,\n\t\t\tstatus: this.status,\n\t\t\tstatusText: this.statusText,\n\t\t\theaders: this.headers,\n\t\t\tok: this.ok,\n\t\t\tredirected: this.redirected\n\t\t});\n\t}\n}\n\nBody.mixIn(Response.prototype);\n\nObject.defineProperties(Response.prototype, {\n\turl: { enumerable: true },\n\tstatus: { enumerable: true },\n\tok: { enumerable: true },\n\tredirected: { enumerable: true },\n\tstatusText: { enumerable: true },\n\theaders: { enumerable: true },\n\tclone: { enumerable: true }\n});\n\nObject.defineProperty(Response.prototype, Symbol.toStringTag, {\n\tvalue: 'Response',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nconst INTERNALS$2 = Symbol('Request internals');\nconst URL = Url.URL || whatwgUrl.URL;\n\n// fix an issue where \"format\", \"parse\" aren't a named export for node <10\nconst parse_url = Url.parse;\nconst format_url = Url.format;\n\n/**\n * Wrapper around `new URL` to handle arbitrary URLs\n *\n * @param  {string} urlStr\n * @return {void}\n */\nfunction parseURL(urlStr) {\n\t/*\n \tCheck whether the URL is absolute or not\n \t\tScheme: https://tools.ietf.org/html/rfc3986#section-3.1\n \tAbsolute URL: https://tools.ietf.org/html/rfc3986#section-4.3\n */\n\tif (/^[a-zA-Z][a-zA-Z\\d+\\-.]*:/.exec(urlStr)) {\n\t\turlStr = new URL(urlStr).toString();\n\t}\n\n\t// Fallback to old implementation for arbitrary URLs\n\treturn parse_url(urlStr);\n}\n\nconst streamDestructionSupported = 'destroy' in Stream.Readable.prototype;\n\n/**\n * Check if a value is an instance of Request.\n *\n * @param   Mixed   input\n * @return  Boolean\n */\nfunction isRequest(input) {\n\treturn typeof input === 'object' && typeof input[INTERNALS$2] === 'object';\n}\n\nfunction isAbortSignal(signal) {\n\tconst proto = signal && typeof signal === 'object' && Object.getPrototypeOf(signal);\n\treturn !!(proto && proto.constructor.name === 'AbortSignal');\n}\n\n/**\n * Request class\n *\n * @param   Mixed   input  Url or Request instance\n * @param   Object  init   Custom options\n * @return  Void\n */\nclass Request {\n\tconstructor(input) {\n\t\tlet init = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};\n\n\t\tlet parsedURL;\n\n\t\t// normalize input\n\t\tif (!isRequest(input)) {\n\t\t\tif (input && input.href) {\n\t\t\t\t// in order to support Node.js' Url objects; though WHATWG's URL objects\n\t\t\t\t// will fall into this branch also (since their `toString()` will return\n\t\t\t\t// `href` property anyway)\n\t\t\t\tparsedURL = parseURL(input.href);\n\t\t\t} else {\n\t\t\t\t// coerce input to a string before attempting to parse\n\t\t\t\tparsedURL = parseURL(`${input}`);\n\t\t\t}\n\t\t\tinput = {};\n\t\t} else {\n\t\t\tparsedURL = parseURL(input.url);\n\t\t}\n\n\t\tlet method = init.method || input.method || 'GET';\n\t\tmethod = method.toUpperCase();\n\n\t\tif ((init.body != null || isRequest(input) && input.body !== null) && (method === 'GET' || method === 'HEAD')) {\n\t\t\tthrow new TypeError('Request with GET/HEAD method cannot have body');\n\t\t}\n\n\t\tlet inputBody = init.body != null ? init.body : isRequest(input) && input.body !== null ? clone(input) : null;\n\n\t\tBody.call(this, inputBody, {\n\t\t\ttimeout: init.timeout || input.timeout || 0,\n\t\t\tsize: init.size || input.size || 0\n\t\t});\n\n\t\tconst headers = new Headers(init.headers || input.headers || {});\n\n\t\tif (inputBody != null && !headers.has('Content-Type')) {\n\t\t\tconst contentType = extractContentType(inputBody);\n\t\t\tif (contentType) {\n\t\t\t\theaders.append('Content-Type', contentType);\n\t\t\t}\n\t\t}\n\n\t\tlet signal = isRequest(input) ? input.signal : null;\n\t\tif ('signal' in init) signal = init.signal;\n\n\t\tif (signal != null && !isAbortSignal(signal)) {\n\t\t\tthrow new TypeError('Expected signal to be an instanceof AbortSignal');\n\t\t}\n\n\t\tthis[INTERNALS$2] = {\n\t\t\tmethod,\n\t\t\tredirect: init.redirect || input.redirect || 'follow',\n\t\t\theaders,\n\t\t\tparsedURL,\n\t\t\tsignal\n\t\t};\n\n\t\t// node-fetch-only options\n\t\tthis.follow = init.follow !== undefined ? init.follow : input.follow !== undefined ? input.follow : 20;\n\t\tthis.compress = init.compress !== undefined ? init.compress : input.compress !== undefined ? input.compress : true;\n\t\tthis.counter = init.counter || input.counter || 0;\n\t\tthis.agent = init.agent || input.agent;\n\t}\n\n\tget method() {\n\t\treturn this[INTERNALS$2].method;\n\t}\n\n\tget url() {\n\t\treturn format_url(this[INTERNALS$2].parsedURL);\n\t}\n\n\tget headers() {\n\t\treturn this[INTERNALS$2].headers;\n\t}\n\n\tget redirect() {\n\t\treturn this[INTERNALS$2].redirect;\n\t}\n\n\tget signal() {\n\t\treturn this[INTERNALS$2].signal;\n\t}\n\n\t/**\n  * Clone this request\n  *\n  * @return  Request\n  */\n\tclone() {\n\t\treturn new Request(this);\n\t}\n}\n\nBody.mixIn(Request.prototype);\n\nObject.defineProperty(Request.prototype, Symbol.toStringTag, {\n\tvalue: 'Request',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nObject.defineProperties(Request.prototype, {\n\tmethod: { enumerable: true },\n\turl: { enumerable: true },\n\theaders: { enumerable: true },\n\tredirect: { enumerable: true },\n\tclone: { enumerable: true },\n\tsignal: { enumerable: true }\n});\n\n/**\n * Convert a Request to Node.js http request options.\n *\n * @param   Request  A Request instance\n * @return  Object   The options object to be passed to http.request\n */\nfunction getNodeRequestOptions(request) {\n\tconst parsedURL = request[INTERNALS$2].parsedURL;\n\tconst headers = new Headers(request[INTERNALS$2].headers);\n\n\t// fetch step 1.3\n\tif (!headers.has('Accept')) {\n\t\theaders.set('Accept', '*/*');\n\t}\n\n\t// Basic fetch\n\tif (!parsedURL.protocol || !parsedURL.hostname) {\n\t\tthrow new TypeError('Only absolute URLs are supported');\n\t}\n\n\tif (!/^https?:$/.test(parsedURL.protocol)) {\n\t\tthrow new TypeError('Only HTTP(S) protocols are supported');\n\t}\n\n\tif (request.signal && request.body instanceof Stream.Readable && !streamDestructionSupported) {\n\t\tthrow new Error('Cancellation of streamed requests with AbortSignal is not supported in node < 8');\n\t}\n\n\t// HTTP-network-or-cache fetch steps 2.4-2.7\n\tlet contentLengthValue = null;\n\tif (request.body == null && /^(POST|PUT)$/i.test(request.method)) {\n\t\tcontentLengthValue = '0';\n\t}\n\tif (request.body != null) {\n\t\tconst totalBytes = getTotalBytes(request);\n\t\tif (typeof totalBytes === 'number') {\n\t\t\tcontentLengthValue = String(totalBytes);\n\t\t}\n\t}\n\tif (contentLengthValue) {\n\t\theaders.set('Content-Length', contentLengthValue);\n\t}\n\n\t// HTTP-network-or-cache fetch step 2.11\n\tif (!headers.has('User-Agent')) {\n\t\theaders.set('User-Agent', 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)');\n\t}\n\n\t// HTTP-network-or-cache fetch step 2.15\n\tif (request.compress && !headers.has('Accept-Encoding')) {\n\t\theaders.set('Accept-Encoding', 'gzip,deflate');\n\t}\n\n\tlet agent = request.agent;\n\tif (typeof agent === 'function') {\n\t\tagent = agent(parsedURL);\n\t}\n\n\tif (!headers.has('Connection') && !agent) {\n\t\theaders.set('Connection', 'close');\n\t}\n\n\t// HTTP-network fetch step 4.2\n\t// chunked encoding is handled by Node.js\n\n\treturn Object.assign({}, parsedURL, {\n\t\tmethod: request.method,\n\t\theaders: exportNodeCompatibleHeaders(headers),\n\t\tagent\n\t});\n}\n\n/**\n * abort-error.js\n *\n * AbortError interface for cancelled requests\n */\n\n/**\n * Create AbortError instance\n *\n * @param   String      message      Error message for human\n * @return  AbortError\n */\nfunction AbortError(message) {\n  Error.call(this, message);\n\n  this.type = 'aborted';\n  this.message = message;\n\n  // hide custom error implementation details from end-users\n  Error.captureStackTrace(this, this.constructor);\n}\n\nAbortError.prototype = Object.create(Error.prototype);\nAbortError.prototype.constructor = AbortError;\nAbortError.prototype.name = 'AbortError';\n\nconst URL$1 = Url.URL || whatwgUrl.URL;\n\n// fix an issue where \"PassThrough\", \"resolve\" aren't a named export for node <10\nconst PassThrough$1 = Stream.PassThrough;\n\nconst isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {\n\tconst orig = new URL$1(original).hostname;\n\tconst dest = new URL$1(destination).hostname;\n\n\treturn orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);\n};\n\n/**\n * Fetch function\n *\n * @param   Mixed    url   Absolute url or Request instance\n * @param   Object   opts  Fetch options\n * @return  Promise\n */\nfunction fetch(url, opts) {\n\n\t// allow custom promise\n\tif (!fetch.Promise) {\n\t\tthrow new Error('native promise missing, set fetch.Promise to your favorite alternative');\n\t}\n\n\tBody.Promise = fetch.Promise;\n\n\t// wrap http.request into fetch\n\treturn new fetch.Promise(function (resolve, reject) {\n\t\t// build request object\n\t\tconst request = new Request(url, opts);\n\t\tconst options = getNodeRequestOptions(request);\n\n\t\tconst send = (options.protocol === 'https:' ? https : http).request;\n\t\tconst signal = request.signal;\n\n\t\tlet response = null;\n\n\t\tconst abort = function abort() {\n\t\t\tlet error = new AbortError('The user aborted a request.');\n\t\t\treject(error);\n\t\t\tif (request.body && request.body instanceof Stream.Readable) {\n\t\t\t\trequest.body.destroy(error);\n\t\t\t}\n\t\t\tif (!response || !response.body) return;\n\t\t\tresponse.body.emit('error', error);\n\t\t};\n\n\t\tif (signal && signal.aborted) {\n\t\t\tabort();\n\t\t\treturn;\n\t\t}\n\n\t\tconst abortAndFinalize = function abortAndFinalize() {\n\t\t\tabort();\n\t\t\tfinalize();\n\t\t};\n\n\t\t// send request\n\t\tconst req = send(options);\n\t\tlet reqTimeout;\n\n\t\tif (signal) {\n\t\t\tsignal.addEventListener('abort', abortAndFinalize);\n\t\t}\n\n\t\tfunction finalize() {\n\t\t\treq.abort();\n\t\t\tif (signal) signal.removeEventListener('abort', abortAndFinalize);\n\t\t\tclearTimeout(reqTimeout);\n\t\t}\n\n\t\tif (request.timeout) {\n\t\t\treq.once('socket', function (socket) {\n\t\t\t\treqTimeout = setTimeout(function () {\n\t\t\t\t\treject(new FetchError(`network timeout at: ${request.url}`, 'request-timeout'));\n\t\t\t\t\tfinalize();\n\t\t\t\t}, request.timeout);\n\t\t\t});\n\t\t}\n\n\t\treq.on('error', function (err) {\n\t\t\treject(new FetchError(`request to ${request.url} failed, reason: ${err.message}`, 'system', err));\n\t\t\tfinalize();\n\t\t});\n\n\t\treq.on('response', function (res) {\n\t\t\tclearTimeout(reqTimeout);\n\n\t\t\tconst headers = createHeadersLenient(res.headers);\n\n\t\t\t// HTTP fetch step 5\n\t\t\tif (fetch.isRedirect(res.statusCode)) {\n\t\t\t\t// HTTP fetch step 5.2\n\t\t\t\tconst location = headers.get('Location');\n\n\t\t\t\t// HTTP fetch step 5.3\n\t\t\t\tlet locationURL = null;\n\t\t\t\ttry {\n\t\t\t\t\tlocationURL = location === null ? null : new URL$1(location, request.url).toString();\n\t\t\t\t} catch (err) {\n\t\t\t\t\t// error here can only be invalid URL in Location: header\n\t\t\t\t\t// do not throw when options.redirect == manual\n\t\t\t\t\t// let the user extract the errorneous redirect URL\n\t\t\t\t\tif (request.redirect !== 'manual') {\n\t\t\t\t\t\treject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// HTTP fetch step 5.5\n\t\t\t\tswitch (request.redirect) {\n\t\t\t\t\tcase 'error':\n\t\t\t\t\t\treject(new FetchError(`uri requested responds with a redirect, redirect mode is set to error: ${request.url}`, 'no-redirect'));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t\tcase 'manual':\n\t\t\t\t\t\t// node-fetch-specific step: make manual redirect a bit easier to use by setting the Location header value to the resolved URL.\n\t\t\t\t\t\tif (locationURL !== null) {\n\t\t\t\t\t\t\t// handle corrupted header\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\theaders.set('Location', locationURL);\n\t\t\t\t\t\t\t} catch (err) {\n\t\t\t\t\t\t\t\t// istanbul ignore next: nodejs server prevent invalid response headers, we can't test this through normal request\n\t\t\t\t\t\t\t\treject(err);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 'follow':\n\t\t\t\t\t\t// HTTP-redirect fetch step 2\n\t\t\t\t\t\tif (locationURL === null) {\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 5\n\t\t\t\t\t\tif (request.counter >= request.follow) {\n\t\t\t\t\t\t\treject(new FetchError(`maximum redirect reached at: ${request.url}`, 'max-redirect'));\n\t\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 6 (counter increment)\n\t\t\t\t\t\t// Create a new Request object.\n\t\t\t\t\t\tconst requestOpts = {\n\t\t\t\t\t\t\theaders: new Headers(request.headers),\n\t\t\t\t\t\t\tfollow: request.follow,\n\t\t\t\t\t\t\tcounter: request.counter + 1,\n\t\t\t\t\t\t\tagent: request.agent,\n\t\t\t\t\t\t\tcompress: request.compress,\n\t\t\t\t\t\t\tmethod: request.method,\n\t\t\t\t\t\t\tbody: request.body,\n\t\t\t\t\t\t\tsignal: request.signal,\n\t\t\t\t\t\t\ttimeout: request.timeout,\n\t\t\t\t\t\t\tsize: request.size\n\t\t\t\t\t\t};\n\n\t\t\t\t\t\tif (!isDomainOrSubdomain(request.url, locationURL)) {\n\t\t\t\t\t\t\tfor (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {\n\t\t\t\t\t\t\t\trequestOpts.headers.delete(name);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 9\n\t\t\t\t\t\tif (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {\n\t\t\t\t\t\t\treject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));\n\t\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 11\n\t\t\t\t\t\tif (res.statusCode === 303 || (res.statusCode === 301 || res.statusCode === 302) && request.method === 'POST') {\n\t\t\t\t\t\t\trequestOpts.method = 'GET';\n\t\t\t\t\t\t\trequestOpts.body = undefined;\n\t\t\t\t\t\t\trequestOpts.headers.delete('content-length');\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 15\n\t\t\t\t\t\tresolve(fetch(new Request(locationURL, requestOpts)));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// prepare response\n\t\t\tres.once('end', function () {\n\t\t\t\tif (signal) signal.removeEventListener('abort', abortAndFinalize);\n\t\t\t});\n\t\t\tlet body = res.pipe(new PassThrough$1());\n\n\t\t\tconst response_options = {\n\t\t\t\turl: request.url,\n\t\t\t\tstatus: res.statusCode,\n\t\t\t\tstatusText: res.statusMessage,\n\t\t\t\theaders: headers,\n\t\t\t\tsize: request.size,\n\t\t\t\ttimeout: request.timeout,\n\t\t\t\tcounter: request.counter\n\t\t\t};\n\n\t\t\t// HTTP-network fetch step 12.1.1.3\n\t\t\tconst codings = headers.get('Content-Encoding');\n\n\t\t\t// HTTP-network fetch step 12.1.1.4: handle content codings\n\n\t\t\t// in following scenarios we ignore compression support\n\t\t\t// 1. compression support is disabled\n\t\t\t// 2. HEAD request\n\t\t\t// 3. no Content-Encoding header\n\t\t\t// 4. no content response (204)\n\t\t\t// 5. content not modified response (304)\n\t\t\tif (!request.compress || request.method === 'HEAD' || codings === null || res.statusCode === 204 || res.statusCode === 304) {\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// For Node v6+\n\t\t\t// Be less strict when decoding compressed responses, since sometimes\n\t\t\t// servers send slightly invalid responses that are still accepted\n\t\t\t// by common browsers.\n\t\t\t// Always using Z_SYNC_FLUSH is what cURL does.\n\t\t\tconst zlibOptions = {\n\t\t\t\tflush: zlib.Z_SYNC_FLUSH,\n\t\t\t\tfinishFlush: zlib.Z_SYNC_FLUSH\n\t\t\t};\n\n\t\t\t// for gzip\n\t\t\tif (codings == 'gzip' || codings == 'x-gzip') {\n\t\t\t\tbody = body.pipe(zlib.createGunzip(zlibOptions));\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// for deflate\n\t\t\tif (codings == 'deflate' || codings == 'x-deflate') {\n\t\t\t\t// handle the infamous raw deflate response from old servers\n\t\t\t\t// a hack for old IIS and Apache servers\n\t\t\t\tconst raw = res.pipe(new PassThrough$1());\n\t\t\t\traw.once('data', function (chunk) {\n\t\t\t\t\t// see http://stackoverflow.com/questions/37519828\n\t\t\t\t\tif ((chunk[0] & 0x0F) === 0x08) {\n\t\t\t\t\t\tbody = body.pipe(zlib.createInflate());\n\t\t\t\t\t} else {\n\t\t\t\t\t\tbody = body.pipe(zlib.createInflateRaw());\n\t\t\t\t\t}\n\t\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\t\tresolve(response);\n\t\t\t\t});\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// for br\n\t\t\tif (codings == 'br' && typeof zlib.createBrotliDecompress === 'function') {\n\t\t\t\tbody = body.pipe(zlib.createBrotliDecompress());\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// otherwise, use response as-is\n\t\t\tresponse = new Response(body, response_options);\n\t\t\tresolve(response);\n\t\t});\n\n\t\twriteToStream(req, request);\n\t});\n}\n/**\n * Redirect code matching\n *\n * @param   Number   code  Status code\n * @return  Boolean\n */\nfetch.isRedirect = function (code) {\n\treturn code === 301 || code === 302 || code === 303 || code === 307 || code === 308;\n};\n\n// expose Promise\nfetch.Promise = global.Promise;\n\nmodule.exports = exports = fetch;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.default = exports;\nexports.Headers = Headers;\nexports.Request = Request;\nexports.Response = Response;\nexports.FetchError = FetchError;\n","var wrappy = require('wrappy')\nmodule.exports = wrappy(once)\nmodule.exports.strict = wrappy(onceStrict)\n\nonce.proto = once(function () {\n  Object.defineProperty(Function.prototype, 'once', {\n    value: function () {\n      return once(this)\n    },\n    configurable: true\n  })\n\n  Object.defineProperty(Function.prototype, 'onceStrict', {\n    value: function () {\n      return onceStrict(this)\n    },\n    configurable: true\n  })\n})\n\nfunction once (fn) {\n  var f = function () {\n    if (f.called) return f.value\n    f.called = true\n    return f.value = fn.apply(this, arguments)\n  }\n  f.called = false\n  return f\n}\n\nfunction onceStrict (fn) {\n  var f = function () {\n    if (f.called)\n      throw new Error(f.onceError)\n    f.called = true\n    return f.value = fn.apply(this, arguments)\n  }\n  var name = fn.name || 'Function wrapped with `once`'\n  f.onceError = name + \" shouldn't be called more than once\"\n  f.called = false\n  return f\n}\n","exports = module.exports = SemVer\n\nvar debug\n/* istanbul ignore next */\nif (typeof process === 'object' &&\n    process.env &&\n    process.env.NODE_DEBUG &&\n    /\\bsemver\\b/i.test(process.env.NODE_DEBUG)) {\n  debug = function () {\n    var args = Array.prototype.slice.call(arguments, 0)\n    args.unshift('SEMVER')\n    console.log.apply(console, args)\n  }\n} else {\n  debug = function () {}\n}\n\n// Note: this is the semver.org version of the spec that it implements\n// Not necessarily the package version of this code.\nexports.SEMVER_SPEC_VERSION = '2.0.0'\n\nvar MAX_LENGTH = 256\nvar MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||\n  /* istanbul ignore next */ 9007199254740991\n\n// Max safe segment length for coercion.\nvar MAX_SAFE_COMPONENT_LENGTH = 16\n\n// The actual regexps go on exports.re\nvar re = exports.re = []\nvar src = exports.src = []\nvar t = exports.tokens = {}\nvar R = 0\n\nfunction tok (n) {\n  t[n] = R++\n}\n\n// The following Regular Expressions can be used for tokenizing,\n// validating, and parsing SemVer version strings.\n\n// ## Numeric Identifier\n// A single `0`, or a non-zero digit followed by zero or more digits.\n\ntok('NUMERICIDENTIFIER')\nsrc[t.NUMERICIDENTIFIER] = '0|[1-9]\\\\d*'\ntok('NUMERICIDENTIFIERLOOSE')\nsrc[t.NUMERICIDENTIFIERLOOSE] = '[0-9]+'\n\n// ## Non-numeric Identifier\n// Zero or more digits, followed by a letter or hyphen, and then zero or\n// more letters, digits, or hyphens.\n\ntok('NONNUMERICIDENTIFIER')\nsrc[t.NONNUMERICIDENTIFIER] = '\\\\d*[a-zA-Z-][a-zA-Z0-9-]*'\n\n// ## Main Version\n// Three dot-separated numeric identifiers.\n\ntok('MAINVERSION')\nsrc[t.MAINVERSION] = '(' + src[t.NUMERICIDENTIFIER] + ')\\\\.' +\n                   '(' + src[t.NUMERICIDENTIFIER] + ')\\\\.' +\n                   '(' + src[t.NUMERICIDENTIFIER] + ')'\n\ntok('MAINVERSIONLOOSE')\nsrc[t.MAINVERSIONLOOSE] = '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\\\.' +\n                        '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\\\.' +\n                        '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')'\n\n// ## Pre-release Version Identifier\n// A numeric identifier, or a non-numeric identifier.\n\ntok('PRERELEASEIDENTIFIER')\nsrc[t.PRERELEASEIDENTIFIER] = '(?:' + src[t.NUMERICIDENTIFIER] +\n                            '|' + src[t.NONNUMERICIDENTIFIER] + ')'\n\ntok('PRERELEASEIDENTIFIERLOOSE')\nsrc[t.PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[t.NUMERICIDENTIFIERLOOSE] +\n                                 '|' + src[t.NONNUMERICIDENTIFIER] + ')'\n\n// ## Pre-release Version\n// Hyphen, followed by one or more dot-separated pre-release version\n// identifiers.\n\ntok('PRERELEASE')\nsrc[t.PRERELEASE] = '(?:-(' + src[t.PRERELEASEIDENTIFIER] +\n                  '(?:\\\\.' + src[t.PRERELEASEIDENTIFIER] + ')*))'\n\ntok('PRERELEASELOOSE')\nsrc[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +\n                       '(?:\\\\.' + src[t.PRERELEASEIDENTIFIERLOOSE] + ')*))'\n\n// ## Build Metadata Identifier\n// Any combination of digits, letters, or hyphens.\n\ntok('BUILDIDENTIFIER')\nsrc[t.BUILDIDENTIFIER] = '[0-9A-Za-z-]+'\n\n// ## Build Metadata\n// Plus sign, followed by one or more period-separated build metadata\n// identifiers.\n\ntok('BUILD')\nsrc[t.BUILD] = '(?:\\\\+(' + src[t.BUILDIDENTIFIER] +\n             '(?:\\\\.' + src[t.BUILDIDENTIFIER] + ')*))'\n\n// ## Full Version String\n// A main version, followed optionally by a pre-release version and\n// build metadata.\n\n// Note that the only major, minor, patch, and pre-release sections of\n// the version string are capturing groups.  The build metadata is not a\n// capturing group, because it should not ever be used in version\n// comparison.\n\ntok('FULL')\ntok('FULLPLAIN')\nsrc[t.FULLPLAIN] = 'v?' + src[t.MAINVERSION] +\n                  src[t.PRERELEASE] + '?' +\n                  src[t.BUILD] + '?'\n\nsrc[t.FULL] = '^' + src[t.FULLPLAIN] + '$'\n\n// like full, but allows v1.2.3 and =1.2.3, which people do sometimes.\n// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty\n// common in the npm registry.\ntok('LOOSEPLAIN')\nsrc[t.LOOSEPLAIN] = '[v=\\\\s]*' + src[t.MAINVERSIONLOOSE] +\n                  src[t.PRERELEASELOOSE] + '?' +\n                  src[t.BUILD] + '?'\n\ntok('LOOSE')\nsrc[t.LOOSE] = '^' + src[t.LOOSEPLAIN] + '$'\n\ntok('GTLT')\nsrc[t.GTLT] = '((?:<|>)?=?)'\n\n// Something like \"2.*\" or \"1.2.x\".\n// Note that \"x.x\" is a valid xRange identifer, meaning \"any version\"\n// Only the first item is strictly required.\ntok('XRANGEIDENTIFIERLOOSE')\nsrc[t.XRANGEIDENTIFIERLOOSE] = src[t.NUMERICIDENTIFIERLOOSE] + '|x|X|\\\\*'\ntok('XRANGEIDENTIFIER')\nsrc[t.XRANGEIDENTIFIER] = src[t.NUMERICIDENTIFIER] + '|x|X|\\\\*'\n\ntok('XRANGEPLAIN')\nsrc[t.XRANGEPLAIN] = '[v=\\\\s]*(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:\\\\.(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:\\\\.(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:' + src[t.PRERELEASE] + ')?' +\n                   src[t.BUILD] + '?' +\n                   ')?)?'\n\ntok('XRANGEPLAINLOOSE')\nsrc[t.XRANGEPLAINLOOSE] = '[v=\\\\s]*(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:\\\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:\\\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:' + src[t.PRERELEASELOOSE] + ')?' +\n                        src[t.BUILD] + '?' +\n                        ')?)?'\n\ntok('XRANGE')\nsrc[t.XRANGE] = '^' + src[t.GTLT] + '\\\\s*' + src[t.XRANGEPLAIN] + '$'\ntok('XRANGELOOSE')\nsrc[t.XRANGELOOSE] = '^' + src[t.GTLT] + '\\\\s*' + src[t.XRANGEPLAINLOOSE] + '$'\n\n// Coercion.\n// Extract anything that could conceivably be a part of a valid semver\ntok('COERCE')\nsrc[t.COERCE] = '(^|[^\\\\d])' +\n              '(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' +\n              '(?:\\\\.(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +\n              '(?:\\\\.(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +\n              '(?:$|[^\\\\d])'\ntok('COERCERTL')\nre[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')\n\n// Tilde ranges.\n// Meaning is \"reasonably at or greater than\"\ntok('LONETILDE')\nsrc[t.LONETILDE] = '(?:~>?)'\n\ntok('TILDETRIM')\nsrc[t.TILDETRIM] = '(\\\\s*)' + src[t.LONETILDE] + '\\\\s+'\nre[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')\nvar tildeTrimReplace = '$1~'\n\ntok('TILDE')\nsrc[t.TILDE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAIN] + '$'\ntok('TILDELOOSE')\nsrc[t.TILDELOOSE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAINLOOSE] + '$'\n\n// Caret ranges.\n// Meaning is \"at least and backwards compatible with\"\ntok('LONECARET')\nsrc[t.LONECARET] = '(?:\\\\^)'\n\ntok('CARETTRIM')\nsrc[t.CARETTRIM] = '(\\\\s*)' + src[t.LONECARET] + '\\\\s+'\nre[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')\nvar caretTrimReplace = '$1^'\n\ntok('CARET')\nsrc[t.CARET] = '^' + src[t.LONECARET] + src[t.XRANGEPLAIN] + '$'\ntok('CARETLOOSE')\nsrc[t.CARETLOOSE] = '^' + src[t.LONECARET] + src[t.XRANGEPLAINLOOSE] + '$'\n\n// A simple gt/lt/eq thing, or just \"\" to indicate \"any version\"\ntok('COMPARATORLOOSE')\nsrc[t.COMPARATORLOOSE] = '^' + src[t.GTLT] + '\\\\s*(' + src[t.LOOSEPLAIN] + ')$|^$'\ntok('COMPARATOR')\nsrc[t.COMPARATOR] = '^' + src[t.GTLT] + '\\\\s*(' + src[t.FULLPLAIN] + ')$|^$'\n\n// An expression to strip any whitespace between the gtlt and the thing\n// it modifies, so that `> 1.2.3` ==> `>1.2.3`\ntok('COMPARATORTRIM')\nsrc[t.COMPARATORTRIM] = '(\\\\s*)' + src[t.GTLT] +\n                      '\\\\s*(' + src[t.LOOSEPLAIN] + '|' + src[t.XRANGEPLAIN] + ')'\n\n// this one has to use the /g flag\nre[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')\nvar comparatorTrimReplace = '$1$2$3'\n\n// Something like `1.2.3 - 1.2.4`\n// Note that these all use the loose form, because they'll be\n// checked against either the strict or loose comparator form\n// later.\ntok('HYPHENRANGE')\nsrc[t.HYPHENRANGE] = '^\\\\s*(' + src[t.XRANGEPLAIN] + ')' +\n                   '\\\\s+-\\\\s+' +\n                   '(' + src[t.XRANGEPLAIN] + ')' +\n                   '\\\\s*$'\n\ntok('HYPHENRANGELOOSE')\nsrc[t.HYPHENRANGELOOSE] = '^\\\\s*(' + src[t.XRANGEPLAINLOOSE] + ')' +\n                        '\\\\s+-\\\\s+' +\n                        '(' + src[t.XRANGEPLAINLOOSE] + ')' +\n                        '\\\\s*$'\n\n// Star ranges basically just allow anything at all.\ntok('STAR')\nsrc[t.STAR] = '(<|>)?=?\\\\s*\\\\*'\n\n// Compile to actual regexp objects.\n// All are flag-free, unless they were created above with a flag.\nfor (var i = 0; i < R; i++) {\n  debug(i, src[i])\n  if (!re[i]) {\n    re[i] = new RegExp(src[i])\n  }\n}\n\nexports.parse = parse\nfunction parse (version, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (version instanceof SemVer) {\n    return version\n  }\n\n  if (typeof version !== 'string') {\n    return null\n  }\n\n  if (version.length > MAX_LENGTH) {\n    return null\n  }\n\n  var r = options.loose ? re[t.LOOSE] : re[t.FULL]\n  if (!r.test(version)) {\n    return null\n  }\n\n  try {\n    return new SemVer(version, options)\n  } catch (er) {\n    return null\n  }\n}\n\nexports.valid = valid\nfunction valid (version, options) {\n  var v = parse(version, options)\n  return v ? v.version : null\n}\n\nexports.clean = clean\nfunction clean (version, options) {\n  var s = parse(version.trim().replace(/^[=v]+/, ''), options)\n  return s ? s.version : null\n}\n\nexports.SemVer = SemVer\n\nfunction SemVer (version, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n  if (version instanceof SemVer) {\n    if (version.loose === options.loose) {\n      return version\n    } else {\n      version = version.version\n    }\n  } else if (typeof version !== 'string') {\n    throw new TypeError('Invalid Version: ' + version)\n  }\n\n  if (version.length > MAX_LENGTH) {\n    throw new TypeError('version is longer than ' + MAX_LENGTH + ' characters')\n  }\n\n  if (!(this instanceof SemVer)) {\n    return new SemVer(version, options)\n  }\n\n  debug('SemVer', version, options)\n  this.options = options\n  this.loose = !!options.loose\n\n  var m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])\n\n  if (!m) {\n    throw new TypeError('Invalid Version: ' + version)\n  }\n\n  this.raw = version\n\n  // these are actually numbers\n  this.major = +m[1]\n  this.minor = +m[2]\n  this.patch = +m[3]\n\n  if (this.major > MAX_SAFE_INTEGER || this.major < 0) {\n    throw new TypeError('Invalid major version')\n  }\n\n  if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) {\n    throw new TypeError('Invalid minor version')\n  }\n\n  if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) {\n    throw new TypeError('Invalid patch version')\n  }\n\n  // numberify any prerelease numeric ids\n  if (!m[4]) {\n    this.prerelease = []\n  } else {\n    this.prerelease = m[4].split('.').map(function (id) {\n      if (/^[0-9]+$/.test(id)) {\n        var num = +id\n        if (num >= 0 && num < MAX_SAFE_INTEGER) {\n          return num\n        }\n      }\n      return id\n    })\n  }\n\n  this.build = m[5] ? m[5].split('.') : []\n  this.format()\n}\n\nSemVer.prototype.format = function () {\n  this.version = this.major + '.' + this.minor + '.' + this.patch\n  if (this.prerelease.length) {\n    this.version += '-' + this.prerelease.join('.')\n  }\n  return this.version\n}\n\nSemVer.prototype.toString = function () {\n  return this.version\n}\n\nSemVer.prototype.compare = function (other) {\n  debug('SemVer.compare', this.version, this.options, other)\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  return this.compareMain(other) || this.comparePre(other)\n}\n\nSemVer.prototype.compareMain = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  return compareIdentifiers(this.major, other.major) ||\n         compareIdentifiers(this.minor, other.minor) ||\n         compareIdentifiers(this.patch, other.patch)\n}\n\nSemVer.prototype.comparePre = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  // NOT having a prerelease is > having one\n  if (this.prerelease.length && !other.prerelease.length) {\n    return -1\n  } else if (!this.prerelease.length && other.prerelease.length) {\n    return 1\n  } else if (!this.prerelease.length && !other.prerelease.length) {\n    return 0\n  }\n\n  var i = 0\n  do {\n    var a = this.prerelease[i]\n    var b = other.prerelease[i]\n    debug('prerelease compare', i, a, b)\n    if (a === undefined && b === undefined) {\n      return 0\n    } else if (b === undefined) {\n      return 1\n    } else if (a === undefined) {\n      return -1\n    } else if (a === b) {\n      continue\n    } else {\n      return compareIdentifiers(a, b)\n    }\n  } while (++i)\n}\n\nSemVer.prototype.compareBuild = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  var i = 0\n  do {\n    var a = this.build[i]\n    var b = other.build[i]\n    debug('prerelease compare', i, a, b)\n    if (a === undefined && b === undefined) {\n      return 0\n    } else if (b === undefined) {\n      return 1\n    } else if (a === undefined) {\n      return -1\n    } else if (a === b) {\n      continue\n    } else {\n      return compareIdentifiers(a, b)\n    }\n  } while (++i)\n}\n\n// preminor will bump the version up to the next minor release, and immediately\n// down to pre-release. premajor and prepatch work the same way.\nSemVer.prototype.inc = function (release, identifier) {\n  switch (release) {\n    case 'premajor':\n      this.prerelease.length = 0\n      this.patch = 0\n      this.minor = 0\n      this.major++\n      this.inc('pre', identifier)\n      break\n    case 'preminor':\n      this.prerelease.length = 0\n      this.patch = 0\n      this.minor++\n      this.inc('pre', identifier)\n      break\n    case 'prepatch':\n      // If this is already a prerelease, it will bump to the next version\n      // drop any prereleases that might already exist, since they are not\n      // relevant at this point.\n      this.prerelease.length = 0\n      this.inc('patch', identifier)\n      this.inc('pre', identifier)\n      break\n    // If the input is a non-prerelease version, this acts the same as\n    // prepatch.\n    case 'prerelease':\n      if (this.prerelease.length === 0) {\n        this.inc('patch', identifier)\n      }\n      this.inc('pre', identifier)\n      break\n\n    case 'major':\n      // If this is a pre-major version, bump up to the same major version.\n      // Otherwise increment major.\n      // 1.0.0-5 bumps to 1.0.0\n      // 1.1.0 bumps to 2.0.0\n      if (this.minor !== 0 ||\n          this.patch !== 0 ||\n          this.prerelease.length === 0) {\n        this.major++\n      }\n      this.minor = 0\n      this.patch = 0\n      this.prerelease = []\n      break\n    case 'minor':\n      // If this is a pre-minor version, bump up to the same minor version.\n      // Otherwise increment minor.\n      // 1.2.0-5 bumps to 1.2.0\n      // 1.2.1 bumps to 1.3.0\n      if (this.patch !== 0 || this.prerelease.length === 0) {\n        this.minor++\n      }\n      this.patch = 0\n      this.prerelease = []\n      break\n    case 'patch':\n      // If this is not a pre-release version, it will increment the patch.\n      // If it is a pre-release it will bump up to the same patch version.\n      // 1.2.0-5 patches to 1.2.0\n      // 1.2.0 patches to 1.2.1\n      if (this.prerelease.length === 0) {\n        this.patch++\n      }\n      this.prerelease = []\n      break\n    // This probably shouldn't be used publicly.\n    // 1.0.0 \"pre\" would become 1.0.0-0 which is the wrong direction.\n    case 'pre':\n      if (this.prerelease.length === 0) {\n        this.prerelease = [0]\n      } else {\n        var i = this.prerelease.length\n        while (--i >= 0) {\n          if (typeof this.prerelease[i] === 'number') {\n            this.prerelease[i]++\n            i = -2\n          }\n        }\n        if (i === -1) {\n          // didn't increment anything\n          this.prerelease.push(0)\n        }\n      }\n      if (identifier) {\n        // 1.2.0-beta.1 bumps to 1.2.0-beta.2,\n        // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0\n        if (this.prerelease[0] === identifier) {\n          if (isNaN(this.prerelease[1])) {\n            this.prerelease = [identifier, 0]\n          }\n        } else {\n          this.prerelease = [identifier, 0]\n        }\n      }\n      break\n\n    default:\n      throw new Error('invalid increment argument: ' + release)\n  }\n  this.format()\n  this.raw = this.version\n  return this\n}\n\nexports.inc = inc\nfunction inc (version, release, loose, identifier) {\n  if (typeof (loose) === 'string') {\n    identifier = loose\n    loose = undefined\n  }\n\n  try {\n    return new SemVer(version, loose).inc(release, identifier).version\n  } catch (er) {\n    return null\n  }\n}\n\nexports.diff = diff\nfunction diff (version1, version2) {\n  if (eq(version1, version2)) {\n    return null\n  } else {\n    var v1 = parse(version1)\n    var v2 = parse(version2)\n    var prefix = ''\n    if (v1.prerelease.length || v2.prerelease.length) {\n      prefix = 'pre'\n      var defaultResult = 'prerelease'\n    }\n    for (var key in v1) {\n      if (key === 'major' || key === 'minor' || key === 'patch') {\n        if (v1[key] !== v2[key]) {\n          return prefix + key\n        }\n      }\n    }\n    return defaultResult // may be undefined\n  }\n}\n\nexports.compareIdentifiers = compareIdentifiers\n\nvar numeric = /^[0-9]+$/\nfunction compareIdentifiers (a, b) {\n  var anum = numeric.test(a)\n  var bnum = numeric.test(b)\n\n  if (anum && bnum) {\n    a = +a\n    b = +b\n  }\n\n  return a === b ? 0\n    : (anum && !bnum) ? -1\n    : (bnum && !anum) ? 1\n    : a < b ? -1\n    : 1\n}\n\nexports.rcompareIdentifiers = rcompareIdentifiers\nfunction rcompareIdentifiers (a, b) {\n  return compareIdentifiers(b, a)\n}\n\nexports.major = major\nfunction major (a, loose) {\n  return new SemVer(a, loose).major\n}\n\nexports.minor = minor\nfunction minor (a, loose) {\n  return new SemVer(a, loose).minor\n}\n\nexports.patch = patch\nfunction patch (a, loose) {\n  return new SemVer(a, loose).patch\n}\n\nexports.compare = compare\nfunction compare (a, b, loose) {\n  return new SemVer(a, loose).compare(new SemVer(b, loose))\n}\n\nexports.compareLoose = compareLoose\nfunction compareLoose (a, b) {\n  return compare(a, b, true)\n}\n\nexports.compareBuild = compareBuild\nfunction compareBuild (a, b, loose) {\n  var versionA = new SemVer(a, loose)\n  var versionB = new SemVer(b, loose)\n  return versionA.compare(versionB) || versionA.compareBuild(versionB)\n}\n\nexports.rcompare = rcompare\nfunction rcompare (a, b, loose) {\n  return compare(b, a, loose)\n}\n\nexports.sort = sort\nfunction sort (list, loose) {\n  return list.sort(function (a, b) {\n    return exports.compareBuild(a, b, loose)\n  })\n}\n\nexports.rsort = rsort\nfunction rsort (list, loose) {\n  return list.sort(function (a, b) {\n    return exports.compareBuild(b, a, loose)\n  })\n}\n\nexports.gt = gt\nfunction gt (a, b, loose) {\n  return compare(a, b, loose) > 0\n}\n\nexports.lt = lt\nfunction lt (a, b, loose) {\n  return compare(a, b, loose) < 0\n}\n\nexports.eq = eq\nfunction eq (a, b, loose) {\n  return compare(a, b, loose) === 0\n}\n\nexports.neq = neq\nfunction neq (a, b, loose) {\n  return compare(a, b, loose) !== 0\n}\n\nexports.gte = gte\nfunction gte (a, b, loose) {\n  return compare(a, b, loose) >= 0\n}\n\nexports.lte = lte\nfunction lte (a, b, loose) {\n  return compare(a, b, loose) <= 0\n}\n\nexports.cmp = cmp\nfunction cmp (a, op, b, loose) {\n  switch (op) {\n    case '===':\n      if (typeof a === 'object')\n        a = a.version\n      if (typeof b === 'object')\n        b = b.version\n      return a === b\n\n    case '!==':\n      if (typeof a === 'object')\n        a = a.version\n      if (typeof b === 'object')\n        b = b.version\n      return a !== b\n\n    case '':\n    case '=':\n    case '==':\n      return eq(a, b, loose)\n\n    case '!=':\n      return neq(a, b, loose)\n\n    case '>':\n      return gt(a, b, loose)\n\n    case '>=':\n      return gte(a, b, loose)\n\n    case '<':\n      return lt(a, b, loose)\n\n    case '<=':\n      return lte(a, b, loose)\n\n    default:\n      throw new TypeError('Invalid operator: ' + op)\n  }\n}\n\nexports.Comparator = Comparator\nfunction Comparator (comp, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (comp instanceof Comparator) {\n    if (comp.loose === !!options.loose) {\n      return comp\n    } else {\n      comp = comp.value\n    }\n  }\n\n  if (!(this instanceof Comparator)) {\n    return new Comparator(comp, options)\n  }\n\n  debug('comparator', comp, options)\n  this.options = options\n  this.loose = !!options.loose\n  this.parse(comp)\n\n  if (this.semver === ANY) {\n    this.value = ''\n  } else {\n    this.value = this.operator + this.semver.version\n  }\n\n  debug('comp', this)\n}\n\nvar ANY = {}\nComparator.prototype.parse = function (comp) {\n  var r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]\n  var m = comp.match(r)\n\n  if (!m) {\n    throw new TypeError('Invalid comparator: ' + comp)\n  }\n\n  this.operator = m[1] !== undefined ? m[1] : ''\n  if (this.operator === '=') {\n    this.operator = ''\n  }\n\n  // if it literally is just '>' or '' then allow anything.\n  if (!m[2]) {\n    this.semver = ANY\n  } else {\n    this.semver = new SemVer(m[2], this.options.loose)\n  }\n}\n\nComparator.prototype.toString = function () {\n  return this.value\n}\n\nComparator.prototype.test = function (version) {\n  debug('Comparator.test', version, this.options.loose)\n\n  if (this.semver === ANY || version === ANY) {\n    return true\n  }\n\n  if (typeof version === 'string') {\n    try {\n      version = new SemVer(version, this.options)\n    } catch (er) {\n      return false\n    }\n  }\n\n  return cmp(version, this.operator, this.semver, this.options)\n}\n\nComparator.prototype.intersects = function (comp, options) {\n  if (!(comp instanceof Comparator)) {\n    throw new TypeError('a Comparator is required')\n  }\n\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  var rangeTmp\n\n  if (this.operator === '') {\n    if (this.value === '') {\n      return true\n    }\n    rangeTmp = new Range(comp.value, options)\n    return satisfies(this.value, rangeTmp, options)\n  } else if (comp.operator === '') {\n    if (comp.value === '') {\n      return true\n    }\n    rangeTmp = new Range(this.value, options)\n    return satisfies(comp.semver, rangeTmp, options)\n  }\n\n  var sameDirectionIncreasing =\n    (this.operator === '>=' || this.operator === '>') &&\n    (comp.operator === '>=' || comp.operator === '>')\n  var sameDirectionDecreasing =\n    (this.operator === '<=' || this.operator === '<') &&\n    (comp.operator === '<=' || comp.operator === '<')\n  var sameSemVer = this.semver.version === comp.semver.version\n  var differentDirectionsInclusive =\n    (this.operator === '>=' || this.operator === '<=') &&\n    (comp.operator === '>=' || comp.operator === '<=')\n  var oppositeDirectionsLessThan =\n    cmp(this.semver, '<', comp.semver, options) &&\n    ((this.operator === '>=' || this.operator === '>') &&\n    (comp.operator === '<=' || comp.operator === '<'))\n  var oppositeDirectionsGreaterThan =\n    cmp(this.semver, '>', comp.semver, options) &&\n    ((this.operator === '<=' || this.operator === '<') &&\n    (comp.operator === '>=' || comp.operator === '>'))\n\n  return sameDirectionIncreasing || sameDirectionDecreasing ||\n    (sameSemVer && differentDirectionsInclusive) ||\n    oppositeDirectionsLessThan || oppositeDirectionsGreaterThan\n}\n\nexports.Range = Range\nfunction Range (range, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (range instanceof Range) {\n    if (range.loose === !!options.loose &&\n        range.includePrerelease === !!options.includePrerelease) {\n      return range\n    } else {\n      return new Range(range.raw, options)\n    }\n  }\n\n  if (range instanceof Comparator) {\n    return new Range(range.value, options)\n  }\n\n  if (!(this instanceof Range)) {\n    return new Range(range, options)\n  }\n\n  this.options = options\n  this.loose = !!options.loose\n  this.includePrerelease = !!options.includePrerelease\n\n  // First, split based on boolean or ||\n  this.raw = range\n  this.set = range.split(/\\s*\\|\\|\\s*/).map(function (range) {\n    return this.parseRange(range.trim())\n  }, this).filter(function (c) {\n    // throw out any that are not relevant for whatever reason\n    return c.length\n  })\n\n  if (!this.set.length) {\n    throw new TypeError('Invalid SemVer Range: ' + range)\n  }\n\n  this.format()\n}\n\nRange.prototype.format = function () {\n  this.range = this.set.map(function (comps) {\n    return comps.join(' ').trim()\n  }).join('||').trim()\n  return this.range\n}\n\nRange.prototype.toString = function () {\n  return this.range\n}\n\nRange.prototype.parseRange = function (range) {\n  var loose = this.options.loose\n  range = range.trim()\n  // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`\n  var hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]\n  range = range.replace(hr, hyphenReplace)\n  debug('hyphen replace', range)\n  // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`\n  range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace)\n  debug('comparator trim', range, re[t.COMPARATORTRIM])\n\n  // `~ 1.2.3` => `~1.2.3`\n  range = range.replace(re[t.TILDETRIM], tildeTrimReplace)\n\n  // `^ 1.2.3` => `^1.2.3`\n  range = range.replace(re[t.CARETTRIM], caretTrimReplace)\n\n  // normalize spaces\n  range = range.split(/\\s+/).join(' ')\n\n  // At this point, the range is completely trimmed and\n  // ready to be split into comparators.\n\n  var compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]\n  var set = range.split(' ').map(function (comp) {\n    return parseComparator(comp, this.options)\n  }, this).join(' ').split(/\\s+/)\n  if (this.options.loose) {\n    // in loose mode, throw out any that are not valid comparators\n    set = set.filter(function (comp) {\n      return !!comp.match(compRe)\n    })\n  }\n  set = set.map(function (comp) {\n    return new Comparator(comp, this.options)\n  }, this)\n\n  return set\n}\n\nRange.prototype.intersects = function (range, options) {\n  if (!(range instanceof Range)) {\n    throw new TypeError('a Range is required')\n  }\n\n  return this.set.some(function (thisComparators) {\n    return (\n      isSatisfiable(thisComparators, options) &&\n      range.set.some(function (rangeComparators) {\n        return (\n          isSatisfiable(rangeComparators, options) &&\n          thisComparators.every(function (thisComparator) {\n            return rangeComparators.every(function (rangeComparator) {\n              return thisComparator.intersects(rangeComparator, options)\n            })\n          })\n        )\n      })\n    )\n  })\n}\n\n// take a set of comparators and determine whether there\n// exists a version which can satisfy it\nfunction isSatisfiable (comparators, options) {\n  var result = true\n  var remainingComparators = comparators.slice()\n  var testComparator = remainingComparators.pop()\n\n  while (result && remainingComparators.length) {\n    result = remainingComparators.every(function (otherComparator) {\n      return testComparator.intersects(otherComparator, options)\n    })\n\n    testComparator = remainingComparators.pop()\n  }\n\n  return result\n}\n\n// Mostly just for testing and legacy API reasons\nexports.toComparators = toComparators\nfunction toComparators (range, options) {\n  return new Range(range, options).set.map(function (comp) {\n    return comp.map(function (c) {\n      return c.value\n    }).join(' ').trim().split(' ')\n  })\n}\n\n// comprised of xranges, tildes, stars, and gtlt's at this point.\n// already replaced the hyphen ranges\n// turn into a set of JUST comparators.\nfunction parseComparator (comp, options) {\n  debug('comp', comp, options)\n  comp = replaceCarets(comp, options)\n  debug('caret', comp)\n  comp = replaceTildes(comp, options)\n  debug('tildes', comp)\n  comp = replaceXRanges(comp, options)\n  debug('xrange', comp)\n  comp = replaceStars(comp, options)\n  debug('stars', comp)\n  return comp\n}\n\nfunction isX (id) {\n  return !id || id.toLowerCase() === 'x' || id === '*'\n}\n\n// ~, ~> --> * (any, kinda silly)\n// ~2, ~2.x, ~2.x.x, ~>2, ~>2.x ~>2.x.x --> >=2.0.0 <3.0.0\n// ~2.0, ~2.0.x, ~>2.0, ~>2.0.x --> >=2.0.0 <2.1.0\n// ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0\n// ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0\n// ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0\nfunction replaceTildes (comp, options) {\n  return comp.trim().split(/\\s+/).map(function (comp) {\n    return replaceTilde(comp, options)\n  }).join(' ')\n}\n\nfunction replaceTilde (comp, options) {\n  var r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]\n  return comp.replace(r, function (_, M, m, p, pr) {\n    debug('tilde', comp, _, M, m, p, pr)\n    var ret\n\n    if (isX(M)) {\n      ret = ''\n    } else if (isX(m)) {\n      ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0'\n    } else if (isX(p)) {\n      // ~1.2 == >=1.2.0 <1.3.0\n      ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0'\n    } else if (pr) {\n      debug('replaceTilde pr', pr)\n      ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n            ' <' + M + '.' + (+m + 1) + '.0'\n    } else {\n      // ~1.2.3 == >=1.2.3 <1.3.0\n      ret = '>=' + M + '.' + m + '.' + p +\n            ' <' + M + '.' + (+m + 1) + '.0'\n    }\n\n    debug('tilde return', ret)\n    return ret\n  })\n}\n\n// ^ --> * (any, kinda silly)\n// ^2, ^2.x, ^2.x.x --> >=2.0.0 <3.0.0\n// ^2.0, ^2.0.x --> >=2.0.0 <3.0.0\n// ^1.2, ^1.2.x --> >=1.2.0 <2.0.0\n// ^1.2.3 --> >=1.2.3 <2.0.0\n// ^1.2.0 --> >=1.2.0 <2.0.0\nfunction replaceCarets (comp, options) {\n  return comp.trim().split(/\\s+/).map(function (comp) {\n    return replaceCaret(comp, options)\n  }).join(' ')\n}\n\nfunction replaceCaret (comp, options) {\n  debug('caret', comp, options)\n  var r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]\n  return comp.replace(r, function (_, M, m, p, pr) {\n    debug('caret', comp, _, M, m, p, pr)\n    var ret\n\n    if (isX(M)) {\n      ret = ''\n    } else if (isX(m)) {\n      ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0'\n    } else if (isX(p)) {\n      if (M === '0') {\n        ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0'\n      } else {\n        ret = '>=' + M + '.' + m + '.0 <' + (+M + 1) + '.0.0'\n      }\n    } else if (pr) {\n      debug('replaceCaret pr', pr)\n      if (M === '0') {\n        if (m === '0') {\n          ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n                ' <' + M + '.' + m + '.' + (+p + 1)\n        } else {\n          ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n                ' <' + M + '.' + (+m + 1) + '.0'\n        }\n      } else {\n        ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n              ' <' + (+M + 1) + '.0.0'\n      }\n    } else {\n      debug('no pr')\n      if (M === '0') {\n        if (m === '0') {\n          ret = '>=' + M + '.' + m + '.' + p +\n                ' <' + M + '.' + m + '.' + (+p + 1)\n        } else {\n          ret = '>=' + M + '.' + m + '.' + p +\n                ' <' + M + '.' + (+m + 1) + '.0'\n        }\n      } else {\n        ret = '>=' + M + '.' + m + '.' + p +\n              ' <' + (+M + 1) + '.0.0'\n      }\n    }\n\n    debug('caret return', ret)\n    return ret\n  })\n}\n\nfunction replaceXRanges (comp, options) {\n  debug('replaceXRanges', comp, options)\n  return comp.split(/\\s+/).map(function (comp) {\n    return replaceXRange(comp, options)\n  }).join(' ')\n}\n\nfunction replaceXRange (comp, options) {\n  comp = comp.trim()\n  var r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]\n  return comp.replace(r, function (ret, gtlt, M, m, p, pr) {\n    debug('xRange', comp, ret, gtlt, M, m, p, pr)\n    var xM = isX(M)\n    var xm = xM || isX(m)\n    var xp = xm || isX(p)\n    var anyX = xp\n\n    if (gtlt === '=' && anyX) {\n      gtlt = ''\n    }\n\n    // if we're including prereleases in the match, then we need\n    // to fix this to -0, the lowest possible prerelease value\n    pr = options.includePrerelease ? '-0' : ''\n\n    if (xM) {\n      if (gtlt === '>' || gtlt === '<') {\n        // nothing is allowed\n        ret = '<0.0.0-0'\n      } else {\n        // nothing is forbidden\n        ret = '*'\n      }\n    } else if (gtlt && anyX) {\n      // we know patch is an x, because we have any x at all.\n      // replace X with 0\n      if (xm) {\n        m = 0\n      }\n      p = 0\n\n      if (gtlt === '>') {\n        // >1 => >=2.0.0\n        // >1.2 => >=1.3.0\n        // >1.2.3 => >= 1.2.4\n        gtlt = '>='\n        if (xm) {\n          M = +M + 1\n          m = 0\n          p = 0\n        } else {\n          m = +m + 1\n          p = 0\n        }\n      } else if (gtlt === '<=') {\n        // <=0.7.x is actually <0.8.0, since any 0.7.x should\n        // pass.  Similarly, <=7.x is actually <8.0.0, etc.\n        gtlt = '<'\n        if (xm) {\n          M = +M + 1\n        } else {\n          m = +m + 1\n        }\n      }\n\n      ret = gtlt + M + '.' + m + '.' + p + pr\n    } else if (xm) {\n      ret = '>=' + M + '.0.0' + pr + ' <' + (+M + 1) + '.0.0' + pr\n    } else if (xp) {\n      ret = '>=' + M + '.' + m + '.0' + pr +\n        ' <' + M + '.' + (+m + 1) + '.0' + pr\n    }\n\n    debug('xRange return', ret)\n\n    return ret\n  })\n}\n\n// Because * is AND-ed with everything else in the comparator,\n// and '' means \"any version\", just remove the *s entirely.\nfunction replaceStars (comp, options) {\n  debug('replaceStars', comp, options)\n  // Looseness is ignored here.  star is always as loose as it gets!\n  return comp.trim().replace(re[t.STAR], '')\n}\n\n// This function is passed to string.replace(re[t.HYPHENRANGE])\n// M, m, patch, prerelease, build\n// 1.2 - 3.4.5 => >=1.2.0 <=3.4.5\n// 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do\n// 1.2 - 3.4 => >=1.2.0 <3.5.0\nfunction hyphenReplace ($0,\n  from, fM, fm, fp, fpr, fb,\n  to, tM, tm, tp, tpr, tb) {\n  if (isX(fM)) {\n    from = ''\n  } else if (isX(fm)) {\n    from = '>=' + fM + '.0.0'\n  } else if (isX(fp)) {\n    from = '>=' + fM + '.' + fm + '.0'\n  } else {\n    from = '>=' + from\n  }\n\n  if (isX(tM)) {\n    to = ''\n  } else if (isX(tm)) {\n    to = '<' + (+tM + 1) + '.0.0'\n  } else if (isX(tp)) {\n    to = '<' + tM + '.' + (+tm + 1) + '.0'\n  } else if (tpr) {\n    to = '<=' + tM + '.' + tm + '.' + tp + '-' + tpr\n  } else {\n    to = '<=' + to\n  }\n\n  return (from + ' ' + to).trim()\n}\n\n// if ANY of the sets match ALL of its comparators, then pass\nRange.prototype.test = function (version) {\n  if (!version) {\n    return false\n  }\n\n  if (typeof version === 'string') {\n    try {\n      version = new SemVer(version, this.options)\n    } catch (er) {\n      return false\n    }\n  }\n\n  for (var i = 0; i < this.set.length; i++) {\n    if (testSet(this.set[i], version, this.options)) {\n      return true\n    }\n  }\n  return false\n}\n\nfunction testSet (set, version, options) {\n  for (var i = 0; i < set.length; i++) {\n    if (!set[i].test(version)) {\n      return false\n    }\n  }\n\n  if (version.prerelease.length && !options.includePrerelease) {\n    // Find the set of versions that are allowed to have prereleases\n    // For example, ^1.2.3-pr.1 desugars to >=1.2.3-pr.1 <2.0.0\n    // That should allow `1.2.3-pr.2` to pass.\n    // However, `1.2.4-alpha.notready` should NOT be allowed,\n    // even though it's within the range set by the comparators.\n    for (i = 0; i < set.length; i++) {\n      debug(set[i].semver)\n      if (set[i].semver === ANY) {\n        continue\n      }\n\n      if (set[i].semver.prerelease.length > 0) {\n        var allowed = set[i].semver\n        if (allowed.major === version.major &&\n            allowed.minor === version.minor &&\n            allowed.patch === version.patch) {\n          return true\n        }\n      }\n    }\n\n    // Version has a -pre, but it's not one of the ones we like.\n    return false\n  }\n\n  return true\n}\n\nexports.satisfies = satisfies\nfunction satisfies (version, range, options) {\n  try {\n    range = new Range(range, options)\n  } catch (er) {\n    return false\n  }\n  return range.test(version)\n}\n\nexports.maxSatisfying = maxSatisfying\nfunction maxSatisfying (versions, range, options) {\n  var max = null\n  var maxSV = null\n  try {\n    var rangeObj = new Range(range, options)\n  } catch (er) {\n    return null\n  }\n  versions.forEach(function (v) {\n    if (rangeObj.test(v)) {\n      // satisfies(v, range, options)\n      if (!max || maxSV.compare(v) === -1) {\n        // compare(max, v, true)\n        max = v\n        maxSV = new SemVer(max, options)\n      }\n    }\n  })\n  return max\n}\n\nexports.minSatisfying = minSatisfying\nfunction minSatisfying (versions, range, options) {\n  var min = null\n  var minSV = null\n  try {\n    var rangeObj = new Range(range, options)\n  } catch (er) {\n    return null\n  }\n  versions.forEach(function (v) {\n    if (rangeObj.test(v)) {\n      // satisfies(v, range, options)\n      if (!min || minSV.compare(v) === 1) {\n        // compare(min, v, true)\n        min = v\n        minSV = new SemVer(min, options)\n      }\n    }\n  })\n  return min\n}\n\nexports.minVersion = minVersion\nfunction minVersion (range, loose) {\n  range = new Range(range, loose)\n\n  var minver = new SemVer('0.0.0')\n  if (range.test(minver)) {\n    return minver\n  }\n\n  minver = new SemVer('0.0.0-0')\n  if (range.test(minver)) {\n    return minver\n  }\n\n  minver = null\n  for (var i = 0; i < range.set.length; ++i) {\n    var comparators = range.set[i]\n\n    comparators.forEach(function (comparator) {\n      // Clone to avoid manipulating the comparator's semver object.\n      var compver = new SemVer(comparator.semver.version)\n      switch (comparator.operator) {\n        case '>':\n          if (compver.prerelease.length === 0) {\n            compver.patch++\n          } else {\n            compver.prerelease.push(0)\n          }\n          compver.raw = compver.format()\n          /* fallthrough */\n        case '':\n        case '>=':\n          if (!minver || gt(minver, compver)) {\n            minver = compver\n          }\n          break\n        case '<':\n        case '<=':\n          /* Ignore maximum versions */\n          break\n        /* istanbul ignore next */\n        default:\n          throw new Error('Unexpected operation: ' + comparator.operator)\n      }\n    })\n  }\n\n  if (minver && range.test(minver)) {\n    return minver\n  }\n\n  return null\n}\n\nexports.validRange = validRange\nfunction validRange (range, options) {\n  try {\n    // Return '*' instead of '' so that truthiness works.\n    // This will throw if it's invalid anyway\n    return new Range(range, options).range || '*'\n  } catch (er) {\n    return null\n  }\n}\n\n// Determine if version is less than all the versions possible in the range\nexports.ltr = ltr\nfunction ltr (version, range, options) {\n  return outside(version, range, '<', options)\n}\n\n// Determine if version is greater than all the versions possible in the range.\nexports.gtr = gtr\nfunction gtr (version, range, options) {\n  return outside(version, range, '>', options)\n}\n\nexports.outside = outside\nfunction outside (version, range, hilo, options) {\n  version = new SemVer(version, options)\n  range = new Range(range, options)\n\n  var gtfn, ltefn, ltfn, comp, ecomp\n  switch (hilo) {\n    case '>':\n      gtfn = gt\n      ltefn = lte\n      ltfn = lt\n      comp = '>'\n      ecomp = '>='\n      break\n    case '<':\n      gtfn = lt\n      ltefn = gte\n      ltfn = gt\n      comp = '<'\n      ecomp = '<='\n      break\n    default:\n      throw new TypeError('Must provide a hilo val of \"<\" or \">\"')\n  }\n\n  // If it satisifes the range it is not outside\n  if (satisfies(version, range, options)) {\n    return false\n  }\n\n  // From now on, variable terms are as if we're in \"gtr\" mode.\n  // but note that everything is flipped for the \"ltr\" function.\n\n  for (var i = 0; i < range.set.length; ++i) {\n    var comparators = range.set[i]\n\n    var high = null\n    var low = null\n\n    comparators.forEach(function (comparator) {\n      if (comparator.semver === ANY) {\n        comparator = new Comparator('>=0.0.0')\n      }\n      high = high || comparator\n      low = low || comparator\n      if (gtfn(comparator.semver, high.semver, options)) {\n        high = comparator\n      } else if (ltfn(comparator.semver, low.semver, options)) {\n        low = comparator\n      }\n    })\n\n    // If the edge version comparator has a operator then our version\n    // isn't outside it\n    if (high.operator === comp || high.operator === ecomp) {\n      return false\n    }\n\n    // If the lowest version comparator has an operator and our version\n    // is less than it then it isn't higher than the range\n    if ((!low.operator || low.operator === comp) &&\n        ltefn(version, low.semver)) {\n      return false\n    } else if (low.operator === ecomp && ltfn(version, low.semver)) {\n      return false\n    }\n  }\n  return true\n}\n\nexports.prerelease = prerelease\nfunction prerelease (version, options) {\n  var parsed = parse(version, options)\n  return (parsed && parsed.prerelease.length) ? parsed.prerelease : null\n}\n\nexports.intersects = intersects\nfunction intersects (r1, r2, options) {\n  r1 = new Range(r1, options)\n  r2 = new Range(r2, options)\n  return r1.intersects(r2)\n}\n\nexports.coerce = coerce\nfunction coerce (version, options) {\n  if (version instanceof SemVer) {\n    return version\n  }\n\n  if (typeof version === 'number') {\n    version = String(version)\n  }\n\n  if (typeof version !== 'string') {\n    return null\n  }\n\n  options = options || {}\n\n  var match = null\n  if (!options.rtl) {\n    match = version.match(re[t.COERCE])\n  } else {\n    // Find the right-most coercible string that does not share\n    // a terminus with a more left-ward coercible string.\n    // Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'\n    //\n    // Walk through the string checking with a /g regexp\n    // Manually set the index so as to pick up overlapping matches.\n    // Stop when we get a match that ends at the string end, since no\n    // coercible string can be more right-ward without the same terminus.\n    var next\n    while ((next = re[t.COERCERTL].exec(version)) &&\n      (!match || match.index + match[0].length !== version.length)\n    ) {\n      if (!match ||\n          next.index + next[0].length !== match.index + match[0].length) {\n        match = next\n      }\n      re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length\n    }\n    // leave it in a clean state\n    re[t.COERCERTL].lastIndex = -1\n  }\n\n  if (match === null) {\n    return null\n  }\n\n  return parse(match[2] +\n    '.' + (match[3] || '0') +\n    '.' + (match[4] || '0'), options)\n}\n","\"use strict\";\n\nvar punycode = require(\"punycode\");\nvar mappingTable = require(\"./lib/mappingTable.json\");\n\nvar PROCESSING_OPTIONS = {\n  TRANSITIONAL: 0,\n  NONTRANSITIONAL: 1\n};\n\nfunction normalize(str) { // fix bug in v8\n  return str.split('\\u0000').map(function (s) { return s.normalize('NFC'); }).join('\\u0000');\n}\n\nfunction findStatus(val) {\n  var start = 0;\n  var end = mappingTable.length - 1;\n\n  while (start <= end) {\n    var mid = Math.floor((start + end) / 2);\n\n    var target = mappingTable[mid];\n    if (target[0][0] <= val && target[0][1] >= val) {\n      return target;\n    } else if (target[0][0] > val) {\n      end = mid - 1;\n    } else {\n      start = mid + 1;\n    }\n  }\n\n  return null;\n}\n\nvar regexAstralSymbols = /[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]/g;\n\nfunction countSymbols(string) {\n  return string\n    // replace every surrogate pair with a BMP symbol\n    .replace(regexAstralSymbols, '_')\n    // then get the length\n    .length;\n}\n\nfunction mapChars(domain_name, useSTD3, processing_option) {\n  var hasError = false;\n  var processed = \"\";\n\n  var len = countSymbols(domain_name);\n  for (var i = 0; i < len; ++i) {\n    var codePoint = domain_name.codePointAt(i);\n    var status = findStatus(codePoint);\n\n    switch (status[1]) {\n      case \"disallowed\":\n        hasError = true;\n        processed += String.fromCodePoint(codePoint);\n        break;\n      case \"ignored\":\n        break;\n      case \"mapped\":\n        processed += String.fromCodePoint.apply(String, status[2]);\n        break;\n      case \"deviation\":\n        if (processing_option === PROCESSING_OPTIONS.TRANSITIONAL) {\n          processed += String.fromCodePoint.apply(String, status[2]);\n        } else {\n          processed += String.fromCodePoint(codePoint);\n        }\n        break;\n      case \"valid\":\n        processed += String.fromCodePoint(codePoint);\n        break;\n      case \"disallowed_STD3_mapped\":\n        if (useSTD3) {\n          hasError = true;\n          processed += String.fromCodePoint(codePoint);\n        } else {\n          processed += String.fromCodePoint.apply(String, status[2]);\n        }\n        break;\n      case \"disallowed_STD3_valid\":\n        if (useSTD3) {\n          hasError = true;\n        }\n\n        processed += String.fromCodePoint(codePoint);\n        break;\n    }\n  }\n\n  return {\n    string: processed,\n    error: hasError\n  };\n}\n\nvar combiningMarksRegex = /[\\u0300-\\u036F\\u0483-\\u0489\\u0591-\\u05BD\\u05BF\\u05C1\\u05C2\\u05C4\\u05C5\\u05C7\\u0610-\\u061A\\u064B-\\u065F\\u0670\\u06D6-\\u06DC\\u06DF-\\u06E4\\u06E7\\u06E8\\u06EA-\\u06ED\\u0711\\u0730-\\u074A\\u07A6-\\u07B0\\u07EB-\\u07F3\\u0816-\\u0819\\u081B-\\u0823\\u0825-\\u0827\\u0829-\\u082D\\u0859-\\u085B\\u08E4-\\u0903\\u093A-\\u093C\\u093E-\\u094F\\u0951-\\u0957\\u0962\\u0963\\u0981-\\u0983\\u09BC\\u09BE-\\u09C4\\u09C7\\u09C8\\u09CB-\\u09CD\\u09D7\\u09E2\\u09E3\\u0A01-\\u0A03\\u0A3C\\u0A3E-\\u0A42\\u0A47\\u0A48\\u0A4B-\\u0A4D\\u0A51\\u0A70\\u0A71\\u0A75\\u0A81-\\u0A83\\u0ABC\\u0ABE-\\u0AC5\\u0AC7-\\u0AC9\\u0ACB-\\u0ACD\\u0AE2\\u0AE3\\u0B01-\\u0B03\\u0B3C\\u0B3E-\\u0B44\\u0B47\\u0B48\\u0B4B-\\u0B4D\\u0B56\\u0B57\\u0B62\\u0B63\\u0B82\\u0BBE-\\u0BC2\\u0BC6-\\u0BC8\\u0BCA-\\u0BCD\\u0BD7\\u0C00-\\u0C03\\u0C3E-\\u0C44\\u0C46-\\u0C48\\u0C4A-\\u0C4D\\u0C55\\u0C56\\u0C62\\u0C63\\u0C81-\\u0C83\\u0CBC\\u0CBE-\\u0CC4\\u0CC6-\\u0CC8\\u0CCA-\\u0CCD\\u0CD5\\u0CD6\\u0CE2\\u0CE3\\u0D01-\\u0D03\\u0D3E-\\u0D44\\u0D46-\\u0D48\\u0D4A-\\u0D4D\\u0D57\\u0D62\\u0D63\\u0D82\\u0D83\\u0DCA\\u0DCF-\\u0DD4\\u0DD6\\u0DD8-\\u0DDF\\u0DF2\\u0DF3\\u0E31\\u0E34-\\u0E3A\\u0E47-\\u0E4E\\u0EB1\\u0EB4-\\u0EB9\\u0EBB\\u0EBC\\u0EC8-\\u0ECD\\u0F18\\u0F19\\u0F35\\u0F37\\u0F39\\u0F3E\\u0F3F\\u0F71-\\u0F84\\u0F86\\u0F87\\u0F8D-\\u0F97\\u0F99-\\u0FBC\\u0FC6\\u102B-\\u103E\\u1056-\\u1059\\u105E-\\u1060\\u1062-\\u1064\\u1067-\\u106D\\u1071-\\u1074\\u1082-\\u108D\\u108F\\u109A-\\u109D\\u135D-\\u135F\\u1712-\\u1714\\u1732-\\u1734\\u1752\\u1753\\u1772\\u1773\\u17B4-\\u17D3\\u17DD\\u180B-\\u180D\\u18A9\\u1920-\\u192B\\u1930-\\u193B\\u19B0-\\u19C0\\u19C8\\u19C9\\u1A17-\\u1A1B\\u1A55-\\u1A5E\\u1A60-\\u1A7C\\u1A7F\\u1AB0-\\u1ABE\\u1B00-\\u1B04\\u1B34-\\u1B44\\u1B6B-\\u1B73\\u1B80-\\u1B82\\u1BA1-\\u1BAD\\u1BE6-\\u1BF3\\u1C24-\\u1C37\\u1CD0-\\u1CD2\\u1CD4-\\u1CE8\\u1CED\\u1CF2-\\u1CF4\\u1CF8\\u1CF9\\u1DC0-\\u1DF5\\u1DFC-\\u1DFF\\u20D0-\\u20F0\\u2CEF-\\u2CF1\\u2D7F\\u2DE0-\\u2DFF\\u302A-\\u302F\\u3099\\u309A\\uA66F-\\uA672\\uA674-\\uA67D\\uA69F\\uA6F0\\uA6F1\\uA802\\uA806\\uA80B\\uA823-\\uA827\\uA880\\uA881\\uA8B4-\\uA8C4\\uA8E0-\\uA8F1\\uA926-\\uA92D\\uA947-\\uA953\\uA980-\\uA983\\uA9B3-\\uA9C0\\uA9E5\\uAA29-\\uAA36\\uAA43\\uAA4C\\uAA4D\\uAA7B-\\uAA7D\\uAAB0\\uAAB2-\\uAAB4\\uAAB7\\uAAB8\\uAABE\\uAABF\\uAAC1\\uAAEB-\\uAAEF\\uAAF5\\uAAF6\\uABE3-\\uABEA\\uABEC\\uABED\\uFB1E\\uFE00-\\uFE0F\\uFE20-\\uFE2D]|\\uD800[\\uDDFD\\uDEE0\\uDF76-\\uDF7A]|\\uD802[\\uDE01-\\uDE03\\uDE05\\uDE06\\uDE0C-\\uDE0F\\uDE38-\\uDE3A\\uDE3F\\uDEE5\\uDEE6]|\\uD804[\\uDC00-\\uDC02\\uDC38-\\uDC46\\uDC7F-\\uDC82\\uDCB0-\\uDCBA\\uDD00-\\uDD02\\uDD27-\\uDD34\\uDD73\\uDD80-\\uDD82\\uDDB3-\\uDDC0\\uDE2C-\\uDE37\\uDEDF-\\uDEEA\\uDF01-\\uDF03\\uDF3C\\uDF3E-\\uDF44\\uDF47\\uDF48\\uDF4B-\\uDF4D\\uDF57\\uDF62\\uDF63\\uDF66-\\uDF6C\\uDF70-\\uDF74]|\\uD805[\\uDCB0-\\uDCC3\\uDDAF-\\uDDB5\\uDDB8-\\uDDC0\\uDE30-\\uDE40\\uDEAB-\\uDEB7]|\\uD81A[\\uDEF0-\\uDEF4\\uDF30-\\uDF36]|\\uD81B[\\uDF51-\\uDF7E\\uDF8F-\\uDF92]|\\uD82F[\\uDC9D\\uDC9E]|\\uD834[\\uDD65-\\uDD69\\uDD6D-\\uDD72\\uDD7B-\\uDD82\\uDD85-\\uDD8B\\uDDAA-\\uDDAD\\uDE42-\\uDE44]|\\uD83A[\\uDCD0-\\uDCD6]|\\uDB40[\\uDD00-\\uDDEF]/;\n\nfunction validateLabel(label, processing_option) {\n  if (label.substr(0, 4) === \"xn--\") {\n    label = punycode.toUnicode(label);\n    processing_option = PROCESSING_OPTIONS.NONTRANSITIONAL;\n  }\n\n  var error = false;\n\n  if (normalize(label) !== label ||\n      (label[3] === \"-\" && label[4] === \"-\") ||\n      label[0] === \"-\" || label[label.length - 1] === \"-\" ||\n      label.indexOf(\".\") !== -1 ||\n      label.search(combiningMarksRegex) === 0) {\n    error = true;\n  }\n\n  var len = countSymbols(label);\n  for (var i = 0; i < len; ++i) {\n    var status = findStatus(label.codePointAt(i));\n    if ((processing === PROCESSING_OPTIONS.TRANSITIONAL && status[1] !== \"valid\") ||\n        (processing === PROCESSING_OPTIONS.NONTRANSITIONAL &&\n         status[1] !== \"valid\" && status[1] !== \"deviation\")) {\n      error = true;\n      break;\n    }\n  }\n\n  return {\n    label: label,\n    error: error\n  };\n}\n\nfunction processing(domain_name, useSTD3, processing_option) {\n  var result = mapChars(domain_name, useSTD3, processing_option);\n  result.string = normalize(result.string);\n\n  var labels = result.string.split(\".\");\n  for (var i = 0; i < labels.length; ++i) {\n    try {\n      var validation = validateLabel(labels[i]);\n      labels[i] = validation.label;\n      result.error = result.error || validation.error;\n    } catch(e) {\n      result.error = true;\n    }\n  }\n\n  return {\n    string: labels.join(\".\"),\n    error: result.error\n  };\n}\n\nmodule.exports.toASCII = function(domain_name, useSTD3, processing_option, verifyDnsLength) {\n  var result = processing(domain_name, useSTD3, processing_option);\n  var labels = result.string.split(\".\");\n  labels = labels.map(function(l) {\n    try {\n      return punycode.toASCII(l);\n    } catch(e) {\n      result.error = true;\n      return l;\n    }\n  });\n\n  if (verifyDnsLength) {\n    var total = labels.slice(0, labels.length - 1).join(\".\").length;\n    if (total.length > 253 || total.length === 0) {\n      result.error = true;\n    }\n\n    for (var i=0; i < labels.length; ++i) {\n      if (labels.length > 63 || labels.length === 0) {\n        result.error = true;\n        break;\n      }\n    }\n  }\n\n  if (result.error) return null;\n  return labels.join(\".\");\n};\n\nmodule.exports.toUnicode = function(domain_name, useSTD3) {\n  var result = processing(domain_name, useSTD3, PROCESSING_OPTIONS.NONTRANSITIONAL);\n\n  return {\n    domain: result.string,\n    error: result.error\n  };\n};\n\nmodule.exports.PROCESSING_OPTIONS = PROCESSING_OPTIONS;\n","module.exports = require('./lib/tunnel');\n","'use strict';\n\nvar net = require('net');\nvar tls = require('tls');\nvar http = require('http');\nvar https = require('https');\nvar events = require('events');\nvar assert = require('assert');\nvar util = require('util');\n\n\nexports.httpOverHttp = httpOverHttp;\nexports.httpsOverHttp = httpsOverHttp;\nexports.httpOverHttps = httpOverHttps;\nexports.httpsOverHttps = httpsOverHttps;\n\n\nfunction httpOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  return agent;\n}\n\nfunction httpsOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\nfunction httpOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  return agent;\n}\n\nfunction httpsOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\n\nfunction TunnelingAgent(options) {\n  var self = this;\n  self.options = options || {};\n  self.proxyOptions = self.options.proxy || {};\n  self.maxSockets = self.options.maxSockets || http.Agent.defaultMaxSockets;\n  self.requests = [];\n  self.sockets = [];\n\n  self.on('free', function onFree(socket, host, port, localAddress) {\n    var options = toOptions(host, port, localAddress);\n    for (var i = 0, len = self.requests.length; i < len; ++i) {\n      var pending = self.requests[i];\n      if (pending.host === options.host && pending.port === options.port) {\n        // Detect the request to connect same origin server,\n        // reuse the connection.\n        self.requests.splice(i, 1);\n        pending.request.onSocket(socket);\n        return;\n      }\n    }\n    socket.destroy();\n    self.removeSocket(socket);\n  });\n}\nutil.inherits(TunnelingAgent, events.EventEmitter);\n\nTunnelingAgent.prototype.addRequest = function addRequest(req, host, port, localAddress) {\n  var self = this;\n  var options = mergeOptions({request: req}, self.options, toOptions(host, port, localAddress));\n\n  if (self.sockets.length >= this.maxSockets) {\n    // We are over limit so we'll add it to the queue.\n    self.requests.push(options);\n    return;\n  }\n\n  // If we are under maxSockets create a new one.\n  self.createSocket(options, function(socket) {\n    socket.on('free', onFree);\n    socket.on('close', onCloseOrRemove);\n    socket.on('agentRemove', onCloseOrRemove);\n    req.onSocket(socket);\n\n    function onFree() {\n      self.emit('free', socket, options);\n    }\n\n    function onCloseOrRemove(err) {\n      self.removeSocket(socket);\n      socket.removeListener('free', onFree);\n      socket.removeListener('close', onCloseOrRemove);\n      socket.removeListener('agentRemove', onCloseOrRemove);\n    }\n  });\n};\n\nTunnelingAgent.prototype.createSocket = function createSocket(options, cb) {\n  var self = this;\n  var placeholder = {};\n  self.sockets.push(placeholder);\n\n  var connectOptions = mergeOptions({}, self.proxyOptions, {\n    method: 'CONNECT',\n    path: options.host + ':' + options.port,\n    agent: false,\n    headers: {\n      host: options.host + ':' + options.port\n    }\n  });\n  if (options.localAddress) {\n    connectOptions.localAddress = options.localAddress;\n  }\n  if (connectOptions.proxyAuth) {\n    connectOptions.headers = connectOptions.headers || {};\n    connectOptions.headers['Proxy-Authorization'] = 'Basic ' +\n        new Buffer(connectOptions.proxyAuth).toString('base64');\n  }\n\n  debug('making CONNECT request');\n  var connectReq = self.request(connectOptions);\n  connectReq.useChunkedEncodingByDefault = false; // for v0.6\n  connectReq.once('response', onResponse); // for v0.6\n  connectReq.once('upgrade', onUpgrade);   // for v0.6\n  connectReq.once('connect', onConnect);   // for v0.7 or later\n  connectReq.once('error', onError);\n  connectReq.end();\n\n  function onResponse(res) {\n    // Very hacky. This is necessary to avoid http-parser leaks.\n    res.upgrade = true;\n  }\n\n  function onUpgrade(res, socket, head) {\n    // Hacky.\n    process.nextTick(function() {\n      onConnect(res, socket, head);\n    });\n  }\n\n  function onConnect(res, socket, head) {\n    connectReq.removeAllListeners();\n    socket.removeAllListeners();\n\n    if (res.statusCode !== 200) {\n      debug('tunneling socket could not be established, statusCode=%d',\n        res.statusCode);\n      socket.destroy();\n      var error = new Error('tunneling socket could not be established, ' +\n        'statusCode=' + res.statusCode);\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    if (head.length > 0) {\n      debug('got illegal response body from proxy');\n      socket.destroy();\n      var error = new Error('got illegal response body from proxy');\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    debug('tunneling connection has established');\n    self.sockets[self.sockets.indexOf(placeholder)] = socket;\n    return cb(socket);\n  }\n\n  function onError(cause) {\n    connectReq.removeAllListeners();\n\n    debug('tunneling socket could not be established, cause=%s\\n',\n          cause.message, cause.stack);\n    var error = new Error('tunneling socket could not be established, ' +\n                          'cause=' + cause.message);\n    error.code = 'ECONNRESET';\n    options.request.emit('error', error);\n    self.removeSocket(placeholder);\n  }\n};\n\nTunnelingAgent.prototype.removeSocket = function removeSocket(socket) {\n  var pos = this.sockets.indexOf(socket)\n  if (pos === -1) {\n    return;\n  }\n  this.sockets.splice(pos, 1);\n\n  var pending = this.requests.shift();\n  if (pending) {\n    // If we have pending requests and a socket gets closed a new one\n    // needs to be created to take over in the pool for the one that closed.\n    this.createSocket(pending, function(socket) {\n      pending.request.onSocket(socket);\n    });\n  }\n};\n\nfunction createSecureSocket(options, cb) {\n  var self = this;\n  TunnelingAgent.prototype.createSocket.call(self, options, function(socket) {\n    var hostHeader = options.request.getHeader('host');\n    var tlsOptions = mergeOptions({}, self.options, {\n      socket: socket,\n      servername: hostHeader ? hostHeader.replace(/:.*$/, '') : options.host\n    });\n\n    // 0 is dummy port for v0.6\n    var secureSocket = tls.connect(0, tlsOptions);\n    self.sockets[self.sockets.indexOf(socket)] = secureSocket;\n    cb(secureSocket);\n  });\n}\n\n\nfunction toOptions(host, port, localAddress) {\n  if (typeof host === 'string') { // since v0.10\n    return {\n      host: host,\n      port: port,\n      localAddress: localAddress\n    };\n  }\n  return host; // for v0.11 or later\n}\n\nfunction mergeOptions(target) {\n  for (var i = 1, len = arguments.length; i < len; ++i) {\n    var overrides = arguments[i];\n    if (typeof overrides === 'object') {\n      var keys = Object.keys(overrides);\n      for (var j = 0, keyLen = keys.length; j < keyLen; ++j) {\n        var k = keys[j];\n        if (overrides[k] !== undefined) {\n          target[k] = overrides[k];\n        }\n      }\n    }\n  }\n  return target;\n}\n\n\nvar debug;\nif (process.env.NODE_DEBUG && /\\btunnel\\b/.test(process.env.NODE_DEBUG)) {\n  debug = function() {\n    var args = Array.prototype.slice.call(arguments);\n    if (typeof args[0] === 'string') {\n      args[0] = 'TUNNEL: ' + args[0];\n    } else {\n      args.unshift('TUNNEL:');\n    }\n    console.error.apply(console, args);\n  }\n} else {\n  debug = function() {};\n}\nexports.debug = debug; // for test\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction getUserAgent() {\n  if (typeof navigator === \"object\" && \"userAgent\" in navigator) {\n    return navigator.userAgent;\n  }\n\n  if (typeof process === \"object\" && \"version\" in process) {\n    return `Node.js/${process.version.substr(1)} (${process.platform}; ${process.arch})`;\n  }\n\n  return \"<environment undetectable>\";\n}\n\nexports.getUserAgent = getUserAgent;\n//# sourceMappingURL=index.js.map\n","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nObject.defineProperty(exports, \"v1\", {\n  enumerable: true,\n  get: function () {\n    return _v.default;\n  }\n});\nObject.defineProperty(exports, \"v3\", {\n  enumerable: true,\n  get: function () {\n    return _v2.default;\n  }\n});\nObject.defineProperty(exports, \"v4\", {\n  enumerable: true,\n  get: function () {\n    return _v3.default;\n  }\n});\nObject.defineProperty(exports, \"v5\", {\n  enumerable: true,\n  get: function () {\n    return _v4.default;\n  }\n});\nObject.defineProperty(exports, \"NIL\", {\n  enumerable: true,\n  get: function () {\n    return _nil.default;\n  }\n});\nObject.defineProperty(exports, \"version\", {\n  enumerable: true,\n  get: function () {\n    return _version.default;\n  }\n});\nObject.defineProperty(exports, \"validate\", {\n  enumerable: true,\n  get: function () {\n    return _validate.default;\n  }\n});\nObject.defineProperty(exports, \"stringify\", {\n  enumerable: true,\n  get: function () {\n    return _stringify.default;\n  }\n});\nObject.defineProperty(exports, \"parse\", {\n  enumerable: true,\n  get: function () {\n    return _parse.default;\n  }\n});\n\nvar _v = _interopRequireDefault(require(\"./v1.js\"));\n\nvar _v2 = _interopRequireDefault(require(\"./v3.js\"));\n\nvar _v3 = _interopRequireDefault(require(\"./v4.js\"));\n\nvar _v4 = _interopRequireDefault(require(\"./v5.js\"));\n\nvar _nil = _interopRequireDefault(require(\"./nil.js\"));\n\nvar _version = _interopRequireDefault(require(\"./version.js\"));\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction md5(bytes) {\n  if (Array.isArray(bytes)) {\n    bytes = Buffer.from(bytes);\n  } else if (typeof bytes === 'string') {\n    bytes = Buffer.from(bytes, 'utf8');\n  }\n\n  return _crypto.default.createHash('md5').update(bytes).digest();\n}\n\nvar _default = md5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = '00000000-0000-0000-0000-000000000000';\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction parse(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  let v;\n  const arr = new Uint8Array(16); // Parse ########-....-....-....-............\n\n  arr[0] = (v = parseInt(uuid.slice(0, 8), 16)) >>> 24;\n  arr[1] = v >>> 16 & 0xff;\n  arr[2] = v >>> 8 & 0xff;\n  arr[3] = v & 0xff; // Parse ........-####-....-....-............\n\n  arr[4] = (v = parseInt(uuid.slice(9, 13), 16)) >>> 8;\n  arr[5] = v & 0xff; // Parse ........-....-####-....-............\n\n  arr[6] = (v = parseInt(uuid.slice(14, 18), 16)) >>> 8;\n  arr[7] = v & 0xff; // Parse ........-....-....-####-............\n\n  arr[8] = (v = parseInt(uuid.slice(19, 23), 16)) >>> 8;\n  arr[9] = v & 0xff; // Parse ........-....-....-....-############\n  // (Use \"/\" to avoid 32-bit truncation when bit-shifting high-order bytes)\n\n  arr[10] = (v = parseInt(uuid.slice(24, 36), 16)) / 0x10000000000 & 0xff;\n  arr[11] = v / 0x100000000 & 0xff;\n  arr[12] = v >>> 24 & 0xff;\n  arr[13] = v >>> 16 & 0xff;\n  arr[14] = v >>> 8 & 0xff;\n  arr[15] = v & 0xff;\n  return arr;\n}\n\nvar _default = parse;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000)$/i;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = rng;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst rnds8Pool = new Uint8Array(256); // # of random values to pre-allocate\n\nlet poolPtr = rnds8Pool.length;\n\nfunction rng() {\n  if (poolPtr > rnds8Pool.length - 16) {\n    _crypto.default.randomFillSync(rnds8Pool);\n\n    poolPtr = 0;\n  }\n\n  return rnds8Pool.slice(poolPtr, poolPtr += 16);\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction sha1(bytes) {\n  if (Array.isArray(bytes)) {\n    bytes = Buffer.from(bytes);\n  } else if (typeof bytes === 'string') {\n    bytes = Buffer.from(bytes, 'utf8');\n  }\n\n  return _crypto.default.createHash('sha1').update(bytes).digest();\n}\n\nvar _default = sha1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\nconst byteToHex = [];\n\nfor (let i = 0; i < 256; ++i) {\n  byteToHex.push((i + 0x100).toString(16).substr(1));\n}\n\nfunction stringify(arr, offset = 0) {\n  // Note: Be careful editing this code!  It's been tuned for performance\n  // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434\n  const uuid = (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + '-' + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + '-' + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + '-' + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + '-' + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase(); // Consistency check for valid UUID.  If this throws, it's likely due to one\n  // of the following:\n  // - One or more input array values don't map to a hex octet (leading to\n  // \"undefined\" in the uuid)\n  // - Invalid input values for the RFC `version` or `variant` fields\n\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Stringified UUID is invalid');\n  }\n\n  return uuid;\n}\n\nvar _default = stringify;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n// **`v1()` - Generate time-based UUID**\n//\n// Inspired by https://github.com/LiosK/UUID.js\n// and http://docs.python.org/library/uuid.html\nlet _nodeId;\n\nlet _clockseq; // Previous uuid creation time\n\n\nlet _lastMSecs = 0;\nlet _lastNSecs = 0; // See https://github.com/uuidjs/uuid for API details\n\nfunction v1(options, buf, offset) {\n  let i = buf && offset || 0;\n  const b = buf || new Array(16);\n  options = options || {};\n  let node = options.node || _nodeId;\n  let clockseq = options.clockseq !== undefined ? options.clockseq : _clockseq; // node and clockseq need to be initialized to random values if they're not\n  // specified.  We do this lazily to minimize issues related to insufficient\n  // system entropy.  See #189\n\n  if (node == null || clockseq == null) {\n    const seedBytes = options.random || (options.rng || _rng.default)();\n\n    if (node == null) {\n      // Per 4.5, create and 48-bit node id, (47 random bits + multicast bit = 1)\n      node = _nodeId = [seedBytes[0] | 0x01, seedBytes[1], seedBytes[2], seedBytes[3], seedBytes[4], seedBytes[5]];\n    }\n\n    if (clockseq == null) {\n      // Per 4.2.2, randomize (14 bit) clockseq\n      clockseq = _clockseq = (seedBytes[6] << 8 | seedBytes[7]) & 0x3fff;\n    }\n  } // UUID timestamps are 100 nano-second units since the Gregorian epoch,\n  // (1582-10-15 00:00).  JSNumbers aren't precise enough for this, so\n  // time is handled internally as 'msecs' (integer milliseconds) and 'nsecs'\n  // (100-nanoseconds offset from msecs) since unix epoch, 1970-01-01 00:00.\n\n\n  let msecs = options.msecs !== undefined ? options.msecs : Date.now(); // Per 4.2.1.2, use count of uuid's generated during the current clock\n  // cycle to simulate higher resolution clock\n\n  let nsecs = options.nsecs !== undefined ? options.nsecs : _lastNSecs + 1; // Time since last uuid creation (in msecs)\n\n  const dt = msecs - _lastMSecs + (nsecs - _lastNSecs) / 10000; // Per 4.2.1.2, Bump clockseq on clock regression\n\n  if (dt < 0 && options.clockseq === undefined) {\n    clockseq = clockseq + 1 & 0x3fff;\n  } // Reset nsecs if clock regresses (new clockseq) or we've moved onto a new\n  // time interval\n\n\n  if ((dt < 0 || msecs > _lastMSecs) && options.nsecs === undefined) {\n    nsecs = 0;\n  } // Per 4.2.1.2 Throw error if too many uuids are requested\n\n\n  if (nsecs >= 10000) {\n    throw new Error(\"uuid.v1(): Can't create more than 10M uuids/sec\");\n  }\n\n  _lastMSecs = msecs;\n  _lastNSecs = nsecs;\n  _clockseq = clockseq; // Per 4.1.4 - Convert from unix epoch to Gregorian epoch\n\n  msecs += 12219292800000; // `time_low`\n\n  const tl = ((msecs & 0xfffffff) * 10000 + nsecs) % 0x100000000;\n  b[i++] = tl >>> 24 & 0xff;\n  b[i++] = tl >>> 16 & 0xff;\n  b[i++] = tl >>> 8 & 0xff;\n  b[i++] = tl & 0xff; // `time_mid`\n\n  const tmh = msecs / 0x100000000 * 10000 & 0xfffffff;\n  b[i++] = tmh >>> 8 & 0xff;\n  b[i++] = tmh & 0xff; // `time_high_and_version`\n\n  b[i++] = tmh >>> 24 & 0xf | 0x10; // include version\n\n  b[i++] = tmh >>> 16 & 0xff; // `clock_seq_hi_and_reserved` (Per 4.2.2 - include variant)\n\n  b[i++] = clockseq >>> 8 | 0x80; // `clock_seq_low`\n\n  b[i++] = clockseq & 0xff; // `node`\n\n  for (let n = 0; n < 6; ++n) {\n    b[i + n] = node[n];\n  }\n\n  return buf || (0, _stringify.default)(b);\n}\n\nvar _default = v1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _md = _interopRequireDefault(require(\"./md5.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v3 = (0, _v.default)('v3', 0x30, _md.default);\nvar _default = v3;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = _default;\nexports.URL = exports.DNS = void 0;\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction stringToBytes(str) {\n  str = unescape(encodeURIComponent(str)); // UTF8 escape\n\n  const bytes = [];\n\n  for (let i = 0; i < str.length; ++i) {\n    bytes.push(str.charCodeAt(i));\n  }\n\n  return bytes;\n}\n\nconst DNS = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nexports.DNS = DNS;\nconst URL = '6ba7b811-9dad-11d1-80b4-00c04fd430c8';\nexports.URL = URL;\n\nfunction _default(name, version, hashfunc) {\n  function generateUUID(value, namespace, buf, offset) {\n    if (typeof value === 'string') {\n      value = stringToBytes(value);\n    }\n\n    if (typeof namespace === 'string') {\n      namespace = (0, _parse.default)(namespace);\n    }\n\n    if (namespace.length !== 16) {\n      throw TypeError('Namespace must be array-like (16 iterable integer values, 0-255)');\n    } // Compute hash of namespace and value, Per 4.3\n    // Future: Use spread syntax when supported on all platforms, e.g. `bytes =\n    // hashfunc([...namespace, ... value])`\n\n\n    let bytes = new Uint8Array(16 + value.length);\n    bytes.set(namespace);\n    bytes.set(value, namespace.length);\n    bytes = hashfunc(bytes);\n    bytes[6] = bytes[6] & 0x0f | version;\n    bytes[8] = bytes[8] & 0x3f | 0x80;\n\n    if (buf) {\n      offset = offset || 0;\n\n      for (let i = 0; i < 16; ++i) {\n        buf[offset + i] = bytes[i];\n      }\n\n      return buf;\n    }\n\n    return (0, _stringify.default)(bytes);\n  } // Function#name is not settable on some platforms (#270)\n\n\n  try {\n    generateUUID.name = name; // eslint-disable-next-line no-empty\n  } catch (err) {} // For CommonJS default export support\n\n\n  generateUUID.DNS = DNS;\n  generateUUID.URL = URL;\n  return generateUUID;\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction v4(options, buf, offset) {\n  options = options || {};\n\n  const rnds = options.random || (options.rng || _rng.default)(); // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n\n\n  rnds[6] = rnds[6] & 0x0f | 0x40;\n  rnds[8] = rnds[8] & 0x3f | 0x80; // Copy bytes to buffer, if provided\n\n  if (buf) {\n    offset = offset || 0;\n\n    for (let i = 0; i < 16; ++i) {\n      buf[offset + i] = rnds[i];\n    }\n\n    return buf;\n  }\n\n  return (0, _stringify.default)(rnds);\n}\n\nvar _default = v4;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _sha = _interopRequireDefault(require(\"./sha1.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v5 = (0, _v.default)('v5', 0x50, _sha.default);\nvar _default = v5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _regex = _interopRequireDefault(require(\"./regex.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction validate(uuid) {\n  return typeof uuid === 'string' && _regex.default.test(uuid);\n}\n\nvar _default = validate;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction version(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  return parseInt(uuid.substr(14, 1), 16);\n}\n\nvar _default = version;\nexports.default = _default;","\"use strict\";\n\nvar conversions = {};\nmodule.exports = conversions;\n\nfunction sign(x) {\n    return x < 0 ? -1 : 1;\n}\n\nfunction evenRound(x) {\n    // Round x to the nearest integer, choosing the even integer if it lies halfway between two.\n    if ((x % 1) === 0.5 && (x & 1) === 0) { // [even number].5; round down (i.e. floor)\n        return Math.floor(x);\n    } else {\n        return Math.round(x);\n    }\n}\n\nfunction createNumberConversion(bitLength, typeOpts) {\n    if (!typeOpts.unsigned) {\n        --bitLength;\n    }\n    const lowerBound = typeOpts.unsigned ? 0 : -Math.pow(2, bitLength);\n    const upperBound = Math.pow(2, bitLength) - 1;\n\n    const moduloVal = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength) : Math.pow(2, bitLength);\n    const moduloBound = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength - 1) : Math.pow(2, bitLength - 1);\n\n    return function(V, opts) {\n        if (!opts) opts = {};\n\n        let x = +V;\n\n        if (opts.enforceRange) {\n            if (!Number.isFinite(x)) {\n                throw new TypeError(\"Argument is not a finite number\");\n            }\n\n            x = sign(x) * Math.floor(Math.abs(x));\n            if (x < lowerBound || x > upperBound) {\n                throw new TypeError(\"Argument is not in byte range\");\n            }\n\n            return x;\n        }\n\n        if (!isNaN(x) && opts.clamp) {\n            x = evenRound(x);\n\n            if (x < lowerBound) x = lowerBound;\n            if (x > upperBound) x = upperBound;\n            return x;\n        }\n\n        if (!Number.isFinite(x) || x === 0) {\n            return 0;\n        }\n\n        x = sign(x) * Math.floor(Math.abs(x));\n        x = x % moduloVal;\n\n        if (!typeOpts.unsigned && x >= moduloBound) {\n            return x - moduloVal;\n        } else if (typeOpts.unsigned) {\n            if (x < 0) {\n              x += moduloVal;\n            } else if (x === -0) { // don't return negative zero\n              return 0;\n            }\n        }\n\n        return x;\n    }\n}\n\nconversions[\"void\"] = function () {\n    return undefined;\n};\n\nconversions[\"boolean\"] = function (val) {\n    return !!val;\n};\n\nconversions[\"byte\"] = createNumberConversion(8, { unsigned: false });\nconversions[\"octet\"] = createNumberConversion(8, { unsigned: true });\n\nconversions[\"short\"] = createNumberConversion(16, { unsigned: false });\nconversions[\"unsigned short\"] = createNumberConversion(16, { unsigned: true });\n\nconversions[\"long\"] = createNumberConversion(32, { unsigned: false });\nconversions[\"unsigned long\"] = createNumberConversion(32, { unsigned: true });\n\nconversions[\"long long\"] = createNumberConversion(32, { unsigned: false, moduloBitLength: 64 });\nconversions[\"unsigned long long\"] = createNumberConversion(32, { unsigned: true, moduloBitLength: 64 });\n\nconversions[\"double\"] = function (V) {\n    const x = +V;\n\n    if (!Number.isFinite(x)) {\n        throw new TypeError(\"Argument is not a finite floating-point value\");\n    }\n\n    return x;\n};\n\nconversions[\"unrestricted double\"] = function (V) {\n    const x = +V;\n\n    if (isNaN(x)) {\n        throw new TypeError(\"Argument is NaN\");\n    }\n\n    return x;\n};\n\n// not quite valid, but good enough for JS\nconversions[\"float\"] = conversions[\"double\"];\nconversions[\"unrestricted float\"] = conversions[\"unrestricted double\"];\n\nconversions[\"DOMString\"] = function (V, opts) {\n    if (!opts) opts = {};\n\n    if (opts.treatNullAsEmptyString && V === null) {\n        return \"\";\n    }\n\n    return String(V);\n};\n\nconversions[\"ByteString\"] = function (V, opts) {\n    const x = String(V);\n    let c = undefined;\n    for (let i = 0; (c = x.codePointAt(i)) !== undefined; ++i) {\n        if (c > 255) {\n            throw new TypeError(\"Argument is not a valid bytestring\");\n        }\n    }\n\n    return x;\n};\n\nconversions[\"USVString\"] = function (V) {\n    const S = String(V);\n    const n = S.length;\n    const U = [];\n    for (let i = 0; i < n; ++i) {\n        const c = S.charCodeAt(i);\n        if (c < 0xD800 || c > 0xDFFF) {\n            U.push(String.fromCodePoint(c));\n        } else if (0xDC00 <= c && c <= 0xDFFF) {\n            U.push(String.fromCodePoint(0xFFFD));\n        } else {\n            if (i === n - 1) {\n                U.push(String.fromCodePoint(0xFFFD));\n            } else {\n                const d = S.charCodeAt(i + 1);\n                if (0xDC00 <= d && d <= 0xDFFF) {\n                    const a = c & 0x3FF;\n                    const b = d & 0x3FF;\n                    U.push(String.fromCodePoint((2 << 15) + (2 << 9) * a + b));\n                    ++i;\n                } else {\n                    U.push(String.fromCodePoint(0xFFFD));\n                }\n            }\n        }\n    }\n\n    return U.join('');\n};\n\nconversions[\"Date\"] = function (V, opts) {\n    if (!(V instanceof Date)) {\n        throw new TypeError(\"Argument is not a Date object\");\n    }\n    if (isNaN(V)) {\n        return undefined;\n    }\n\n    return V;\n};\n\nconversions[\"RegExp\"] = function (V, opts) {\n    if (!(V instanceof RegExp)) {\n        V = new RegExp(V);\n    }\n\n    return V;\n};\n","\"use strict\";\nconst usm = require(\"./url-state-machine\");\n\nexports.implementation = class URLImpl {\n  constructor(constructorArgs) {\n    const url = constructorArgs[0];\n    const base = constructorArgs[1];\n\n    let parsedBase = null;\n    if (base !== undefined) {\n      parsedBase = usm.basicURLParse(base);\n      if (parsedBase === \"failure\") {\n        throw new TypeError(\"Invalid base URL\");\n      }\n    }\n\n    const parsedURL = usm.basicURLParse(url, { baseURL: parsedBase });\n    if (parsedURL === \"failure\") {\n      throw new TypeError(\"Invalid URL\");\n    }\n\n    this._url = parsedURL;\n\n    // TODO: query stuff\n  }\n\n  get href() {\n    return usm.serializeURL(this._url);\n  }\n\n  set href(v) {\n    const parsedURL = usm.basicURLParse(v);\n    if (parsedURL === \"failure\") {\n      throw new TypeError(\"Invalid URL\");\n    }\n\n    this._url = parsedURL;\n  }\n\n  get origin() {\n    return usm.serializeURLOrigin(this._url);\n  }\n\n  get protocol() {\n    return this._url.scheme + \":\";\n  }\n\n  set protocol(v) {\n    usm.basicURLParse(v + \":\", { url: this._url, stateOverride: \"scheme start\" });\n  }\n\n  get username() {\n    return this._url.username;\n  }\n\n  set username(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    usm.setTheUsername(this._url, v);\n  }\n\n  get password() {\n    return this._url.password;\n  }\n\n  set password(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    usm.setThePassword(this._url, v);\n  }\n\n  get host() {\n    const url = this._url;\n\n    if (url.host === null) {\n      return \"\";\n    }\n\n    if (url.port === null) {\n      return usm.serializeHost(url.host);\n    }\n\n    return usm.serializeHost(url.host) + \":\" + usm.serializeInteger(url.port);\n  }\n\n  set host(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"host\" });\n  }\n\n  get hostname() {\n    if (this._url.host === null) {\n      return \"\";\n    }\n\n    return usm.serializeHost(this._url.host);\n  }\n\n  set hostname(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"hostname\" });\n  }\n\n  get port() {\n    if (this._url.port === null) {\n      return \"\";\n    }\n\n    return usm.serializeInteger(this._url.port);\n  }\n\n  set port(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    if (v === \"\") {\n      this._url.port = null;\n    } else {\n      usm.basicURLParse(v, { url: this._url, stateOverride: \"port\" });\n    }\n  }\n\n  get pathname() {\n    if (this._url.cannotBeABaseURL) {\n      return this._url.path[0];\n    }\n\n    if (this._url.path.length === 0) {\n      return \"\";\n    }\n\n    return \"/\" + this._url.path.join(\"/\");\n  }\n\n  set pathname(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    this._url.path = [];\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"path start\" });\n  }\n\n  get search() {\n    if (this._url.query === null || this._url.query === \"\") {\n      return \"\";\n    }\n\n    return \"?\" + this._url.query;\n  }\n\n  set search(v) {\n    // TODO: query stuff\n\n    const url = this._url;\n\n    if (v === \"\") {\n      url.query = null;\n      return;\n    }\n\n    const input = v[0] === \"?\" ? v.substring(1) : v;\n    url.query = \"\";\n    usm.basicURLParse(input, { url, stateOverride: \"query\" });\n  }\n\n  get hash() {\n    if (this._url.fragment === null || this._url.fragment === \"\") {\n      return \"\";\n    }\n\n    return \"#\" + this._url.fragment;\n  }\n\n  set hash(v) {\n    if (v === \"\") {\n      this._url.fragment = null;\n      return;\n    }\n\n    const input = v[0] === \"#\" ? v.substring(1) : v;\n    this._url.fragment = \"\";\n    usm.basicURLParse(input, { url: this._url, stateOverride: \"fragment\" });\n  }\n\n  toJSON() {\n    return this.href;\n  }\n};\n","\"use strict\";\n\nconst conversions = require(\"webidl-conversions\");\nconst utils = require(\"./utils.js\");\nconst Impl = require(\".//URL-impl.js\");\n\nconst impl = utils.implSymbol;\n\nfunction URL(url) {\n  if (!this || this[impl] || !(this instanceof URL)) {\n    throw new TypeError(\"Failed to construct 'URL': Please use the 'new' operator, this DOM object constructor cannot be called as a function.\");\n  }\n  if (arguments.length < 1) {\n    throw new TypeError(\"Failed to construct 'URL': 1 argument required, but only \" + arguments.length + \" present.\");\n  }\n  const args = [];\n  for (let i = 0; i < arguments.length && i < 2; ++i) {\n    args[i] = arguments[i];\n  }\n  args[0] = conversions[\"USVString\"](args[0]);\n  if (args[1] !== undefined) {\n  args[1] = conversions[\"USVString\"](args[1]);\n  }\n\n  module.exports.setup(this, args);\n}\n\nURL.prototype.toJSON = function toJSON() {\n  if (!this || !module.exports.is(this)) {\n    throw new TypeError(\"Illegal invocation\");\n  }\n  const args = [];\n  for (let i = 0; i < arguments.length && i < 0; ++i) {\n    args[i] = arguments[i];\n  }\n  return this[impl].toJSON.apply(this[impl], args);\n};\nObject.defineProperty(URL.prototype, \"href\", {\n  get() {\n    return this[impl].href;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].href = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nURL.prototype.toString = function () {\n  if (!this || !module.exports.is(this)) {\n    throw new TypeError(\"Illegal invocation\");\n  }\n  return this.href;\n};\n\nObject.defineProperty(URL.prototype, \"origin\", {\n  get() {\n    return this[impl].origin;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"protocol\", {\n  get() {\n    return this[impl].protocol;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].protocol = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"username\", {\n  get() {\n    return this[impl].username;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].username = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"password\", {\n  get() {\n    return this[impl].password;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].password = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"host\", {\n  get() {\n    return this[impl].host;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].host = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"hostname\", {\n  get() {\n    return this[impl].hostname;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].hostname = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"port\", {\n  get() {\n    return this[impl].port;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].port = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"pathname\", {\n  get() {\n    return this[impl].pathname;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].pathname = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"search\", {\n  get() {\n    return this[impl].search;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].search = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"hash\", {\n  get() {\n    return this[impl].hash;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].hash = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\n\nmodule.exports = {\n  is(obj) {\n    return !!obj && obj[impl] instanceof Impl.implementation;\n  },\n  create(constructorArgs, privateData) {\n    let obj = Object.create(URL.prototype);\n    this.setup(obj, constructorArgs, privateData);\n    return obj;\n  },\n  setup(obj, constructorArgs, privateData) {\n    if (!privateData) privateData = {};\n    privateData.wrapper = obj;\n\n    obj[impl] = new Impl.implementation(constructorArgs, privateData);\n    obj[impl][utils.wrapperSymbol] = obj;\n  },\n  interface: URL,\n  expose: {\n    Window: { URL: URL },\n    Worker: { URL: URL }\n  }\n};\n\n","\"use strict\";\n\nexports.URL = require(\"./URL\").interface;\nexports.serializeURL = require(\"./url-state-machine\").serializeURL;\nexports.serializeURLOrigin = require(\"./url-state-machine\").serializeURLOrigin;\nexports.basicURLParse = require(\"./url-state-machine\").basicURLParse;\nexports.setTheUsername = require(\"./url-state-machine\").setTheUsername;\nexports.setThePassword = require(\"./url-state-machine\").setThePassword;\nexports.serializeHost = require(\"./url-state-machine\").serializeHost;\nexports.serializeInteger = require(\"./url-state-machine\").serializeInteger;\nexports.parseURL = require(\"./url-state-machine\").parseURL;\n","\"use strict\";\r\nconst punycode = require(\"punycode\");\r\nconst tr46 = require(\"tr46\");\r\n\r\nconst specialSchemes = {\r\n  ftp: 21,\r\n  file: null,\r\n  gopher: 70,\r\n  http: 80,\r\n  https: 443,\r\n  ws: 80,\r\n  wss: 443\r\n};\r\n\r\nconst failure = Symbol(\"failure\");\r\n\r\nfunction countSymbols(str) {\r\n  return punycode.ucs2.decode(str).length;\r\n}\r\n\r\nfunction at(input, idx) {\r\n  const c = input[idx];\r\n  return isNaN(c) ? undefined : String.fromCodePoint(c);\r\n}\r\n\r\nfunction isASCIIDigit(c) {\r\n  return c >= 0x30 && c <= 0x39;\r\n}\r\n\r\nfunction isASCIIAlpha(c) {\r\n  return (c >= 0x41 && c <= 0x5A) || (c >= 0x61 && c <= 0x7A);\r\n}\r\n\r\nfunction isASCIIAlphanumeric(c) {\r\n  return isASCIIAlpha(c) || isASCIIDigit(c);\r\n}\r\n\r\nfunction isASCIIHex(c) {\r\n  return isASCIIDigit(c) || (c >= 0x41 && c <= 0x46) || (c >= 0x61 && c <= 0x66);\r\n}\r\n\r\nfunction isSingleDot(buffer) {\r\n  return buffer === \".\" || buffer.toLowerCase() === \"%2e\";\r\n}\r\n\r\nfunction isDoubleDot(buffer) {\r\n  buffer = buffer.toLowerCase();\r\n  return buffer === \"..\" || buffer === \"%2e.\" || buffer === \".%2e\" || buffer === \"%2e%2e\";\r\n}\r\n\r\nfunction isWindowsDriveLetterCodePoints(cp1, cp2) {\r\n  return isASCIIAlpha(cp1) && (cp2 === 58 || cp2 === 124);\r\n}\r\n\r\nfunction isWindowsDriveLetterString(string) {\r\n  return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && (string[1] === \":\" || string[1] === \"|\");\r\n}\r\n\r\nfunction isNormalizedWindowsDriveLetterString(string) {\r\n  return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && string[1] === \":\";\r\n}\r\n\r\nfunction containsForbiddenHostCodePoint(string) {\r\n  return string.search(/\\u0000|\\u0009|\\u000A|\\u000D|\\u0020|#|%|\\/|:|\\?|@|\\[|\\\\|\\]/) !== -1;\r\n}\r\n\r\nfunction containsForbiddenHostCodePointExcludingPercent(string) {\r\n  return string.search(/\\u0000|\\u0009|\\u000A|\\u000D|\\u0020|#|\\/|:|\\?|@|\\[|\\\\|\\]/) !== -1;\r\n}\r\n\r\nfunction isSpecialScheme(scheme) {\r\n  return specialSchemes[scheme] !== undefined;\r\n}\r\n\r\nfunction isSpecial(url) {\r\n  return isSpecialScheme(url.scheme);\r\n}\r\n\r\nfunction defaultPort(scheme) {\r\n  return specialSchemes[scheme];\r\n}\r\n\r\nfunction percentEncode(c) {\r\n  let hex = c.toString(16).toUpperCase();\r\n  if (hex.length === 1) {\r\n    hex = \"0\" + hex;\r\n  }\r\n\r\n  return \"%\" + hex;\r\n}\r\n\r\nfunction utf8PercentEncode(c) {\r\n  const buf = new Buffer(c);\r\n\r\n  let str = \"\";\r\n\r\n  for (let i = 0; i < buf.length; ++i) {\r\n    str += percentEncode(buf[i]);\r\n  }\r\n\r\n  return str;\r\n}\r\n\r\nfunction utf8PercentDecode(str) {\r\n  const input = new Buffer(str);\r\n  const output = [];\r\n  for (let i = 0; i < input.length; ++i) {\r\n    if (input[i] !== 37) {\r\n      output.push(input[i]);\r\n    } else if (input[i] === 37 && isASCIIHex(input[i + 1]) && isASCIIHex(input[i + 2])) {\r\n      output.push(parseInt(input.slice(i + 1, i + 3).toString(), 16));\r\n      i += 2;\r\n    } else {\r\n      output.push(input[i]);\r\n    }\r\n  }\r\n  return new Buffer(output).toString();\r\n}\r\n\r\nfunction isC0ControlPercentEncode(c) {\r\n  return c <= 0x1F || c > 0x7E;\r\n}\r\n\r\nconst extraPathPercentEncodeSet = new Set([32, 34, 35, 60, 62, 63, 96, 123, 125]);\r\nfunction isPathPercentEncode(c) {\r\n  return isC0ControlPercentEncode(c) || extraPathPercentEncodeSet.has(c);\r\n}\r\n\r\nconst extraUserinfoPercentEncodeSet =\r\n  new Set([47, 58, 59, 61, 64, 91, 92, 93, 94, 124]);\r\nfunction isUserinfoPercentEncode(c) {\r\n  return isPathPercentEncode(c) || extraUserinfoPercentEncodeSet.has(c);\r\n}\r\n\r\nfunction percentEncodeChar(c, encodeSetPredicate) {\r\n  const cStr = String.fromCodePoint(c);\r\n\r\n  if (encodeSetPredicate(c)) {\r\n    return utf8PercentEncode(cStr);\r\n  }\r\n\r\n  return cStr;\r\n}\r\n\r\nfunction parseIPv4Number(input) {\r\n  let R = 10;\r\n\r\n  if (input.length >= 2 && input.charAt(0) === \"0\" && input.charAt(1).toLowerCase() === \"x\") {\r\n    input = input.substring(2);\r\n    R = 16;\r\n  } else if (input.length >= 2 && input.charAt(0) === \"0\") {\r\n    input = input.substring(1);\r\n    R = 8;\r\n  }\r\n\r\n  if (input === \"\") {\r\n    return 0;\r\n  }\r\n\r\n  const regex = R === 10 ? /[^0-9]/ : (R === 16 ? /[^0-9A-Fa-f]/ : /[^0-7]/);\r\n  if (regex.test(input)) {\r\n    return failure;\r\n  }\r\n\r\n  return parseInt(input, R);\r\n}\r\n\r\nfunction parseIPv4(input) {\r\n  const parts = input.split(\".\");\r\n  if (parts[parts.length - 1] === \"\") {\r\n    if (parts.length > 1) {\r\n      parts.pop();\r\n    }\r\n  }\r\n\r\n  if (parts.length > 4) {\r\n    return input;\r\n  }\r\n\r\n  const numbers = [];\r\n  for (const part of parts) {\r\n    if (part === \"\") {\r\n      return input;\r\n    }\r\n    const n = parseIPv4Number(part);\r\n    if (n === failure) {\r\n      return input;\r\n    }\r\n\r\n    numbers.push(n);\r\n  }\r\n\r\n  for (let i = 0; i < numbers.length - 1; ++i) {\r\n    if (numbers[i] > 255) {\r\n      return failure;\r\n    }\r\n  }\r\n  if (numbers[numbers.length - 1] >= Math.pow(256, 5 - numbers.length)) {\r\n    return failure;\r\n  }\r\n\r\n  let ipv4 = numbers.pop();\r\n  let counter = 0;\r\n\r\n  for (const n of numbers) {\r\n    ipv4 += n * Math.pow(256, 3 - counter);\r\n    ++counter;\r\n  }\r\n\r\n  return ipv4;\r\n}\r\n\r\nfunction serializeIPv4(address) {\r\n  let output = \"\";\r\n  let n = address;\r\n\r\n  for (let i = 1; i <= 4; ++i) {\r\n    output = String(n % 256) + output;\r\n    if (i !== 4) {\r\n      output = \".\" + output;\r\n    }\r\n    n = Math.floor(n / 256);\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction parseIPv6(input) {\r\n  const address = [0, 0, 0, 0, 0, 0, 0, 0];\r\n  let pieceIndex = 0;\r\n  let compress = null;\r\n  let pointer = 0;\r\n\r\n  input = punycode.ucs2.decode(input);\r\n\r\n  if (input[pointer] === 58) {\r\n    if (input[pointer + 1] !== 58) {\r\n      return failure;\r\n    }\r\n\r\n    pointer += 2;\r\n    ++pieceIndex;\r\n    compress = pieceIndex;\r\n  }\r\n\r\n  while (pointer < input.length) {\r\n    if (pieceIndex === 8) {\r\n      return failure;\r\n    }\r\n\r\n    if (input[pointer] === 58) {\r\n      if (compress !== null) {\r\n        return failure;\r\n      }\r\n      ++pointer;\r\n      ++pieceIndex;\r\n      compress = pieceIndex;\r\n      continue;\r\n    }\r\n\r\n    let value = 0;\r\n    let length = 0;\r\n\r\n    while (length < 4 && isASCIIHex(input[pointer])) {\r\n      value = value * 0x10 + parseInt(at(input, pointer), 16);\r\n      ++pointer;\r\n      ++length;\r\n    }\r\n\r\n    if (input[pointer] === 46) {\r\n      if (length === 0) {\r\n        return failure;\r\n      }\r\n\r\n      pointer -= length;\r\n\r\n      if (pieceIndex > 6) {\r\n        return failure;\r\n      }\r\n\r\n      let numbersSeen = 0;\r\n\r\n      while (input[pointer] !== undefined) {\r\n        let ipv4Piece = null;\r\n\r\n        if (numbersSeen > 0) {\r\n          if (input[pointer] === 46 && numbersSeen < 4) {\r\n            ++pointer;\r\n          } else {\r\n            return failure;\r\n          }\r\n        }\r\n\r\n        if (!isASCIIDigit(input[pointer])) {\r\n          return failure;\r\n        }\r\n\r\n        while (isASCIIDigit(input[pointer])) {\r\n          const number = parseInt(at(input, pointer));\r\n          if (ipv4Piece === null) {\r\n            ipv4Piece = number;\r\n          } else if (ipv4Piece === 0) {\r\n            return failure;\r\n          } else {\r\n            ipv4Piece = ipv4Piece * 10 + number;\r\n          }\r\n          if (ipv4Piece > 255) {\r\n            return failure;\r\n          }\r\n          ++pointer;\r\n        }\r\n\r\n        address[pieceIndex] = address[pieceIndex] * 0x100 + ipv4Piece;\r\n\r\n        ++numbersSeen;\r\n\r\n        if (numbersSeen === 2 || numbersSeen === 4) {\r\n          ++pieceIndex;\r\n        }\r\n      }\r\n\r\n      if (numbersSeen !== 4) {\r\n        return failure;\r\n      }\r\n\r\n      break;\r\n    } else if (input[pointer] === 58) {\r\n      ++pointer;\r\n      if (input[pointer] === undefined) {\r\n        return failure;\r\n      }\r\n    } else if (input[pointer] !== undefined) {\r\n      return failure;\r\n    }\r\n\r\n    address[pieceIndex] = value;\r\n    ++pieceIndex;\r\n  }\r\n\r\n  if (compress !== null) {\r\n    let swaps = pieceIndex - compress;\r\n    pieceIndex = 7;\r\n    while (pieceIndex !== 0 && swaps > 0) {\r\n      const temp = address[compress + swaps - 1];\r\n      address[compress + swaps - 1] = address[pieceIndex];\r\n      address[pieceIndex] = temp;\r\n      --pieceIndex;\r\n      --swaps;\r\n    }\r\n  } else if (compress === null && pieceIndex !== 8) {\r\n    return failure;\r\n  }\r\n\r\n  return address;\r\n}\r\n\r\nfunction serializeIPv6(address) {\r\n  let output = \"\";\r\n  const seqResult = findLongestZeroSequence(address);\r\n  const compress = seqResult.idx;\r\n  let ignore0 = false;\r\n\r\n  for (let pieceIndex = 0; pieceIndex <= 7; ++pieceIndex) {\r\n    if (ignore0 && address[pieceIndex] === 0) {\r\n      continue;\r\n    } else if (ignore0) {\r\n      ignore0 = false;\r\n    }\r\n\r\n    if (compress === pieceIndex) {\r\n      const separator = pieceIndex === 0 ? \"::\" : \":\";\r\n      output += separator;\r\n      ignore0 = true;\r\n      continue;\r\n    }\r\n\r\n    output += address[pieceIndex].toString(16);\r\n\r\n    if (pieceIndex !== 7) {\r\n      output += \":\";\r\n    }\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction parseHost(input, isSpecialArg) {\r\n  if (input[0] === \"[\") {\r\n    if (input[input.length - 1] !== \"]\") {\r\n      return failure;\r\n    }\r\n\r\n    return parseIPv6(input.substring(1, input.length - 1));\r\n  }\r\n\r\n  if (!isSpecialArg) {\r\n    return parseOpaqueHost(input);\r\n  }\r\n\r\n  const domain = utf8PercentDecode(input);\r\n  const asciiDomain = tr46.toASCII(domain, false, tr46.PROCESSING_OPTIONS.NONTRANSITIONAL, false);\r\n  if (asciiDomain === null) {\r\n    return failure;\r\n  }\r\n\r\n  if (containsForbiddenHostCodePoint(asciiDomain)) {\r\n    return failure;\r\n  }\r\n\r\n  const ipv4Host = parseIPv4(asciiDomain);\r\n  if (typeof ipv4Host === \"number\" || ipv4Host === failure) {\r\n    return ipv4Host;\r\n  }\r\n\r\n  return asciiDomain;\r\n}\r\n\r\nfunction parseOpaqueHost(input) {\r\n  if (containsForbiddenHostCodePointExcludingPercent(input)) {\r\n    return failure;\r\n  }\r\n\r\n  let output = \"\";\r\n  const decoded = punycode.ucs2.decode(input);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    output += percentEncodeChar(decoded[i], isC0ControlPercentEncode);\r\n  }\r\n  return output;\r\n}\r\n\r\nfunction findLongestZeroSequence(arr) {\r\n  let maxIdx = null;\r\n  let maxLen = 1; // only find elements > 1\r\n  let currStart = null;\r\n  let currLen = 0;\r\n\r\n  for (let i = 0; i < arr.length; ++i) {\r\n    if (arr[i] !== 0) {\r\n      if (currLen > maxLen) {\r\n        maxIdx = currStart;\r\n        maxLen = currLen;\r\n      }\r\n\r\n      currStart = null;\r\n      currLen = 0;\r\n    } else {\r\n      if (currStart === null) {\r\n        currStart = i;\r\n      }\r\n      ++currLen;\r\n    }\r\n  }\r\n\r\n  // if trailing zeros\r\n  if (currLen > maxLen) {\r\n    maxIdx = currStart;\r\n    maxLen = currLen;\r\n  }\r\n\r\n  return {\r\n    idx: maxIdx,\r\n    len: maxLen\r\n  };\r\n}\r\n\r\nfunction serializeHost(host) {\r\n  if (typeof host === \"number\") {\r\n    return serializeIPv4(host);\r\n  }\r\n\r\n  // IPv6 serializer\r\n  if (host instanceof Array) {\r\n    return \"[\" + serializeIPv6(host) + \"]\";\r\n  }\r\n\r\n  return host;\r\n}\r\n\r\nfunction trimControlChars(url) {\r\n  return url.replace(/^[\\u0000-\\u001F\\u0020]+|[\\u0000-\\u001F\\u0020]+$/g, \"\");\r\n}\r\n\r\nfunction trimTabAndNewline(url) {\r\n  return url.replace(/\\u0009|\\u000A|\\u000D/g, \"\");\r\n}\r\n\r\nfunction shortenPath(url) {\r\n  const path = url.path;\r\n  if (path.length === 0) {\r\n    return;\r\n  }\r\n  if (url.scheme === \"file\" && path.length === 1 && isNormalizedWindowsDriveLetter(path[0])) {\r\n    return;\r\n  }\r\n\r\n  path.pop();\r\n}\r\n\r\nfunction includesCredentials(url) {\r\n  return url.username !== \"\" || url.password !== \"\";\r\n}\r\n\r\nfunction cannotHaveAUsernamePasswordPort(url) {\r\n  return url.host === null || url.host === \"\" || url.cannotBeABaseURL || url.scheme === \"file\";\r\n}\r\n\r\nfunction isNormalizedWindowsDriveLetter(string) {\r\n  return /^[A-Za-z]:$/.test(string);\r\n}\r\n\r\nfunction URLStateMachine(input, base, encodingOverride, url, stateOverride) {\r\n  this.pointer = 0;\r\n  this.input = input;\r\n  this.base = base || null;\r\n  this.encodingOverride = encodingOverride || \"utf-8\";\r\n  this.stateOverride = stateOverride;\r\n  this.url = url;\r\n  this.failure = false;\r\n  this.parseError = false;\r\n\r\n  if (!this.url) {\r\n    this.url = {\r\n      scheme: \"\",\r\n      username: \"\",\r\n      password: \"\",\r\n      host: null,\r\n      port: null,\r\n      path: [],\r\n      query: null,\r\n      fragment: null,\r\n\r\n      cannotBeABaseURL: false\r\n    };\r\n\r\n    const res = trimControlChars(this.input);\r\n    if (res !== this.input) {\r\n      this.parseError = true;\r\n    }\r\n    this.input = res;\r\n  }\r\n\r\n  const res = trimTabAndNewline(this.input);\r\n  if (res !== this.input) {\r\n    this.parseError = true;\r\n  }\r\n  this.input = res;\r\n\r\n  this.state = stateOverride || \"scheme start\";\r\n\r\n  this.buffer = \"\";\r\n  this.atFlag = false;\r\n  this.arrFlag = false;\r\n  this.passwordTokenSeenFlag = false;\r\n\r\n  this.input = punycode.ucs2.decode(this.input);\r\n\r\n  for (; this.pointer <= this.input.length; ++this.pointer) {\r\n    const c = this.input[this.pointer];\r\n    const cStr = isNaN(c) ? undefined : String.fromCodePoint(c);\r\n\r\n    // exec state machine\r\n    const ret = this[\"parse \" + this.state](c, cStr);\r\n    if (!ret) {\r\n      break; // terminate algorithm\r\n    } else if (ret === failure) {\r\n      this.failure = true;\r\n      break;\r\n    }\r\n  }\r\n}\r\n\r\nURLStateMachine.prototype[\"parse scheme start\"] = function parseSchemeStart(c, cStr) {\r\n  if (isASCIIAlpha(c)) {\r\n    this.buffer += cStr.toLowerCase();\r\n    this.state = \"scheme\";\r\n  } else if (!this.stateOverride) {\r\n    this.state = \"no scheme\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse scheme\"] = function parseScheme(c, cStr) {\r\n  if (isASCIIAlphanumeric(c) || c === 43 || c === 45 || c === 46) {\r\n    this.buffer += cStr.toLowerCase();\r\n  } else if (c === 58) {\r\n    if (this.stateOverride) {\r\n      if (isSpecial(this.url) && !isSpecialScheme(this.buffer)) {\r\n        return false;\r\n      }\r\n\r\n      if (!isSpecial(this.url) && isSpecialScheme(this.buffer)) {\r\n        return false;\r\n      }\r\n\r\n      if ((includesCredentials(this.url) || this.url.port !== null) && this.buffer === \"file\") {\r\n        return false;\r\n      }\r\n\r\n      if (this.url.scheme === \"file\" && (this.url.host === \"\" || this.url.host === null)) {\r\n        return false;\r\n      }\r\n    }\r\n    this.url.scheme = this.buffer;\r\n    this.buffer = \"\";\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n    if (this.url.scheme === \"file\") {\r\n      if (this.input[this.pointer + 1] !== 47 || this.input[this.pointer + 2] !== 47) {\r\n        this.parseError = true;\r\n      }\r\n      this.state = \"file\";\r\n    } else if (isSpecial(this.url) && this.base !== null && this.base.scheme === this.url.scheme) {\r\n      this.state = \"special relative or authority\";\r\n    } else if (isSpecial(this.url)) {\r\n      this.state = \"special authority slashes\";\r\n    } else if (this.input[this.pointer + 1] === 47) {\r\n      this.state = \"path or authority\";\r\n      ++this.pointer;\r\n    } else {\r\n      this.url.cannotBeABaseURL = true;\r\n      this.url.path.push(\"\");\r\n      this.state = \"cannot-be-a-base-URL path\";\r\n    }\r\n  } else if (!this.stateOverride) {\r\n    this.buffer = \"\";\r\n    this.state = \"no scheme\";\r\n    this.pointer = -1;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse no scheme\"] = function parseNoScheme(c) {\r\n  if (this.base === null || (this.base.cannotBeABaseURL && c !== 35)) {\r\n    return failure;\r\n  } else if (this.base.cannotBeABaseURL && c === 35) {\r\n    this.url.scheme = this.base.scheme;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n    this.url.fragment = \"\";\r\n    this.url.cannotBeABaseURL = true;\r\n    this.state = \"fragment\";\r\n  } else if (this.base.scheme === \"file\") {\r\n    this.state = \"file\";\r\n    --this.pointer;\r\n  } else {\r\n    this.state = \"relative\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special relative or authority\"] = function parseSpecialRelativeOrAuthority(c) {\r\n  if (c === 47 && this.input[this.pointer + 1] === 47) {\r\n    this.state = \"special authority ignore slashes\";\r\n    ++this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    this.state = \"relative\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path or authority\"] = function parsePathOrAuthority(c) {\r\n  if (c === 47) {\r\n    this.state = \"authority\";\r\n  } else {\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse relative\"] = function parseRelative(c) {\r\n  this.url.scheme = this.base.scheme;\r\n  if (isNaN(c)) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n  } else if (c === 47) {\r\n    this.state = \"relative slash\";\r\n  } else if (c === 63) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (c === 35) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else if (isSpecial(this.url) && c === 92) {\r\n    this.parseError = true;\r\n    this.state = \"relative slash\";\r\n  } else {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice(0, this.base.path.length - 1);\r\n\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse relative slash\"] = function parseRelativeSlash(c) {\r\n  if (isSpecial(this.url) && (c === 47 || c === 92)) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"special authority ignore slashes\";\r\n  } else if (c === 47) {\r\n    this.state = \"authority\";\r\n  } else {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special authority slashes\"] = function parseSpecialAuthoritySlashes(c) {\r\n  if (c === 47 && this.input[this.pointer + 1] === 47) {\r\n    this.state = \"special authority ignore slashes\";\r\n    ++this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    this.state = \"special authority ignore slashes\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special authority ignore slashes\"] = function parseSpecialAuthorityIgnoreSlashes(c) {\r\n  if (c !== 47 && c !== 92) {\r\n    this.state = \"authority\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse authority\"] = function parseAuthority(c, cStr) {\r\n  if (c === 64) {\r\n    this.parseError = true;\r\n    if (this.atFlag) {\r\n      this.buffer = \"%40\" + this.buffer;\r\n    }\r\n    this.atFlag = true;\r\n\r\n    // careful, this is based on buffer and has its own pointer (this.pointer != pointer) and inner chars\r\n    const len = countSymbols(this.buffer);\r\n    for (let pointer = 0; pointer < len; ++pointer) {\r\n      const codePoint = this.buffer.codePointAt(pointer);\r\n\r\n      if (codePoint === 58 && !this.passwordTokenSeenFlag) {\r\n        this.passwordTokenSeenFlag = true;\r\n        continue;\r\n      }\r\n      const encodedCodePoints = percentEncodeChar(codePoint, isUserinfoPercentEncode);\r\n      if (this.passwordTokenSeenFlag) {\r\n        this.url.password += encodedCodePoints;\r\n      } else {\r\n        this.url.username += encodedCodePoints;\r\n      }\r\n    }\r\n    this.buffer = \"\";\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92)) {\r\n    if (this.atFlag && this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    }\r\n    this.pointer -= countSymbols(this.buffer) + 1;\r\n    this.buffer = \"\";\r\n    this.state = \"host\";\r\n  } else {\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse hostname\"] =\r\nURLStateMachine.prototype[\"parse host\"] = function parseHostName(c, cStr) {\r\n  if (this.stateOverride && this.url.scheme === \"file\") {\r\n    --this.pointer;\r\n    this.state = \"file host\";\r\n  } else if (c === 58 && !this.arrFlag) {\r\n    if (this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    }\r\n\r\n    const host = parseHost(this.buffer, isSpecial(this.url));\r\n    if (host === failure) {\r\n      return failure;\r\n    }\r\n\r\n    this.url.host = host;\r\n    this.buffer = \"\";\r\n    this.state = \"port\";\r\n    if (this.stateOverride === \"hostname\") {\r\n      return false;\r\n    }\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92)) {\r\n    --this.pointer;\r\n    if (isSpecial(this.url) && this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    } else if (this.stateOverride && this.buffer === \"\" &&\r\n               (includesCredentials(this.url) || this.url.port !== null)) {\r\n      this.parseError = true;\r\n      return false;\r\n    }\r\n\r\n    const host = parseHost(this.buffer, isSpecial(this.url));\r\n    if (host === failure) {\r\n      return failure;\r\n    }\r\n\r\n    this.url.host = host;\r\n    this.buffer = \"\";\r\n    this.state = \"path start\";\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n  } else {\r\n    if (c === 91) {\r\n      this.arrFlag = true;\r\n    } else if (c === 93) {\r\n      this.arrFlag = false;\r\n    }\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse port\"] = function parsePort(c, cStr) {\r\n  if (isASCIIDigit(c)) {\r\n    this.buffer += cStr;\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92) ||\r\n             this.stateOverride) {\r\n    if (this.buffer !== \"\") {\r\n      const port = parseInt(this.buffer);\r\n      if (port > Math.pow(2, 16) - 1) {\r\n        this.parseError = true;\r\n        return failure;\r\n      }\r\n      this.url.port = port === defaultPort(this.url.scheme) ? null : port;\r\n      this.buffer = \"\";\r\n    }\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n    this.state = \"path start\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nconst fileOtherwiseCodePoints = new Set([47, 92, 63, 35]);\r\n\r\nURLStateMachine.prototype[\"parse file\"] = function parseFile(c) {\r\n  this.url.scheme = \"file\";\r\n\r\n  if (c === 47 || c === 92) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"file slash\";\r\n  } else if (this.base !== null && this.base.scheme === \"file\") {\r\n    if (isNaN(c)) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = this.base.query;\r\n    } else if (c === 63) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = \"\";\r\n      this.state = \"query\";\r\n    } else if (c === 35) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = this.base.query;\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    } else {\r\n      if (this.input.length - this.pointer - 1 === 0 || // remaining consists of 0 code points\r\n          !isWindowsDriveLetterCodePoints(c, this.input[this.pointer + 1]) ||\r\n          (this.input.length - this.pointer - 1 >= 2 && // remaining has at least 2 code points\r\n           !fileOtherwiseCodePoints.has(this.input[this.pointer + 2]))) {\r\n        this.url.host = this.base.host;\r\n        this.url.path = this.base.path.slice();\r\n        shortenPath(this.url);\r\n      } else {\r\n        this.parseError = true;\r\n      }\r\n\r\n      this.state = \"path\";\r\n      --this.pointer;\r\n    }\r\n  } else {\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse file slash\"] = function parseFileSlash(c) {\r\n  if (c === 47 || c === 92) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"file host\";\r\n  } else {\r\n    if (this.base !== null && this.base.scheme === \"file\") {\r\n      if (isNormalizedWindowsDriveLetterString(this.base.path[0])) {\r\n        this.url.path.push(this.base.path[0]);\r\n      } else {\r\n        this.url.host = this.base.host;\r\n      }\r\n    }\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse file host\"] = function parseFileHost(c, cStr) {\r\n  if (isNaN(c) || c === 47 || c === 92 || c === 63 || c === 35) {\r\n    --this.pointer;\r\n    if (!this.stateOverride && isWindowsDriveLetterString(this.buffer)) {\r\n      this.parseError = true;\r\n      this.state = \"path\";\r\n    } else if (this.buffer === \"\") {\r\n      this.url.host = \"\";\r\n      if (this.stateOverride) {\r\n        return false;\r\n      }\r\n      this.state = \"path start\";\r\n    } else {\r\n      let host = parseHost(this.buffer, isSpecial(this.url));\r\n      if (host === failure) {\r\n        return failure;\r\n      }\r\n      if (host === \"localhost\") {\r\n        host = \"\";\r\n      }\r\n      this.url.host = host;\r\n\r\n      if (this.stateOverride) {\r\n        return false;\r\n      }\r\n\r\n      this.buffer = \"\";\r\n      this.state = \"path start\";\r\n    }\r\n  } else {\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path start\"] = function parsePathStart(c) {\r\n  if (isSpecial(this.url)) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"path\";\r\n\r\n    if (c !== 47 && c !== 92) {\r\n      --this.pointer;\r\n    }\r\n  } else if (!this.stateOverride && c === 63) {\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (!this.stateOverride && c === 35) {\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else if (c !== undefined) {\r\n    this.state = \"path\";\r\n    if (c !== 47) {\r\n      --this.pointer;\r\n    }\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path\"] = function parsePath(c) {\r\n  if (isNaN(c) || c === 47 || (isSpecial(this.url) && c === 92) ||\r\n      (!this.stateOverride && (c === 63 || c === 35))) {\r\n    if (isSpecial(this.url) && c === 92) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (isDoubleDot(this.buffer)) {\r\n      shortenPath(this.url);\r\n      if (c !== 47 && !(isSpecial(this.url) && c === 92)) {\r\n        this.url.path.push(\"\");\r\n      }\r\n    } else if (isSingleDot(this.buffer) && c !== 47 &&\r\n               !(isSpecial(this.url) && c === 92)) {\r\n      this.url.path.push(\"\");\r\n    } else if (!isSingleDot(this.buffer)) {\r\n      if (this.url.scheme === \"file\" && this.url.path.length === 0 && isWindowsDriveLetterString(this.buffer)) {\r\n        if (this.url.host !== \"\" && this.url.host !== null) {\r\n          this.parseError = true;\r\n          this.url.host = \"\";\r\n        }\r\n        this.buffer = this.buffer[0] + \":\";\r\n      }\r\n      this.url.path.push(this.buffer);\r\n    }\r\n    this.buffer = \"\";\r\n    if (this.url.scheme === \"file\" && (c === undefined || c === 63 || c === 35)) {\r\n      while (this.url.path.length > 1 && this.url.path[0] === \"\") {\r\n        this.parseError = true;\r\n        this.url.path.shift();\r\n      }\r\n    }\r\n    if (c === 63) {\r\n      this.url.query = \"\";\r\n      this.state = \"query\";\r\n    }\r\n    if (c === 35) {\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    }\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.buffer += percentEncodeChar(c, isPathPercentEncode);\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse cannot-be-a-base-URL path\"] = function parseCannotBeABaseURLPath(c) {\r\n  if (c === 63) {\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (c === 35) {\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else {\r\n    // TODO: Add: not a URL code point\r\n    if (!isNaN(c) && c !== 37) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (c === 37 &&\r\n        (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n         !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (!isNaN(c)) {\r\n      this.url.path[0] = this.url.path[0] + percentEncodeChar(c, isC0ControlPercentEncode);\r\n    }\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse query\"] = function parseQuery(c, cStr) {\r\n  if (isNaN(c) || (!this.stateOverride && c === 35)) {\r\n    if (!isSpecial(this.url) || this.url.scheme === \"ws\" || this.url.scheme === \"wss\") {\r\n      this.encodingOverride = \"utf-8\";\r\n    }\r\n\r\n    const buffer = new Buffer(this.buffer); // TODO: Use encoding override instead\r\n    for (let i = 0; i < buffer.length; ++i) {\r\n      if (buffer[i] < 0x21 || buffer[i] > 0x7E || buffer[i] === 0x22 || buffer[i] === 0x23 ||\r\n          buffer[i] === 0x3C || buffer[i] === 0x3E) {\r\n        this.url.query += percentEncode(buffer[i]);\r\n      } else {\r\n        this.url.query += String.fromCodePoint(buffer[i]);\r\n      }\r\n    }\r\n\r\n    this.buffer = \"\";\r\n    if (c === 35) {\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    }\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse fragment\"] = function parseFragment(c) {\r\n  if (isNaN(c)) { // do nothing\r\n  } else if (c === 0x0) {\r\n    this.parseError = true;\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.url.fragment += percentEncodeChar(c, isC0ControlPercentEncode);\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nfunction serializeURL(url, excludeFragment) {\r\n  let output = url.scheme + \":\";\r\n  if (url.host !== null) {\r\n    output += \"//\";\r\n\r\n    if (url.username !== \"\" || url.password !== \"\") {\r\n      output += url.username;\r\n      if (url.password !== \"\") {\r\n        output += \":\" + url.password;\r\n      }\r\n      output += \"@\";\r\n    }\r\n\r\n    output += serializeHost(url.host);\r\n\r\n    if (url.port !== null) {\r\n      output += \":\" + url.port;\r\n    }\r\n  } else if (url.host === null && url.scheme === \"file\") {\r\n    output += \"//\";\r\n  }\r\n\r\n  if (url.cannotBeABaseURL) {\r\n    output += url.path[0];\r\n  } else {\r\n    for (const string of url.path) {\r\n      output += \"/\" + string;\r\n    }\r\n  }\r\n\r\n  if (url.query !== null) {\r\n    output += \"?\" + url.query;\r\n  }\r\n\r\n  if (!excludeFragment && url.fragment !== null) {\r\n    output += \"#\" + url.fragment;\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction serializeOrigin(tuple) {\r\n  let result = tuple.scheme + \"://\";\r\n  result += serializeHost(tuple.host);\r\n\r\n  if (tuple.port !== null) {\r\n    result += \":\" + tuple.port;\r\n  }\r\n\r\n  return result;\r\n}\r\n\r\nmodule.exports.serializeURL = serializeURL;\r\n\r\nmodule.exports.serializeURLOrigin = function (url) {\r\n  // https://url.spec.whatwg.org/#concept-url-origin\r\n  switch (url.scheme) {\r\n    case \"blob\":\r\n      try {\r\n        return module.exports.serializeURLOrigin(module.exports.parseURL(url.path[0]));\r\n      } catch (e) {\r\n        // serializing an opaque origin returns \"null\"\r\n        return \"null\";\r\n      }\r\n    case \"ftp\":\r\n    case \"gopher\":\r\n    case \"http\":\r\n    case \"https\":\r\n    case \"ws\":\r\n    case \"wss\":\r\n      return serializeOrigin({\r\n        scheme: url.scheme,\r\n        host: url.host,\r\n        port: url.port\r\n      });\r\n    case \"file\":\r\n      // spec says \"exercise to the reader\", chrome says \"file://\"\r\n      return \"file://\";\r\n    default:\r\n      // serializing an opaque origin returns \"null\"\r\n      return \"null\";\r\n  }\r\n};\r\n\r\nmodule.exports.basicURLParse = function (input, options) {\r\n  if (options === undefined) {\r\n    options = {};\r\n  }\r\n\r\n  const usm = new URLStateMachine(input, options.baseURL, options.encodingOverride, options.url, options.stateOverride);\r\n  if (usm.failure) {\r\n    return \"failure\";\r\n  }\r\n\r\n  return usm.url;\r\n};\r\n\r\nmodule.exports.setTheUsername = function (url, username) {\r\n  url.username = \"\";\r\n  const decoded = punycode.ucs2.decode(username);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    url.username += percentEncodeChar(decoded[i], isUserinfoPercentEncode);\r\n  }\r\n};\r\n\r\nmodule.exports.setThePassword = function (url, password) {\r\n  url.password = \"\";\r\n  const decoded = punycode.ucs2.decode(password);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    url.password += percentEncodeChar(decoded[i], isUserinfoPercentEncode);\r\n  }\r\n};\r\n\r\nmodule.exports.serializeHost = serializeHost;\r\n\r\nmodule.exports.cannotHaveAUsernamePasswordPort = cannotHaveAUsernamePasswordPort;\r\n\r\nmodule.exports.serializeInteger = function (integer) {\r\n  return String(integer);\r\n};\r\n\r\nmodule.exports.parseURL = function (input, options) {\r\n  if (options === undefined) {\r\n    options = {};\r\n  }\r\n\r\n  // We don't handle blobs, so this just delegates:\r\n  return module.exports.basicURLParse(input, { baseURL: options.baseURL, encodingOverride: options.encodingOverride });\r\n};\r\n","\"use strict\";\n\nmodule.exports.mixin = function mixin(target, source) {\n  const keys = Object.getOwnPropertyNames(source);\n  for (let i = 0; i < keys.length; ++i) {\n    Object.defineProperty(target, keys[i], Object.getOwnPropertyDescriptor(source, keys[i]));\n  }\n};\n\nmodule.exports.wrapperSymbol = Symbol(\"wrapper\");\nmodule.exports.implSymbol = Symbol(\"impl\");\n\nmodule.exports.wrapperForImpl = function (impl) {\n  return impl[module.exports.wrapperSymbol];\n};\n\nmodule.exports.implForWrapper = function (wrapper) {\n  return wrapper[module.exports.implSymbol];\n};\n\n","// Returns a wrapper function that returns a wrapped callback\n// The wrapper function should do some stuff, and return a\n// presumably different callback function.\n// This makes sure that own properties are retained, so that\n// decorations and such are not lost along the way.\nmodule.exports = wrappy\nfunction wrappy (fn, cb) {\n  if (fn && cb) return wrappy(fn)(cb)\n\n  if (typeof fn !== 'function')\n    throw new TypeError('need wrapper function')\n\n  Object.keys(fn).forEach(function (k) {\n    wrapper[k] = fn[k]\n  })\n\n  return wrapper\n\n  function wrapper() {\n    var args = new Array(arguments.length)\n    for (var i = 0; i < args.length; i++) {\n      args[i] = arguments[i]\n    }\n    var ret = fn.apply(this, args)\n    var cb = args[args.length-1]\n    if (typeof ret === 'function' && ret !== cb) {\n      Object.keys(cb).forEach(function (k) {\n        ret[k] = cb[k]\n      })\n    }\n    return ret\n  }\n}\n",null,"module.exports = require(\"assert\");","module.exports = require(\"child_process\");","module.exports = require(\"crypto\");","module.exports = require(\"events\");","module.exports = require(\"fs\");","module.exports = require(\"http\");","module.exports = require(\"https\");","module.exports = require(\"net\");","module.exports = require(\"os\");","module.exports = require(\"path\");","module.exports = require(\"punycode\");","module.exports = require(\"stream\");","module.exports = require(\"string_decoder\");","module.exports = require(\"timers\");","module.exports = require(\"tls\");","module.exports = require(\"url\");","module.exports = require(\"util\");","module.exports = require(\"zlib\");","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\tvar threw = true;\n\ttry {\n\t\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\t\tthrew = false;\n\t} finally {\n\t\tif(threw) delete __webpack_module_cache__[moduleId];\n\t}\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","\nif (typeof __webpack_require__ !== 'undefined') __webpack_require__.ab = __dirname + \"/\";","","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(4822);\n",""],"names":[],"sourceRoot":""}
\ No newline at end of file
+{"version":3,"file":"index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC3FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/UA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1RA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5lBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1SA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/HA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AClFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACxpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/KA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACllCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACzEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACxDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChqDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3jDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChMA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC9EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1GA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChxCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChCA;;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AC7BA;AACA;;;;AEDA;AACA;AACA;AACA","sources":["../webpack://setup-slsa-verifier/./lib/index.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/command.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/core.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/file-command.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/oidc-utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/path-utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/summary.js","../webpack://setup-slsa-verifier/./node_modules/@actions/core/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/exec/lib/exec.js","../webpack://setup-slsa-verifier/./node_modules/@actions/exec/lib/toolrunner.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/context.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/github.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/internal/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/github/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/auth.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/@actions/http-client/lib/proxy.js","../webpack://setup-slsa-verifier/./node_modules/@actions/io/lib/io-util.js","../webpack://setup-slsa-verifier/./node_modules/@actions/io/lib/io.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/manifest.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/retry-helper.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/lib/tool-cache.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/lib/bytesToUuid.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/lib/rng.js","../webpack://setup-slsa-verifier/./node_modules/@actions/tool-cache/node_modules/uuid/v4.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/auth-token/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/core/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/endpoint/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/graphql/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/plugin-paginate-rest/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/request-error/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/@octokit/request/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/index.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/add.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/register.js","../webpack://setup-slsa-verifier/./node_modules/before-after-hook/lib/remove.js","../webpack://setup-slsa-verifier/./node_modules/deprecation/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/is-plain-object/dist/is-plain-object.js","../webpack://setup-slsa-verifier/./node_modules/node-fetch/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/once/once.js","../webpack://setup-slsa-verifier/./node_modules/semver/semver.js","../webpack://setup-slsa-verifier/./node_modules/tr46/index.js","../webpack://setup-slsa-verifier/./node_modules/tunnel/index.js","../webpack://setup-slsa-verifier/./node_modules/tunnel/lib/tunnel.js","../webpack://setup-slsa-verifier/./node_modules/universal-user-agent/dist-node/index.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/index.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/md5.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/nil.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/parse.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/regex.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/rng.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/sha1.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/stringify.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v1.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v3.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v35.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v4.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/v5.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/validate.js","../webpack://setup-slsa-verifier/./node_modules/uuid/dist/version.js","../webpack://setup-slsa-verifier/./node_modules/webidl-conversions/lib/index.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/URL-impl.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/URL.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/public-api.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/url-state-machine.js","../webpack://setup-slsa-verifier/./node_modules/whatwg-url/lib/utils.js","../webpack://setup-slsa-verifier/./node_modules/wrappy/wrappy.js","../webpack://setup-slsa-verifier/./node_modules/@vercel/ncc/dist/ncc/@@notfound.js","../webpack://setup-slsa-verifier/external node-commonjs \"assert\"","../webpack://setup-slsa-verifier/external node-commonjs \"child_process\"","../webpack://setup-slsa-verifier/external node-commonjs \"crypto\"","../webpack://setup-slsa-verifier/external node-commonjs \"events\"","../webpack://setup-slsa-verifier/external node-commonjs \"fs\"","../webpack://setup-slsa-verifier/external node-commonjs \"http\"","../webpack://setup-slsa-verifier/external node-commonjs \"https\"","../webpack://setup-slsa-verifier/external node-commonjs \"net\"","../webpack://setup-slsa-verifier/external node-commonjs \"os\"","../webpack://setup-slsa-verifier/external node-commonjs \"path\"","../webpack://setup-slsa-verifier/external node-commonjs \"punycode\"","../webpack://setup-slsa-verifier/external node-commonjs \"stream\"","../webpack://setup-slsa-verifier/external node-commonjs \"string_decoder\"","../webpack://setup-slsa-verifier/external node-commonjs \"timers\"","../webpack://setup-slsa-verifier/external node-commonjs \"tls\"","../webpack://setup-slsa-verifier/external node-commonjs \"url\"","../webpack://setup-slsa-verifier/external node-commonjs \"util\"","../webpack://setup-slsa-verifier/external node-commonjs \"zlib\"","../webpack://setup-slsa-verifier/webpack/bootstrap","../webpack://setup-slsa-verifier/webpack/runtime/compat","../webpack://setup-slsa-verifier/webpack/before-startup","../webpack://setup-slsa-verifier/webpack/startup","../webpack://setup-slsa-verifier/webpack/after-startup"],"sourcesContent":["\"use strict\";\n// Copyright 2022 SLSA Authors\n//\n// Licensed under the Apache License, Version 2.0 (the \"License\");\n// you may not use this file except in compliance with the License.\n// You may obtain a copy of the License at\n//\n//     https://www.apache.org/licenses/LICENSE-2.0\n//\n// Unless required by applicable law or agreed to in writing, software\n// distributed under the License is distributed on an \"AS IS\" BASIS,\n// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n// See the License for the specific language governing permissions and\n// limitations under the License.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.fileHasExpectedSha256Hash = exports.getVerifierVersion = exports.validVersion = void 0;\nconst core = __importStar(require(\"@actions/core\"));\nconst exec = __importStar(require(\"@actions/exec\"));\nconst github = __importStar(require(\"@actions/github\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst tc = __importStar(require(\"@actions/tool-cache\"));\nconst crypto = __importStar(require(\"crypto\"));\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst BOOTSTRAP_VERSION = \"v2.0.0\";\nconst BOOTSTRAP_VERIFIER_SHA256 = \"8d2e93a9ea0126d5daec22f2778b42fea79192605d16955f0c91847c3a6a8921\";\nconst BINARY_NAME = \"slsa-verifier\";\nconst PROVENANCE_NAME = \"slsa-verifier-linux-amd64.intoto.jsonl\";\n// If true, the input string conforms to slsa-verifier's versioning system.\nfunction validVersion(version) {\n    const re = /(v[0-9]+\\.[0-9]+\\.[0-9]+)/;\n    return re.test(version);\n}\nexports.validVersion = validVersion;\n// Resolve command line argument to a version number\nfunction getVerifierVersion(actionRef) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (validVersion(actionRef)) {\n            return actionRef;\n        }\n        // If actionRef is a commit SHA, then find the associated version number.\n        const shaRe = /^[a-f\\d]{40}$/;\n        if (shaRe.test(actionRef)) {\n            const octokit = github.getOctokit(core.getInput(\"github-token\"));\n            const { data: tags } = yield octokit.request(\"GET /repos/{owner}/{repository}/tags\", {\n                owner: \"slsa-framework\",\n                repository: \"slsa-verifier\",\n            });\n            for (const tag of tags) {\n                const commitSha = tag.commit.sha;\n                if (commitSha === actionRef) {\n                    return tag.name;\n                }\n            }\n        }\n        throw new Error(`Invalid version provided: ${actionRef}. For the set of valid versions, see https://github.com/slsa-framework/slsa-verifier/releases.`);\n    });\n}\nexports.getVerifierVersion = getVerifierVersion;\n// If true, then the file in `path` has the same SHA256 hash as `expectedSha256Hash``.\nfunction fileHasExpectedSha256Hash(filePath, expectedSha256Hash) {\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`File not found: ${filePath}`);\n    }\n    const untrustedFile = fs.readFileSync(filePath);\n    const computedSha256Hash = crypto\n        .createHash(\"sha256\")\n        .update(untrustedFile)\n        .digest(\"hex\");\n    return computedSha256Hash === expectedSha256Hash;\n}\nexports.fileHasExpectedSha256Hash = fileHasExpectedSha256Hash;\nlet tmpDir;\n// Delete bootstrap version and maybe installed version\nfunction cleanup() {\n    return __awaiter(this, void 0, void 0, function* () {\n        yield io.rmRF(`${tmpDir}`);\n    });\n}\nfunction run() {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Get requested verifier version and validate\n        // SLSA_VERIFIER_CI_ACTION_REF is a utility env variable to help us test\n        // the Action in CI.\n        const actionRef = process.env.GITHUB_ACTION_REF ||\n            process.env.SLSA_VERIFIER_CI_ACTION_REF ||\n            \"\";\n        let version;\n        try {\n            version = yield getVerifierVersion(actionRef);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Invalid version provided. For the set of valid versions, see https://github.com/slsa-framework/slsa-verifier/releases. ${errMsg}`);\n            cleanup();\n            return;\n        }\n        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), \"slsa-verifier_\"));\n        const bootstrapDir = `${tmpDir}/bootstrap`;\n        const installDir = `${tmpDir}/${version}`;\n        let bootstrapVerifierPath;\n        try {\n            // Download bootstrap version and validate SHA256 checksum\n            bootstrapVerifierPath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${BOOTSTRAP_VERSION}/slsa-verifier-linux-amd64`, `${bootstrapDir}/${BINARY_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading bootstrap slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        if (!fileHasExpectedSha256Hash(bootstrapVerifierPath, BOOTSTRAP_VERIFIER_SHA256)) {\n            core.setFailed(`Unable to verify slsa-verifier checksum. Aborting installation.`);\n            cleanup();\n            return;\n        }\n        fs.chmodSync(bootstrapVerifierPath, 0o100);\n        let downloadedBinaryPath;\n        try {\n            // Download requested version binary and provenance\n            downloadedBinaryPath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${version}/slsa-verifier-linux-amd64`, `${installDir}/${BINARY_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        let downloadedProvenancePath;\n        try {\n            downloadedProvenancePath = yield tc.downloadTool(`https://github.com/slsa-framework/slsa-verifier/releases/download/${version}/slsa-verifier-linux-amd64.intoto.jsonl`, `${installDir}/${PROVENANCE_NAME}`);\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error downloading binary provenance: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        // Validate binary provenance\n        try {\n            const { exitCode, stdout, stderr } = yield exec.getExecOutput(`${bootstrapVerifierPath}`, [\n                \"verify-artifact\",\n                downloadedBinaryPath,\n                \"--provenance-path\",\n                downloadedProvenancePath,\n                \"--source-uri\",\n                \"github.com/slsa-framework/slsa-verifier\",\n                \"--source-tag\",\n                version,\n            ]);\n            if (exitCode !== 0) {\n                throw new Error(`Unable to verify binary provenance. Aborting installation. stdout: ${stdout}; stderr: ${stderr}`);\n            }\n        }\n        catch (error) {\n            const errMsg = error instanceof Error ? error.message : String(error);\n            core.setFailed(`Error executing slsa-verifier: ${errMsg}`);\n            cleanup();\n            return;\n        }\n        // Copy requested version to HOME directory.\n        const finalDir = `${os.homedir()}/.slsa/bin/${version}`;\n        const finalPath = `${finalDir}/${BINARY_NAME}`;\n        fs.mkdirSync(finalDir, { recursive: true });\n        fs.copyFileSync(downloadedBinaryPath, finalPath);\n        fs.chmodSync(finalPath, 0o100);\n        core.addPath(finalDir);\n        core.setOutput(\"verifier-path\", finalDir);\n        cleanup();\n    });\n}\nrun();\n","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issue = exports.issueCommand = void 0;\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\n/**\n * Commands\n *\n * Command Format:\n *   ::name key=value,key=value::message\n *\n * Examples:\n *   ::warning::This is the message\n *   ::set-env name=MY_VAR::some value\n */\nfunction issueCommand(command, properties, message) {\n    const cmd = new Command(command, properties, message);\n    process.stdout.write(cmd.toString() + os.EOL);\n}\nexports.issueCommand = issueCommand;\nfunction issue(name, message = '') {\n    issueCommand(name, {}, message);\n}\nexports.issue = issue;\nconst CMD_STRING = '::';\nclass Command {\n    constructor(command, properties, message) {\n        if (!command) {\n            command = 'missing.command';\n        }\n        this.command = command;\n        this.properties = properties;\n        this.message = message;\n    }\n    toString() {\n        let cmdStr = CMD_STRING + this.command;\n        if (this.properties && Object.keys(this.properties).length > 0) {\n            cmdStr += ' ';\n            let first = true;\n            for (const key in this.properties) {\n                if (this.properties.hasOwnProperty(key)) {\n                    const val = this.properties[key];\n                    if (val) {\n                        if (first) {\n                            first = false;\n                        }\n                        else {\n                            cmdStr += ',';\n                        }\n                        cmdStr += `${key}=${escapeProperty(val)}`;\n                    }\n                }\n            }\n        }\n        cmdStr += `${CMD_STRING}${escapeData(this.message)}`;\n        return cmdStr;\n    }\n}\nfunction escapeData(s) {\n    return utils_1.toCommandValue(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A');\n}\nfunction escapeProperty(s) {\n    return utils_1.toCommandValue(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A')\n        .replace(/:/g, '%3A')\n        .replace(/,/g, '%2C');\n}\n//# sourceMappingURL=command.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getIDToken = exports.getState = exports.saveState = exports.group = exports.endGroup = exports.startGroup = exports.info = exports.notice = exports.warning = exports.error = exports.debug = exports.isDebug = exports.setFailed = exports.setCommandEcho = exports.setOutput = exports.getBooleanInput = exports.getMultilineInput = exports.getInput = exports.addPath = exports.setSecret = exports.exportVariable = exports.ExitCode = void 0;\nconst command_1 = require(\"./command\");\nconst file_command_1 = require(\"./file-command\");\nconst utils_1 = require(\"./utils\");\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst oidc_utils_1 = require(\"./oidc-utils\");\n/**\n * The code to exit an action\n */\nvar ExitCode;\n(function (ExitCode) {\n    /**\n     * A code indicating that the action was successful\n     */\n    ExitCode[ExitCode[\"Success\"] = 0] = \"Success\";\n    /**\n     * A code indicating that the action was a failure\n     */\n    ExitCode[ExitCode[\"Failure\"] = 1] = \"Failure\";\n})(ExitCode = exports.ExitCode || (exports.ExitCode = {}));\n//-----------------------------------------------------------------------\n// Variables\n//-----------------------------------------------------------------------\n/**\n * Sets env variable for this action and future actions in the job\n * @param name the name of the variable to set\n * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction exportVariable(name, val) {\n    const convertedVal = utils_1.toCommandValue(val);\n    process.env[name] = convertedVal;\n    const filePath = process.env['GITHUB_ENV'] || '';\n    if (filePath) {\n        return file_command_1.issueFileCommand('ENV', file_command_1.prepareKeyValueMessage(name, val));\n    }\n    command_1.issueCommand('set-env', { name }, convertedVal);\n}\nexports.exportVariable = exportVariable;\n/**\n * Registers a secret which will get masked from logs\n * @param secret value of the secret\n */\nfunction setSecret(secret) {\n    command_1.issueCommand('add-mask', {}, secret);\n}\nexports.setSecret = setSecret;\n/**\n * Prepends inputPath to the PATH (for this action and future actions)\n * @param inputPath\n */\nfunction addPath(inputPath) {\n    const filePath = process.env['GITHUB_PATH'] || '';\n    if (filePath) {\n        file_command_1.issueFileCommand('PATH', inputPath);\n    }\n    else {\n        command_1.issueCommand('add-path', {}, inputPath);\n    }\n    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;\n}\nexports.addPath = addPath;\n/**\n * Gets the value of an input.\n * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed.\n * Returns an empty string if the value is not defined.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string\n */\nfunction getInput(name, options) {\n    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';\n    if (options && options.required && !val) {\n        throw new Error(`Input required and not supplied: ${name}`);\n    }\n    if (options && options.trimWhitespace === false) {\n        return val;\n    }\n    return val.trim();\n}\nexports.getInput = getInput;\n/**\n * Gets the values of an multiline input.  Each value is also trimmed.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string[]\n *\n */\nfunction getMultilineInput(name, options) {\n    const inputs = getInput(name, options)\n        .split('\\n')\n        .filter(x => x !== '');\n    if (options && options.trimWhitespace === false) {\n        return inputs;\n    }\n    return inputs.map(input => input.trim());\n}\nexports.getMultilineInput = getMultilineInput;\n/**\n * Gets the input value of the boolean type in the YAML 1.2 \"core schema\" specification.\n * Support boolean input list: `true | True | TRUE | false | False | FALSE` .\n * The return value is also in boolean type.\n * ref: https://yaml.org/spec/1.2/spec.html#id2804923\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   boolean\n */\nfunction getBooleanInput(name, options) {\n    const trueValue = ['true', 'True', 'TRUE'];\n    const falseValue = ['false', 'False', 'FALSE'];\n    const val = getInput(name, options);\n    if (trueValue.includes(val))\n        return true;\n    if (falseValue.includes(val))\n        return false;\n    throw new TypeError(`Input does not meet YAML 1.2 \"Core Schema\" specification: ${name}\\n` +\n        `Support boolean input list: \\`true | True | TRUE | false | False | FALSE\\``);\n}\nexports.getBooleanInput = getBooleanInput;\n/**\n * Sets the value of an output.\n *\n * @param     name     name of the output to set\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction setOutput(name, value) {\n    const filePath = process.env['GITHUB_OUTPUT'] || '';\n    if (filePath) {\n        return file_command_1.issueFileCommand('OUTPUT', file_command_1.prepareKeyValueMessage(name, value));\n    }\n    process.stdout.write(os.EOL);\n    command_1.issueCommand('set-output', { name }, utils_1.toCommandValue(value));\n}\nexports.setOutput = setOutput;\n/**\n * Enables or disables the echoing of commands into stdout for the rest of the step.\n * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.\n *\n */\nfunction setCommandEcho(enabled) {\n    command_1.issue('echo', enabled ? 'on' : 'off');\n}\nexports.setCommandEcho = setCommandEcho;\n//-----------------------------------------------------------------------\n// Results\n//-----------------------------------------------------------------------\n/**\n * Sets the action status to failed.\n * When the action exits it will be with an exit code of 1\n * @param message add error issue message\n */\nfunction setFailed(message) {\n    process.exitCode = ExitCode.Failure;\n    error(message);\n}\nexports.setFailed = setFailed;\n//-----------------------------------------------------------------------\n// Logging Commands\n//-----------------------------------------------------------------------\n/**\n * Gets whether Actions Step Debug is on or not\n */\nfunction isDebug() {\n    return process.env['RUNNER_DEBUG'] === '1';\n}\nexports.isDebug = isDebug;\n/**\n * Writes debug message to user log\n * @param message debug message\n */\nfunction debug(message) {\n    command_1.issueCommand('debug', {}, message);\n}\nexports.debug = debug;\n/**\n * Adds an error issue\n * @param message error issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction error(message, properties = {}) {\n    command_1.issueCommand('error', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.error = error;\n/**\n * Adds a warning issue\n * @param message warning issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction warning(message, properties = {}) {\n    command_1.issueCommand('warning', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.warning = warning;\n/**\n * Adds a notice issue\n * @param message notice issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction notice(message, properties = {}) {\n    command_1.issueCommand('notice', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);\n}\nexports.notice = notice;\n/**\n * Writes info to log with console.log.\n * @param message info message\n */\nfunction info(message) {\n    process.stdout.write(message + os.EOL);\n}\nexports.info = info;\n/**\n * Begin an output group.\n *\n * Output until the next `groupEnd` will be foldable in this group\n *\n * @param name The name of the output group\n */\nfunction startGroup(name) {\n    command_1.issue('group', name);\n}\nexports.startGroup = startGroup;\n/**\n * End an output group.\n */\nfunction endGroup() {\n    command_1.issue('endgroup');\n}\nexports.endGroup = endGroup;\n/**\n * Wrap an asynchronous function call in a group.\n *\n * Returns the same type as the function itself.\n *\n * @param name The name of the group\n * @param fn The function to wrap in the group\n */\nfunction group(name, fn) {\n    return __awaiter(this, void 0, void 0, function* () {\n        startGroup(name);\n        let result;\n        try {\n            result = yield fn();\n        }\n        finally {\n            endGroup();\n        }\n        return result;\n    });\n}\nexports.group = group;\n//-----------------------------------------------------------------------\n// Wrapper action state\n//-----------------------------------------------------------------------\n/**\n * Saves state for current action, the state can only be retrieved by this action's post job execution.\n *\n * @param     name     name of the state to store\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction saveState(name, value) {\n    const filePath = process.env['GITHUB_STATE'] || '';\n    if (filePath) {\n        return file_command_1.issueFileCommand('STATE', file_command_1.prepareKeyValueMessage(name, value));\n    }\n    command_1.issueCommand('save-state', { name }, utils_1.toCommandValue(value));\n}\nexports.saveState = saveState;\n/**\n * Gets the value of an state set by this action's main execution.\n *\n * @param     name     name of the state to get\n * @returns   string\n */\nfunction getState(name) {\n    return process.env[`STATE_${name}`] || '';\n}\nexports.getState = getState;\nfunction getIDToken(aud) {\n    return __awaiter(this, void 0, void 0, function* () {\n        return yield oidc_utils_1.OidcClient.getIDToken(aud);\n    });\n}\nexports.getIDToken = getIDToken;\n/**\n * Summary exports\n */\nvar summary_1 = require(\"./summary\");\nObject.defineProperty(exports, \"summary\", { enumerable: true, get: function () { return summary_1.summary; } });\n/**\n * @deprecated use core.summary\n */\nvar summary_2 = require(\"./summary\");\nObject.defineProperty(exports, \"markdownSummary\", { enumerable: true, get: function () { return summary_2.markdownSummary; } });\n/**\n * Path exports\n */\nvar path_utils_1 = require(\"./path-utils\");\nObject.defineProperty(exports, \"toPosixPath\", { enumerable: true, get: function () { return path_utils_1.toPosixPath; } });\nObject.defineProperty(exports, \"toWin32Path\", { enumerable: true, get: function () { return path_utils_1.toWin32Path; } });\nObject.defineProperty(exports, \"toPlatformPath\", { enumerable: true, get: function () { return path_utils_1.toPlatformPath; } });\n//# sourceMappingURL=core.js.map","\"use strict\";\n// For internal use, subject to change.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.prepareKeyValueMessage = exports.issueFileCommand = void 0;\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst uuid_1 = require(\"uuid\");\nconst utils_1 = require(\"./utils\");\nfunction issueFileCommand(command, message) {\n    const filePath = process.env[`GITHUB_${command}`];\n    if (!filePath) {\n        throw new Error(`Unable to find environment variable for file command ${command}`);\n    }\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`Missing file at path: ${filePath}`);\n    }\n    fs.appendFileSync(filePath, `${utils_1.toCommandValue(message)}${os.EOL}`, {\n        encoding: 'utf8'\n    });\n}\nexports.issueFileCommand = issueFileCommand;\nfunction prepareKeyValueMessage(key, value) {\n    const delimiter = `ghadelimiter_${uuid_1.v4()}`;\n    const convertedValue = utils_1.toCommandValue(value);\n    // These should realistically never happen, but just in case someone finds a\n    // way to exploit uuid generation let's not allow keys or values that contain\n    // the delimiter.\n    if (key.includes(delimiter)) {\n        throw new Error(`Unexpected input: name should not contain the delimiter \"${delimiter}\"`);\n    }\n    if (convertedValue.includes(delimiter)) {\n        throw new Error(`Unexpected input: value should not contain the delimiter \"${delimiter}\"`);\n    }\n    return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;\n}\nexports.prepareKeyValueMessage = prepareKeyValueMessage;\n//# sourceMappingURL=file-command.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.OidcClient = void 0;\nconst http_client_1 = require(\"@actions/http-client\");\nconst auth_1 = require(\"@actions/http-client/lib/auth\");\nconst core_1 = require(\"./core\");\nclass OidcClient {\n    static createHttpClient(allowRetry = true, maxRetry = 10) {\n        const requestOptions = {\n            allowRetries: allowRetry,\n            maxRetries: maxRetry\n        };\n        return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions);\n    }\n    static getRequestToken() {\n        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];\n        if (!token) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable');\n        }\n        return token;\n    }\n    static getIDTokenUrl() {\n        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];\n        if (!runtimeUrl) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');\n        }\n        return runtimeUrl;\n    }\n    static getCall(id_token_url) {\n        var _a;\n        return __awaiter(this, void 0, void 0, function* () {\n            const httpclient = OidcClient.createHttpClient();\n            const res = yield httpclient\n                .getJson(id_token_url)\n                .catch(error => {\n                throw new Error(`Failed to get ID Token. \\n \n        Error Code : ${error.statusCode}\\n \n        Error Message: ${error.result.message}`);\n            });\n            const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;\n            if (!id_token) {\n                throw new Error('Response json body do not have ID Token field');\n            }\n            return id_token;\n        });\n    }\n    static getIDToken(audience) {\n        return __awaiter(this, void 0, void 0, function* () {\n            try {\n                // New ID Token is requested from action service\n                let id_token_url = OidcClient.getIDTokenUrl();\n                if (audience) {\n                    const encodedAudience = encodeURIComponent(audience);\n                    id_token_url = `${id_token_url}&audience=${encodedAudience}`;\n                }\n                core_1.debug(`ID token url is ${id_token_url}`);\n                const id_token = yield OidcClient.getCall(id_token_url);\n                core_1.setSecret(id_token);\n                return id_token;\n            }\n            catch (error) {\n                throw new Error(`Error message: ${error.message}`);\n            }\n        });\n    }\n}\nexports.OidcClient = OidcClient;\n//# sourceMappingURL=oidc-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = void 0;\nconst path = __importStar(require(\"path\"));\n/**\n * toPosixPath converts the given path to the posix form. On Windows, \\\\ will be\n * replaced with /.\n *\n * @param pth. Path to transform.\n * @return string Posix path.\n */\nfunction toPosixPath(pth) {\n    return pth.replace(/[\\\\]/g, '/');\n}\nexports.toPosixPath = toPosixPath;\n/**\n * toWin32Path converts the given path to the win32 form. On Linux, / will be\n * replaced with \\\\.\n *\n * @param pth. Path to transform.\n * @return string Win32 path.\n */\nfunction toWin32Path(pth) {\n    return pth.replace(/[/]/g, '\\\\');\n}\nexports.toWin32Path = toWin32Path;\n/**\n * toPlatformPath converts the given path to a platform-specific path. It does\n * this by replacing instances of / and \\ with the platform-specific path\n * separator.\n *\n * @param pth The path to platformize.\n * @return string The platform-specific path.\n */\nfunction toPlatformPath(pth) {\n    return pth.replace(/[/\\\\]/g, path.sep);\n}\nexports.toPlatformPath = toPlatformPath;\n//# sourceMappingURL=path-utils.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.summary = exports.markdownSummary = exports.SUMMARY_DOCS_URL = exports.SUMMARY_ENV_VAR = void 0;\nconst os_1 = require(\"os\");\nconst fs_1 = require(\"fs\");\nconst { access, appendFile, writeFile } = fs_1.promises;\nexports.SUMMARY_ENV_VAR = 'GITHUB_STEP_SUMMARY';\nexports.SUMMARY_DOCS_URL = 'https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary';\nclass Summary {\n    constructor() {\n        this._buffer = '';\n    }\n    /**\n     * Finds the summary file path from the environment, rejects if env var is not found or file does not exist\n     * Also checks r/w permissions.\n     *\n     * @returns step summary file path\n     */\n    filePath() {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._filePath) {\n                return this._filePath;\n            }\n            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];\n            if (!pathFromEnv) {\n                throw new Error(`Unable to find environment variable for $${exports.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);\n            }\n            try {\n                yield access(pathFromEnv, fs_1.constants.R_OK | fs_1.constants.W_OK);\n            }\n            catch (_a) {\n                throw new Error(`Unable to access summary file: '${pathFromEnv}'. Check if the file has correct read/write permissions.`);\n            }\n            this._filePath = pathFromEnv;\n            return this._filePath;\n        });\n    }\n    /**\n     * Wraps content in an HTML tag, adding any HTML attributes\n     *\n     * @param {string} tag HTML tag to wrap\n     * @param {string | null} content content within the tag\n     * @param {[attribute: string]: string} attrs key-value list of HTML attributes to add\n     *\n     * @returns {string} content wrapped in HTML element\n     */\n    wrap(tag, content, attrs = {}) {\n        const htmlAttrs = Object.entries(attrs)\n            .map(([key, value]) => ` ${key}=\"${value}\"`)\n            .join('');\n        if (!content) {\n            return `<${tag}${htmlAttrs}>`;\n        }\n        return `<${tag}${htmlAttrs}>${content}</${tag}>`;\n    }\n    /**\n     * Writes text in the buffer to the summary buffer file and empties buffer. Will append by default.\n     *\n     * @param {SummaryWriteOptions} [options] (optional) options for write operation\n     *\n     * @returns {Promise<Summary>} summary instance\n     */\n    write(options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);\n            const filePath = yield this.filePath();\n            const writeFunc = overwrite ? writeFile : appendFile;\n            yield writeFunc(filePath, this._buffer, { encoding: 'utf8' });\n            return this.emptyBuffer();\n        });\n    }\n    /**\n     * Clears the summary buffer and wipes the summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    clear() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.emptyBuffer().write({ overwrite: true });\n        });\n    }\n    /**\n     * Returns the current summary buffer as a string\n     *\n     * @returns {string} string of summary buffer\n     */\n    stringify() {\n        return this._buffer;\n    }\n    /**\n     * If the summary buffer is empty\n     *\n     * @returns {boolen} true if the buffer is empty\n     */\n    isEmptyBuffer() {\n        return this._buffer.length === 0;\n    }\n    /**\n     * Resets the summary buffer without writing to summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    emptyBuffer() {\n        this._buffer = '';\n        return this;\n    }\n    /**\n     * Adds raw text to the summary buffer\n     *\n     * @param {string} text content to add\n     * @param {boolean} [addEOL=false] (optional) append an EOL to the raw text (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addRaw(text, addEOL = false) {\n        this._buffer += text;\n        return addEOL ? this.addEOL() : this;\n    }\n    /**\n     * Adds the operating system-specific end-of-line marker to the buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addEOL() {\n        return this.addRaw(os_1.EOL);\n    }\n    /**\n     * Adds an HTML codeblock to the summary buffer\n     *\n     * @param {string} code content to render within fenced code block\n     * @param {string} lang (optional) language to syntax highlight code\n     *\n     * @returns {Summary} summary instance\n     */\n    addCodeBlock(code, lang) {\n        const attrs = Object.assign({}, (lang && { lang }));\n        const element = this.wrap('pre', this.wrap('code', code), attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML list to the summary buffer\n     *\n     * @param {string[]} items list of items to render\n     * @param {boolean} [ordered=false] (optional) if the rendered list should be ordered or not (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addList(items, ordered = false) {\n        const tag = ordered ? 'ol' : 'ul';\n        const listItems = items.map(item => this.wrap('li', item)).join('');\n        const element = this.wrap(tag, listItems);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML table to the summary buffer\n     *\n     * @param {SummaryTableCell[]} rows table rows\n     *\n     * @returns {Summary} summary instance\n     */\n    addTable(rows) {\n        const tableBody = rows\n            .map(row => {\n            const cells = row\n                .map(cell => {\n                if (typeof cell === 'string') {\n                    return this.wrap('td', cell);\n                }\n                const { header, data, colspan, rowspan } = cell;\n                const tag = header ? 'th' : 'td';\n                const attrs = Object.assign(Object.assign({}, (colspan && { colspan })), (rowspan && { rowspan }));\n                return this.wrap(tag, data, attrs);\n            })\n                .join('');\n            return this.wrap('tr', cells);\n        })\n            .join('');\n        const element = this.wrap('table', tableBody);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds a collapsable HTML details element to the summary buffer\n     *\n     * @param {string} label text for the closed state\n     * @param {string} content collapsable content\n     *\n     * @returns {Summary} summary instance\n     */\n    addDetails(label, content) {\n        const element = this.wrap('details', this.wrap('summary', label) + content);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML image tag to the summary buffer\n     *\n     * @param {string} src path to the image you to embed\n     * @param {string} alt text description of the image\n     * @param {SummaryImageOptions} options (optional) addition image attributes\n     *\n     * @returns {Summary} summary instance\n     */\n    addImage(src, alt, options) {\n        const { width, height } = options || {};\n        const attrs = Object.assign(Object.assign({}, (width && { width })), (height && { height }));\n        const element = this.wrap('img', null, Object.assign({ src, alt }, attrs));\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML section heading element\n     *\n     * @param {string} text heading text\n     * @param {number | string} [level=1] (optional) the heading level, default: 1\n     *\n     * @returns {Summary} summary instance\n     */\n    addHeading(text, level) {\n        const tag = `h${level}`;\n        const allowedTag = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'].includes(tag)\n            ? tag\n            : 'h1';\n        const element = this.wrap(allowedTag, text);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML thematic break (<hr>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addSeparator() {\n        const element = this.wrap('hr', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML line break (<br>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addBreak() {\n        const element = this.wrap('br', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML blockquote to the summary buffer\n     *\n     * @param {string} text quote text\n     * @param {string} cite (optional) citation url\n     *\n     * @returns {Summary} summary instance\n     */\n    addQuote(text, cite) {\n        const attrs = Object.assign({}, (cite && { cite }));\n        const element = this.wrap('blockquote', text, attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML anchor tag to the summary buffer\n     *\n     * @param {string} text link text/content\n     * @param {string} href hyperlink\n     *\n     * @returns {Summary} summary instance\n     */\n    addLink(text, href) {\n        const element = this.wrap('a', text, { href });\n        return this.addRaw(element).addEOL();\n    }\n}\nconst _summary = new Summary();\n/**\n * @deprecated use `core.summary`\n */\nexports.markdownSummary = _summary;\nexports.summary = _summary;\n//# sourceMappingURL=summary.js.map","\"use strict\";\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toCommandProperties = exports.toCommandValue = void 0;\n/**\n * Sanitizes an input into a string so it can be passed into issueCommand safely\n * @param input input to sanitize into a string\n */\nfunction toCommandValue(input) {\n    if (input === null || input === undefined) {\n        return '';\n    }\n    else if (typeof input === 'string' || input instanceof String) {\n        return input;\n    }\n    return JSON.stringify(input);\n}\nexports.toCommandValue = toCommandValue;\n/**\n *\n * @param annotationProperties\n * @returns The command properties to send with the actual annotation command\n * See IssueCommandProperties: https://github.com/actions/runner/blob/main/src/Runner.Worker/ActionCommandManager.cs#L646\n */\nfunction toCommandProperties(annotationProperties) {\n    if (!Object.keys(annotationProperties).length) {\n        return {};\n    }\n    return {\n        title: annotationProperties.title,\n        file: annotationProperties.file,\n        line: annotationProperties.startLine,\n        endLine: annotationProperties.endLine,\n        col: annotationProperties.startColumn,\n        endColumn: annotationProperties.endColumn\n    };\n}\nexports.toCommandProperties = toCommandProperties;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getExecOutput = exports.exec = void 0;\nconst string_decoder_1 = require(\"string_decoder\");\nconst tr = __importStar(require(\"./toolrunner\"));\n/**\n * Exec a command.\n * Output will be streamed to the live console.\n * Returns promise with return code\n *\n * @param     commandLine        command to execute (can include additional args). Must be correctly escaped.\n * @param     args               optional arguments for tool. Escaping is handled by the lib.\n * @param     options            optional exec options.  See ExecOptions\n * @returns   Promise<number>    exit code\n */\nfunction exec(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const commandArgs = tr.argStringToArray(commandLine);\n        if (commandArgs.length === 0) {\n            throw new Error(`Parameter 'commandLine' cannot be null or empty.`);\n        }\n        // Path to tool to execute should be first arg\n        const toolPath = commandArgs[0];\n        args = commandArgs.slice(1).concat(args || []);\n        const runner = new tr.ToolRunner(toolPath, args, options);\n        return runner.exec();\n    });\n}\nexports.exec = exec;\n/**\n * Exec a command and get the output.\n * Output will be streamed to the live console.\n * Returns promise with the exit code and collected stdout and stderr\n *\n * @param     commandLine           command to execute (can include additional args). Must be correctly escaped.\n * @param     args                  optional arguments for tool. Escaping is handled by the lib.\n * @param     options               optional exec options.  See ExecOptions\n * @returns   Promise<ExecOutput>   exit code, stdout, and stderr\n */\nfunction getExecOutput(commandLine, args, options) {\n    var _a, _b;\n    return __awaiter(this, void 0, void 0, function* () {\n        let stdout = '';\n        let stderr = '';\n        //Using string decoder covers the case where a mult-byte character is split\n        const stdoutDecoder = new string_decoder_1.StringDecoder('utf8');\n        const stderrDecoder = new string_decoder_1.StringDecoder('utf8');\n        const originalStdoutListener = (_a = options === null || options === void 0 ? void 0 : options.listeners) === null || _a === void 0 ? void 0 : _a.stdout;\n        const originalStdErrListener = (_b = options === null || options === void 0 ? void 0 : options.listeners) === null || _b === void 0 ? void 0 : _b.stderr;\n        const stdErrListener = (data) => {\n            stderr += stderrDecoder.write(data);\n            if (originalStdErrListener) {\n                originalStdErrListener(data);\n            }\n        };\n        const stdOutListener = (data) => {\n            stdout += stdoutDecoder.write(data);\n            if (originalStdoutListener) {\n                originalStdoutListener(data);\n            }\n        };\n        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });\n        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));\n        //flush any remaining characters\n        stdout += stdoutDecoder.end();\n        stderr += stderrDecoder.end();\n        return {\n            exitCode,\n            stdout,\n            stderr\n        };\n    });\n}\nexports.getExecOutput = getExecOutput;\n//# sourceMappingURL=exec.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.argStringToArray = exports.ToolRunner = void 0;\nconst os = __importStar(require(\"os\"));\nconst events = __importStar(require(\"events\"));\nconst child = __importStar(require(\"child_process\"));\nconst path = __importStar(require(\"path\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst ioUtil = __importStar(require(\"@actions/io/lib/io-util\"));\nconst timers_1 = require(\"timers\");\n/* eslint-disable @typescript-eslint/unbound-method */\nconst IS_WINDOWS = process.platform === 'win32';\n/*\n * Class for running command line tools. Handles quoting and arg parsing in a platform agnostic way.\n */\nclass ToolRunner extends events.EventEmitter {\n    constructor(toolPath, args, options) {\n        super();\n        if (!toolPath) {\n            throw new Error(\"Parameter 'toolPath' cannot be null or empty.\");\n        }\n        this.toolPath = toolPath;\n        this.args = args || [];\n        this.options = options || {};\n    }\n    _debug(message) {\n        if (this.options.listeners && this.options.listeners.debug) {\n            this.options.listeners.debug(message);\n        }\n    }\n    _getCommandString(options, noPrefix) {\n        const toolPath = this._getSpawnFileName();\n        const args = this._getSpawnArgs(options);\n        let cmd = noPrefix ? '' : '[command]'; // omit prefix when piped to a second tool\n        if (IS_WINDOWS) {\n            // Windows + cmd file\n            if (this._isCmdFile()) {\n                cmd += toolPath;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows + verbatim\n            else if (options.windowsVerbatimArguments) {\n                cmd += `\"${toolPath}\"`;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows (regular)\n            else {\n                cmd += this._windowsQuoteCmdArg(toolPath);\n                for (const a of args) {\n                    cmd += ` ${this._windowsQuoteCmdArg(a)}`;\n                }\n            }\n        }\n        else {\n            // OSX/Linux - this can likely be improved with some form of quoting.\n            // creating processes on Unix is fundamentally different than Windows.\n            // on Unix, execvp() takes an arg array.\n            cmd += toolPath;\n            for (const a of args) {\n                cmd += ` ${a}`;\n            }\n        }\n        return cmd;\n    }\n    _processLineBuffer(data, strBuffer, onLine) {\n        try {\n            let s = strBuffer + data.toString();\n            let n = s.indexOf(os.EOL);\n            while (n > -1) {\n                const line = s.substring(0, n);\n                onLine(line);\n                // the rest of the string ...\n                s = s.substring(n + os.EOL.length);\n                n = s.indexOf(os.EOL);\n            }\n            return s;\n        }\n        catch (err) {\n            // streaming lines to console is best effort.  Don't fail a build.\n            this._debug(`error processing line. Failed with error ${err}`);\n            return '';\n        }\n    }\n    _getSpawnFileName() {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                return process.env['COMSPEC'] || 'cmd.exe';\n            }\n        }\n        return this.toolPath;\n    }\n    _getSpawnArgs(options) {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                let argline = `/D /S /C \"${this._windowsQuoteCmdArg(this.toolPath)}`;\n                for (const a of this.args) {\n                    argline += ' ';\n                    argline += options.windowsVerbatimArguments\n                        ? a\n                        : this._windowsQuoteCmdArg(a);\n                }\n                argline += '\"';\n                return [argline];\n            }\n        }\n        return this.args;\n    }\n    _endsWith(str, end) {\n        return str.endsWith(end);\n    }\n    _isCmdFile() {\n        const upperToolPath = this.toolPath.toUpperCase();\n        return (this._endsWith(upperToolPath, '.CMD') ||\n            this._endsWith(upperToolPath, '.BAT'));\n    }\n    _windowsQuoteCmdArg(arg) {\n        // for .exe, apply the normal quoting rules that libuv applies\n        if (!this._isCmdFile()) {\n            return this._uvQuoteCmdArg(arg);\n        }\n        // otherwise apply quoting rules specific to the cmd.exe command line parser.\n        // the libuv rules are generic and are not designed specifically for cmd.exe\n        // command line parser.\n        //\n        // for a detailed description of the cmd.exe command line parser, refer to\n        // http://stackoverflow.com/questions/4094699/how-does-the-windows-command-interpreter-cmd-exe-parse-scripts/7970912#7970912\n        // need quotes for empty arg\n        if (!arg) {\n            return '\"\"';\n        }\n        // determine whether the arg needs to be quoted\n        const cmdSpecialChars = [\n            ' ',\n            '\\t',\n            '&',\n            '(',\n            ')',\n            '[',\n            ']',\n            '{',\n            '}',\n            '^',\n            '=',\n            ';',\n            '!',\n            \"'\",\n            '+',\n            ',',\n            '`',\n            '~',\n            '|',\n            '<',\n            '>',\n            '\"'\n        ];\n        let needsQuotes = false;\n        for (const char of arg) {\n            if (cmdSpecialChars.some(x => x === char)) {\n                needsQuotes = true;\n                break;\n            }\n        }\n        // short-circuit if quotes not needed\n        if (!needsQuotes) {\n            return arg;\n        }\n        // the following quoting rules are very similar to the rules that by libuv applies.\n        //\n        // 1) wrap the string in quotes\n        //\n        // 2) double-up quotes - i.e. \" => \"\"\n        //\n        //    this is different from the libuv quoting rules. libuv replaces \" with \\\", which unfortunately\n        //    doesn't work well with a cmd.exe command line.\n        //\n        //    note, replacing \" with \"\" also works well if the arg is passed to a downstream .NET console app.\n        //    for example, the command line:\n        //          foo.exe \"myarg:\"\"my val\"\"\"\n        //    is parsed by a .NET console app into an arg array:\n        //          [ \"myarg:\\\"my val\\\"\" ]\n        //    which is the same end result when applying libuv quoting rules. although the actual\n        //    command line from libuv quoting rules would look like:\n        //          foo.exe \"myarg:\\\"my val\\\"\"\n        //\n        // 3) double-up slashes that precede a quote,\n        //    e.g.  hello \\world    => \"hello \\world\"\n        //          hello\\\"world    => \"hello\\\\\"\"world\"\n        //          hello\\\\\"world   => \"hello\\\\\\\\\"\"world\"\n        //          hello world\\    => \"hello world\\\\\"\n        //\n        //    technically this is not required for a cmd.exe command line, or the batch argument parser.\n        //    the reasons for including this as a .cmd quoting rule are:\n        //\n        //    a) this is optimized for the scenario where the argument is passed from the .cmd file to an\n        //       external program. many programs (e.g. .NET console apps) rely on the slash-doubling rule.\n        //\n        //    b) it's what we've been doing previously (by deferring to node default behavior) and we\n        //       haven't heard any complaints about that aspect.\n        //\n        // note, a weakness of the quoting rules chosen here, is that % is not escaped. in fact, % cannot be\n        // escaped when used on the command line directly - even though within a .cmd file % can be escaped\n        // by using %%.\n        //\n        // the saving grace is, on the command line, %var% is left as-is if var is not defined. this contrasts\n        // the line parsing rules within a .cmd file, where if var is not defined it is replaced with nothing.\n        //\n        // one option that was explored was replacing % with ^% - i.e. %var% => ^%var^%. this hack would\n        // often work, since it is unlikely that var^ would exist, and the ^ character is removed when the\n        // variable is used. the problem, however, is that ^ is not removed when %* is used to pass the args\n        // to an external program.\n        //\n        // an unexplored potential solution for the % escaping problem, is to create a wrapper .cmd file.\n        // % can be escaped within a .cmd file.\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\'; // double the slash\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\"'; // double the quote\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse\n            .split('')\n            .reverse()\n            .join('');\n    }\n    _uvQuoteCmdArg(arg) {\n        // Tool runner wraps child_process.spawn() and needs to apply the same quoting as\n        // Node in certain cases where the undocumented spawn option windowsVerbatimArguments\n        // is used.\n        //\n        // Since this function is a port of quote_cmd_arg from Node 4.x (technically, lib UV,\n        // see https://github.com/nodejs/node/blob/v4.x/deps/uv/src/win/process.c for details),\n        // pasting copyright notice from Node within this function:\n        //\n        //      Copyright Joyent, Inc. and other Node contributors. All rights reserved.\n        //\n        //      Permission is hereby granted, free of charge, to any person obtaining a copy\n        //      of this software and associated documentation files (the \"Software\"), to\n        //      deal in the Software without restriction, including without limitation the\n        //      rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n        //      sell copies of the Software, and to permit persons to whom the Software is\n        //      furnished to do so, subject to the following conditions:\n        //\n        //      The above copyright notice and this permission notice shall be included in\n        //      all copies or substantial portions of the Software.\n        //\n        //      THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n        //      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n        //      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n        //      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n        //      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n        //      FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n        //      IN THE SOFTWARE.\n        if (!arg) {\n            // Need double quotation for empty argument\n            return '\"\"';\n        }\n        if (!arg.includes(' ') && !arg.includes('\\t') && !arg.includes('\"')) {\n            // No quotation needed\n            return arg;\n        }\n        if (!arg.includes('\"') && !arg.includes('\\\\')) {\n            // No embedded double quotes or backslashes, so I can just wrap\n            // quote marks around the whole thing.\n            return `\"${arg}\"`;\n        }\n        // Expected input/output:\n        //   input : hello\"world\n        //   output: \"hello\\\"world\"\n        //   input : hello\"\"world\n        //   output: \"hello\\\"\\\"world\"\n        //   input : hello\\world\n        //   output: hello\\world\n        //   input : hello\\\\world\n        //   output: hello\\\\world\n        //   input : hello\\\"world\n        //   output: \"hello\\\\\\\"world\"\n        //   input : hello\\\\\"world\n        //   output: \"hello\\\\\\\\\\\"world\"\n        //   input : hello world\\\n        //   output: \"hello world\\\\\" - note the comment in libuv actually reads \"hello world\\\"\n        //                             but it appears the comment is wrong, it should be \"hello world\\\\\"\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\';\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\\\\';\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse\n            .split('')\n            .reverse()\n            .join('');\n    }\n    _cloneExecOptions(options) {\n        options = options || {};\n        const result = {\n            cwd: options.cwd || process.cwd(),\n            env: options.env || process.env,\n            silent: options.silent || false,\n            windowsVerbatimArguments: options.windowsVerbatimArguments || false,\n            failOnStdErr: options.failOnStdErr || false,\n            ignoreReturnCode: options.ignoreReturnCode || false,\n            delay: options.delay || 10000\n        };\n        result.outStream = options.outStream || process.stdout;\n        result.errStream = options.errStream || process.stderr;\n        return result;\n    }\n    _getSpawnOptions(options, toolPath) {\n        options = options || {};\n        const result = {};\n        result.cwd = options.cwd;\n        result.env = options.env;\n        result['windowsVerbatimArguments'] =\n            options.windowsVerbatimArguments || this._isCmdFile();\n        if (options.windowsVerbatimArguments) {\n            result.argv0 = `\"${toolPath}\"`;\n        }\n        return result;\n    }\n    /**\n     * Exec a tool.\n     * Output will be streamed to the live console.\n     * Returns promise with return code\n     *\n     * @param     tool     path to tool to exec\n     * @param     options  optional exec options.  See ExecOptions\n     * @returns   number\n     */\n    exec() {\n        return __awaiter(this, void 0, void 0, function* () {\n            // root the tool path if it is unrooted and contains relative pathing\n            if (!ioUtil.isRooted(this.toolPath) &&\n                (this.toolPath.includes('/') ||\n                    (IS_WINDOWS && this.toolPath.includes('\\\\')))) {\n                // prefer options.cwd if it is specified, however options.cwd may also need to be rooted\n                this.toolPath = path.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath);\n            }\n            // if the tool is only a file name, then resolve it from the PATH\n            // otherwise verify it exists (add extension on Windows if necessary)\n            this.toolPath = yield io.which(this.toolPath, true);\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                this._debug(`exec tool: ${this.toolPath}`);\n                this._debug('arguments:');\n                for (const arg of this.args) {\n                    this._debug(`   ${arg}`);\n                }\n                const optionsNonNull = this._cloneExecOptions(this.options);\n                if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                    optionsNonNull.outStream.write(this._getCommandString(optionsNonNull) + os.EOL);\n                }\n                const state = new ExecState(optionsNonNull, this.toolPath);\n                state.on('debug', (message) => {\n                    this._debug(message);\n                });\n                if (this.options.cwd && !(yield ioUtil.exists(this.options.cwd))) {\n                    return reject(new Error(`The cwd: ${this.options.cwd} does not exist!`));\n                }\n                const fileName = this._getSpawnFileName();\n                const cp = child.spawn(fileName, this._getSpawnArgs(optionsNonNull), this._getSpawnOptions(this.options, fileName));\n                let stdbuffer = '';\n                if (cp.stdout) {\n                    cp.stdout.on('data', (data) => {\n                        if (this.options.listeners && this.options.listeners.stdout) {\n                            this.options.listeners.stdout(data);\n                        }\n                        if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                            optionsNonNull.outStream.write(data);\n                        }\n                        stdbuffer = this._processLineBuffer(data, stdbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.stdline) {\n                                this.options.listeners.stdline(line);\n                            }\n                        });\n                    });\n                }\n                let errbuffer = '';\n                if (cp.stderr) {\n                    cp.stderr.on('data', (data) => {\n                        state.processStderr = true;\n                        if (this.options.listeners && this.options.listeners.stderr) {\n                            this.options.listeners.stderr(data);\n                        }\n                        if (!optionsNonNull.silent &&\n                            optionsNonNull.errStream &&\n                            optionsNonNull.outStream) {\n                            const s = optionsNonNull.failOnStdErr\n                                ? optionsNonNull.errStream\n                                : optionsNonNull.outStream;\n                            s.write(data);\n                        }\n                        errbuffer = this._processLineBuffer(data, errbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.errline) {\n                                this.options.listeners.errline(line);\n                            }\n                        });\n                    });\n                }\n                cp.on('error', (err) => {\n                    state.processError = err.message;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    state.CheckComplete();\n                });\n                cp.on('exit', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    this._debug(`Exit code ${code} received from tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                cp.on('close', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    this._debug(`STDIO streams have closed for tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                state.on('done', (error, exitCode) => {\n                    if (stdbuffer.length > 0) {\n                        this.emit('stdline', stdbuffer);\n                    }\n                    if (errbuffer.length > 0) {\n                        this.emit('errline', errbuffer);\n                    }\n                    cp.removeAllListeners();\n                    if (error) {\n                        reject(error);\n                    }\n                    else {\n                        resolve(exitCode);\n                    }\n                });\n                if (this.options.input) {\n                    if (!cp.stdin) {\n                        throw new Error('child process missing stdin');\n                    }\n                    cp.stdin.end(this.options.input);\n                }\n            }));\n        });\n    }\n}\nexports.ToolRunner = ToolRunner;\n/**\n * Convert an arg string to an array of args. Handles escaping\n *\n * @param    argString   string of arguments\n * @returns  string[]    array of arguments\n */\nfunction argStringToArray(argString) {\n    const args = [];\n    let inQuotes = false;\n    let escaped = false;\n    let arg = '';\n    function append(c) {\n        // we only escape double quotes.\n        if (escaped && c !== '\"') {\n            arg += '\\\\';\n        }\n        arg += c;\n        escaped = false;\n    }\n    for (let i = 0; i < argString.length; i++) {\n        const c = argString.charAt(i);\n        if (c === '\"') {\n            if (!escaped) {\n                inQuotes = !inQuotes;\n            }\n            else {\n                append(c);\n            }\n            continue;\n        }\n        if (c === '\\\\' && escaped) {\n            append(c);\n            continue;\n        }\n        if (c === '\\\\' && inQuotes) {\n            escaped = true;\n            continue;\n        }\n        if (c === ' ' && !inQuotes) {\n            if (arg.length > 0) {\n                args.push(arg);\n                arg = '';\n            }\n            continue;\n        }\n        append(c);\n    }\n    if (arg.length > 0) {\n        args.push(arg.trim());\n    }\n    return args;\n}\nexports.argStringToArray = argStringToArray;\nclass ExecState extends events.EventEmitter {\n    constructor(options, toolPath) {\n        super();\n        this.processClosed = false; // tracks whether the process has exited and stdio is closed\n        this.processError = '';\n        this.processExitCode = 0;\n        this.processExited = false; // tracks whether the process has exited\n        this.processStderr = false; // tracks whether stderr was written to\n        this.delay = 10000; // 10 seconds\n        this.done = false;\n        this.timeout = null;\n        if (!toolPath) {\n            throw new Error('toolPath must not be empty');\n        }\n        this.options = options;\n        this.toolPath = toolPath;\n        if (options.delay) {\n            this.delay = options.delay;\n        }\n    }\n    CheckComplete() {\n        if (this.done) {\n            return;\n        }\n        if (this.processClosed) {\n            this._setResult();\n        }\n        else if (this.processExited) {\n            this.timeout = timers_1.setTimeout(ExecState.HandleTimeout, this.delay, this);\n        }\n    }\n    _debug(message) {\n        this.emit('debug', message);\n    }\n    _setResult() {\n        // determine whether there is an error\n        let error;\n        if (this.processExited) {\n            if (this.processError) {\n                error = new Error(`There was an error when attempting to execute the process '${this.toolPath}'. This may indicate the process failed to start. Error: ${this.processError}`);\n            }\n            else if (this.processExitCode !== 0 && !this.options.ignoreReturnCode) {\n                error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);\n            }\n            else if (this.processStderr && this.options.failOnStdErr) {\n                error = new Error(`The process '${this.toolPath}' failed because one or more lines were written to the STDERR stream`);\n            }\n        }\n        // clear the timeout\n        if (this.timeout) {\n            clearTimeout(this.timeout);\n            this.timeout = null;\n        }\n        this.done = true;\n        this.emit('done', error, this.processExitCode);\n    }\n    static HandleTimeout(state) {\n        if (state.done) {\n            return;\n        }\n        if (!state.processClosed && state.processExited) {\n            const message = `The STDIO streams did not close within ${state.delay /\n                1000} seconds of the exit event from process '${state.toolPath}'. This may indicate a child process inherited the STDIO streams and has not yet exited.`;\n            state._debug(message);\n        }\n        state._setResult();\n    }\n}\n//# sourceMappingURL=toolrunner.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.Context = void 0;\nconst fs_1 = require(\"fs\");\nconst os_1 = require(\"os\");\nclass Context {\n    /**\n     * Hydrate the context from the environment\n     */\n    constructor() {\n        var _a, _b, _c;\n        this.payload = {};\n        if (process.env.GITHUB_EVENT_PATH) {\n            if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) {\n                this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));\n            }\n            else {\n                const path = process.env.GITHUB_EVENT_PATH;\n                process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`);\n            }\n        }\n        this.eventName = process.env.GITHUB_EVENT_NAME;\n        this.sha = process.env.GITHUB_SHA;\n        this.ref = process.env.GITHUB_REF;\n        this.workflow = process.env.GITHUB_WORKFLOW;\n        this.action = process.env.GITHUB_ACTION;\n        this.actor = process.env.GITHUB_ACTOR;\n        this.job = process.env.GITHUB_JOB;\n        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);\n        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);\n        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;\n        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;\n        this.graphqlUrl = (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;\n    }\n    get issue() {\n        const payload = this.payload;\n        return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number });\n    }\n    get repo() {\n        if (process.env.GITHUB_REPOSITORY) {\n            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');\n            return { owner, repo };\n        }\n        if (this.payload.repository) {\n            return {\n                owner: this.payload.repository.owner.login,\n                repo: this.payload.repository.name\n            };\n        }\n        throw new Error(\"context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'\");\n    }\n}\nexports.Context = Context;\n//# sourceMappingURL=context.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getOctokit = exports.context = void 0;\nconst Context = __importStar(require(\"./context\"));\nconst utils_1 = require(\"./utils\");\nexports.context = new Context.Context();\n/**\n * Returns a hydrated octokit ready to use for GitHub Actions\n *\n * @param     token    the repo PAT or GITHUB_TOKEN\n * @param     options  other options to set\n */\nfunction getOctokit(token, options, ...additionalPlugins) {\n    const GitHubWithPlugins = utils_1.GitHub.plugin(...additionalPlugins);\n    return new GitHubWithPlugins(utils_1.getOctokitOptions(token, options));\n}\nexports.getOctokit = getOctokit;\n//# sourceMappingURL=github.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getApiBaseUrl = exports.getProxyAgent = exports.getAuthString = void 0;\nconst httpClient = __importStar(require(\"@actions/http-client\"));\nfunction getAuthString(token, options) {\n    if (!token && !options.auth) {\n        throw new Error('Parameter token or opts.auth is required');\n    }\n    else if (token && options.auth) {\n        throw new Error('Parameters token and opts.auth may not both be specified');\n    }\n    return typeof options.auth === 'string' ? options.auth : `token ${token}`;\n}\nexports.getAuthString = getAuthString;\nfunction getProxyAgent(destinationUrl) {\n    const hc = new httpClient.HttpClient();\n    return hc.getAgent(destinationUrl);\n}\nexports.getProxyAgent = getProxyAgent;\nfunction getApiBaseUrl() {\n    return process.env['GITHUB_API_URL'] || 'https://api.github.com';\n}\nexports.getApiBaseUrl = getApiBaseUrl;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getOctokitOptions = exports.GitHub = exports.defaults = exports.context = void 0;\nconst Context = __importStar(require(\"./context\"));\nconst Utils = __importStar(require(\"./internal/utils\"));\n// octokit + plugins\nconst core_1 = require(\"@octokit/core\");\nconst plugin_rest_endpoint_methods_1 = require(\"@octokit/plugin-rest-endpoint-methods\");\nconst plugin_paginate_rest_1 = require(\"@octokit/plugin-paginate-rest\");\nexports.context = new Context.Context();\nconst baseUrl = Utils.getApiBaseUrl();\nexports.defaults = {\n    baseUrl,\n    request: {\n        agent: Utils.getProxyAgent(baseUrl)\n    }\n};\nexports.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(exports.defaults);\n/**\n * Convience function to correctly format Octokit Options to pass into the constructor.\n *\n * @param     token    the repo PAT or GITHUB_TOKEN\n * @param     options  other options to set\n */\nfunction getOctokitOptions(token, options) {\n    const opts = Object.assign({}, options || {}); // Shallow clone - don't mutate the object provided by the caller\n    // Auth\n    const auth = Utils.getAuthString(token, opts);\n    if (auth) {\n        opts.auth = auth;\n    }\n    return opts;\n}\nexports.getOctokitOptions = getOctokitOptions;\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.PersonalAccessTokenCredentialHandler = exports.BearerCredentialHandler = exports.BasicCredentialHandler = void 0;\nclass BasicCredentialHandler {\n    constructor(username, password) {\n        this.username = username;\n        this.password = password;\n    }\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`${this.username}:${this.password}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BasicCredentialHandler = BasicCredentialHandler;\nclass BearerCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Bearer ${this.token}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BearerCredentialHandler = BearerCredentialHandler;\nclass PersonalAccessTokenCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`PAT:${this.token}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;\n//# sourceMappingURL=auth.js.map","\"use strict\";\n/* eslint-disable @typescript-eslint/no-explicit-any */\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.HttpClient = exports.isHttps = exports.HttpClientResponse = exports.HttpClientError = exports.getProxyUrl = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;\nconst http = __importStar(require(\"http\"));\nconst https = __importStar(require(\"https\"));\nconst pm = __importStar(require(\"./proxy\"));\nconst tunnel = __importStar(require(\"tunnel\"));\nvar HttpCodes;\n(function (HttpCodes) {\n    HttpCodes[HttpCodes[\"OK\"] = 200] = \"OK\";\n    HttpCodes[HttpCodes[\"MultipleChoices\"] = 300] = \"MultipleChoices\";\n    HttpCodes[HttpCodes[\"MovedPermanently\"] = 301] = \"MovedPermanently\";\n    HttpCodes[HttpCodes[\"ResourceMoved\"] = 302] = \"ResourceMoved\";\n    HttpCodes[HttpCodes[\"SeeOther\"] = 303] = \"SeeOther\";\n    HttpCodes[HttpCodes[\"NotModified\"] = 304] = \"NotModified\";\n    HttpCodes[HttpCodes[\"UseProxy\"] = 305] = \"UseProxy\";\n    HttpCodes[HttpCodes[\"SwitchProxy\"] = 306] = \"SwitchProxy\";\n    HttpCodes[HttpCodes[\"TemporaryRedirect\"] = 307] = \"TemporaryRedirect\";\n    HttpCodes[HttpCodes[\"PermanentRedirect\"] = 308] = \"PermanentRedirect\";\n    HttpCodes[HttpCodes[\"BadRequest\"] = 400] = \"BadRequest\";\n    HttpCodes[HttpCodes[\"Unauthorized\"] = 401] = \"Unauthorized\";\n    HttpCodes[HttpCodes[\"PaymentRequired\"] = 402] = \"PaymentRequired\";\n    HttpCodes[HttpCodes[\"Forbidden\"] = 403] = \"Forbidden\";\n    HttpCodes[HttpCodes[\"NotFound\"] = 404] = \"NotFound\";\n    HttpCodes[HttpCodes[\"MethodNotAllowed\"] = 405] = \"MethodNotAllowed\";\n    HttpCodes[HttpCodes[\"NotAcceptable\"] = 406] = \"NotAcceptable\";\n    HttpCodes[HttpCodes[\"ProxyAuthenticationRequired\"] = 407] = \"ProxyAuthenticationRequired\";\n    HttpCodes[HttpCodes[\"RequestTimeout\"] = 408] = \"RequestTimeout\";\n    HttpCodes[HttpCodes[\"Conflict\"] = 409] = \"Conflict\";\n    HttpCodes[HttpCodes[\"Gone\"] = 410] = \"Gone\";\n    HttpCodes[HttpCodes[\"TooManyRequests\"] = 429] = \"TooManyRequests\";\n    HttpCodes[HttpCodes[\"InternalServerError\"] = 500] = \"InternalServerError\";\n    HttpCodes[HttpCodes[\"NotImplemented\"] = 501] = \"NotImplemented\";\n    HttpCodes[HttpCodes[\"BadGateway\"] = 502] = \"BadGateway\";\n    HttpCodes[HttpCodes[\"ServiceUnavailable\"] = 503] = \"ServiceUnavailable\";\n    HttpCodes[HttpCodes[\"GatewayTimeout\"] = 504] = \"GatewayTimeout\";\n})(HttpCodes = exports.HttpCodes || (exports.HttpCodes = {}));\nvar Headers;\n(function (Headers) {\n    Headers[\"Accept\"] = \"accept\";\n    Headers[\"ContentType\"] = \"content-type\";\n})(Headers = exports.Headers || (exports.Headers = {}));\nvar MediaTypes;\n(function (MediaTypes) {\n    MediaTypes[\"ApplicationJson\"] = \"application/json\";\n})(MediaTypes = exports.MediaTypes || (exports.MediaTypes = {}));\n/**\n * Returns the proxy URL, depending upon the supplied url and proxy environment variables.\n * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n */\nfunction getProxyUrl(serverUrl) {\n    const proxyUrl = pm.getProxyUrl(new URL(serverUrl));\n    return proxyUrl ? proxyUrl.href : '';\n}\nexports.getProxyUrl = getProxyUrl;\nconst HttpRedirectCodes = [\n    HttpCodes.MovedPermanently,\n    HttpCodes.ResourceMoved,\n    HttpCodes.SeeOther,\n    HttpCodes.TemporaryRedirect,\n    HttpCodes.PermanentRedirect\n];\nconst HttpResponseRetryCodes = [\n    HttpCodes.BadGateway,\n    HttpCodes.ServiceUnavailable,\n    HttpCodes.GatewayTimeout\n];\nconst RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD'];\nconst ExponentialBackoffCeiling = 10;\nconst ExponentialBackoffTimeSlice = 5;\nclass HttpClientError extends Error {\n    constructor(message, statusCode) {\n        super(message);\n        this.name = 'HttpClientError';\n        this.statusCode = statusCode;\n        Object.setPrototypeOf(this, HttpClientError.prototype);\n    }\n}\nexports.HttpClientError = HttpClientError;\nclass HttpClientResponse {\n    constructor(message) {\n        this.message = message;\n    }\n    readBody() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                let output = Buffer.alloc(0);\n                this.message.on('data', (chunk) => {\n                    output = Buffer.concat([output, chunk]);\n                });\n                this.message.on('end', () => {\n                    resolve(output.toString());\n                });\n            }));\n        });\n    }\n}\nexports.HttpClientResponse = HttpClientResponse;\nfunction isHttps(requestUrl) {\n    const parsedUrl = new URL(requestUrl);\n    return parsedUrl.protocol === 'https:';\n}\nexports.isHttps = isHttps;\nclass HttpClient {\n    constructor(userAgent, handlers, requestOptions) {\n        this._ignoreSslError = false;\n        this._allowRedirects = true;\n        this._allowRedirectDowngrade = false;\n        this._maxRedirects = 50;\n        this._allowRetries = false;\n        this._maxRetries = 1;\n        this._keepAlive = false;\n        this._disposed = false;\n        this.userAgent = userAgent;\n        this.handlers = handlers || [];\n        this.requestOptions = requestOptions;\n        if (requestOptions) {\n            if (requestOptions.ignoreSslError != null) {\n                this._ignoreSslError = requestOptions.ignoreSslError;\n            }\n            this._socketTimeout = requestOptions.socketTimeout;\n            if (requestOptions.allowRedirects != null) {\n                this._allowRedirects = requestOptions.allowRedirects;\n            }\n            if (requestOptions.allowRedirectDowngrade != null) {\n                this._allowRedirectDowngrade = requestOptions.allowRedirectDowngrade;\n            }\n            if (requestOptions.maxRedirects != null) {\n                this._maxRedirects = Math.max(requestOptions.maxRedirects, 0);\n            }\n            if (requestOptions.keepAlive != null) {\n                this._keepAlive = requestOptions.keepAlive;\n            }\n            if (requestOptions.allowRetries != null) {\n                this._allowRetries = requestOptions.allowRetries;\n            }\n            if (requestOptions.maxRetries != null) {\n                this._maxRetries = requestOptions.maxRetries;\n            }\n        }\n    }\n    options(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('OPTIONS', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    get(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('GET', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    del(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('DELETE', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    post(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('POST', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    patch(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PATCH', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    put(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PUT', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    head(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('HEAD', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    sendStream(verb, requestUrl, stream, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request(verb, requestUrl, stream, additionalHeaders);\n        });\n    }\n    /**\n     * Gets a typed object from an endpoint\n     * Be aware that not found returns a null.  Other errors (4xx, 5xx) reject the promise\n     */\n    getJson(requestUrl, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            const res = yield this.get(requestUrl, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    postJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.post(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    putJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.put(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    patchJson(requestUrl, obj, additionalHeaders = {}) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson);\n            const res = yield this.patch(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    /**\n     * Makes a raw http request.\n     * All other methods such as get, post, patch, and request ultimately call this.\n     * Prefer get, del, post and patch\n     */\n    request(verb, requestUrl, data, headers) {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._disposed) {\n                throw new Error('Client has already been disposed.');\n            }\n            const parsedUrl = new URL(requestUrl);\n            let info = this._prepareRequest(verb, parsedUrl, headers);\n            // Only perform retries on reads since writes may not be idempotent.\n            const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb)\n                ? this._maxRetries + 1\n                : 1;\n            let numTries = 0;\n            let response;\n            do {\n                response = yield this.requestRaw(info, data);\n                // Check if it's an authentication challenge\n                if (response &&\n                    response.message &&\n                    response.message.statusCode === HttpCodes.Unauthorized) {\n                    let authenticationHandler;\n                    for (const handler of this.handlers) {\n                        if (handler.canHandleAuthentication(response)) {\n                            authenticationHandler = handler;\n                            break;\n                        }\n                    }\n                    if (authenticationHandler) {\n                        return authenticationHandler.handleAuthentication(this, info, data);\n                    }\n                    else {\n                        // We have received an unauthorized response but have no handlers to handle it.\n                        // Let the response return to the caller.\n                        return response;\n                    }\n                }\n                let redirectsRemaining = this._maxRedirects;\n                while (response.message.statusCode &&\n                    HttpRedirectCodes.includes(response.message.statusCode) &&\n                    this._allowRedirects &&\n                    redirectsRemaining > 0) {\n                    const redirectUrl = response.message.headers['location'];\n                    if (!redirectUrl) {\n                        // if there's no location to redirect to, we won't\n                        break;\n                    }\n                    const parsedRedirectUrl = new URL(redirectUrl);\n                    if (parsedUrl.protocol === 'https:' &&\n                        parsedUrl.protocol !== parsedRedirectUrl.protocol &&\n                        !this._allowRedirectDowngrade) {\n                        throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.');\n                    }\n                    // we need to finish reading the response before reassigning response\n                    // which will leak the open socket.\n                    yield response.readBody();\n                    // strip authorization header if redirected to a different hostname\n                    if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {\n                        for (const header in headers) {\n                            // header names are case insensitive\n                            if (header.toLowerCase() === 'authorization') {\n                                delete headers[header];\n                            }\n                        }\n                    }\n                    // let's make the request with the new redirectUrl\n                    info = this._prepareRequest(verb, parsedRedirectUrl, headers);\n                    response = yield this.requestRaw(info, data);\n                    redirectsRemaining--;\n                }\n                if (!response.message.statusCode ||\n                    !HttpResponseRetryCodes.includes(response.message.statusCode)) {\n                    // If not a retry code, return immediately instead of retrying\n                    return response;\n                }\n                numTries += 1;\n                if (numTries < maxTries) {\n                    yield response.readBody();\n                    yield this._performExponentialBackoff(numTries);\n                }\n            } while (numTries < maxTries);\n            return response;\n        });\n    }\n    /**\n     * Needs to be called if keepAlive is set to true in request options.\n     */\n    dispose() {\n        if (this._agent) {\n            this._agent.destroy();\n        }\n        this._disposed = true;\n    }\n    /**\n     * Raw request.\n     * @param info\n     * @param data\n     */\n    requestRaw(info, data) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => {\n                function callbackForResult(err, res) {\n                    if (err) {\n                        reject(err);\n                    }\n                    else if (!res) {\n                        // If `err` is not passed, then `res` must be passed.\n                        reject(new Error('Unknown error'));\n                    }\n                    else {\n                        resolve(res);\n                    }\n                }\n                this.requestRawWithCallback(info, data, callbackForResult);\n            });\n        });\n    }\n    /**\n     * Raw request with callback.\n     * @param info\n     * @param data\n     * @param onResult\n     */\n    requestRawWithCallback(info, data, onResult) {\n        if (typeof data === 'string') {\n            if (!info.options.headers) {\n                info.options.headers = {};\n            }\n            info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8');\n        }\n        let callbackCalled = false;\n        function handleResult(err, res) {\n            if (!callbackCalled) {\n                callbackCalled = true;\n                onResult(err, res);\n            }\n        }\n        const req = info.httpModule.request(info.options, (msg) => {\n            const res = new HttpClientResponse(msg);\n            handleResult(undefined, res);\n        });\n        let socket;\n        req.on('socket', sock => {\n            socket = sock;\n        });\n        // If we ever get disconnected, we want the socket to timeout eventually\n        req.setTimeout(this._socketTimeout || 3 * 60000, () => {\n            if (socket) {\n                socket.end();\n            }\n            handleResult(new Error(`Request timeout: ${info.options.path}`));\n        });\n        req.on('error', function (err) {\n            // err has statusCode property\n            // res should have headers\n            handleResult(err);\n        });\n        if (data && typeof data === 'string') {\n            req.write(data, 'utf8');\n        }\n        if (data && typeof data !== 'string') {\n            data.on('close', function () {\n                req.end();\n            });\n            data.pipe(req);\n        }\n        else {\n            req.end();\n        }\n    }\n    /**\n     * Gets an http agent. This function is useful when you need an http agent that handles\n     * routing through a proxy server - depending upon the url and proxy environment variables.\n     * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n     */\n    getAgent(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        return this._getAgent(parsedUrl);\n    }\n    _prepareRequest(method, requestUrl, headers) {\n        const info = {};\n        info.parsedUrl = requestUrl;\n        const usingSsl = info.parsedUrl.protocol === 'https:';\n        info.httpModule = usingSsl ? https : http;\n        const defaultPort = usingSsl ? 443 : 80;\n        info.options = {};\n        info.options.host = info.parsedUrl.hostname;\n        info.options.port = info.parsedUrl.port\n            ? parseInt(info.parsedUrl.port)\n            : defaultPort;\n        info.options.path =\n            (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');\n        info.options.method = method;\n        info.options.headers = this._mergeHeaders(headers);\n        if (this.userAgent != null) {\n            info.options.headers['user-agent'] = this.userAgent;\n        }\n        info.options.agent = this._getAgent(info.parsedUrl);\n        // gives handlers an opportunity to participate\n        if (this.handlers) {\n            for (const handler of this.handlers) {\n                handler.prepareRequest(info.options);\n            }\n        }\n        return info;\n    }\n    _mergeHeaders(headers) {\n        if (this.requestOptions && this.requestOptions.headers) {\n            return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers || {}));\n        }\n        return lowercaseKeys(headers || {});\n    }\n    _getExistingOrDefaultHeader(additionalHeaders, header, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            clientHeader = lowercaseKeys(this.requestOptions.headers)[header];\n        }\n        return additionalHeaders[header] || clientHeader || _default;\n    }\n    _getAgent(parsedUrl) {\n        let agent;\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (this._keepAlive && useProxy) {\n            agent = this._proxyAgent;\n        }\n        if (this._keepAlive && !useProxy) {\n            agent = this._agent;\n        }\n        // if agent is already assigned use that agent.\n        if (agent) {\n            return agent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        let maxSockets = 100;\n        if (this.requestOptions) {\n            maxSockets = this.requestOptions.maxSockets || http.globalAgent.maxSockets;\n        }\n        // This is `useProxy` again, but we need to check `proxyURl` directly for TypeScripts's flow analysis.\n        if (proxyUrl && proxyUrl.hostname) {\n            const agentOptions = {\n                maxSockets,\n                keepAlive: this._keepAlive,\n                proxy: Object.assign(Object.assign({}, ((proxyUrl.username || proxyUrl.password) && {\n                    proxyAuth: `${proxyUrl.username}:${proxyUrl.password}`\n                })), { host: proxyUrl.hostname, port: proxyUrl.port })\n            };\n            let tunnelAgent;\n            const overHttps = proxyUrl.protocol === 'https:';\n            if (usingSsl) {\n                tunnelAgent = overHttps ? tunnel.httpsOverHttps : tunnel.httpsOverHttp;\n            }\n            else {\n                tunnelAgent = overHttps ? tunnel.httpOverHttps : tunnel.httpOverHttp;\n            }\n            agent = tunnelAgent(agentOptions);\n            this._proxyAgent = agent;\n        }\n        // if reusing agent across request and tunneling agent isn't assigned create a new agent\n        if (this._keepAlive && !agent) {\n            const options = { keepAlive: this._keepAlive, maxSockets };\n            agent = usingSsl ? new https.Agent(options) : new http.Agent(options);\n            this._agent = agent;\n        }\n        // if not using private agent and tunnel agent isn't setup then use global agent\n        if (!agent) {\n            agent = usingSsl ? https.globalAgent : http.globalAgent;\n        }\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            agent.options = Object.assign(agent.options || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return agent;\n    }\n    _performExponentialBackoff(retryNumber) {\n        return __awaiter(this, void 0, void 0, function* () {\n            retryNumber = Math.min(ExponentialBackoffCeiling, retryNumber);\n            const ms = ExponentialBackoffTimeSlice * Math.pow(2, retryNumber);\n            return new Promise(resolve => setTimeout(() => resolve(), ms));\n        });\n    }\n    _processResponse(res, options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                const statusCode = res.message.statusCode || 0;\n                const response = {\n                    statusCode,\n                    result: null,\n                    headers: {}\n                };\n                // not found leads to null obj returned\n                if (statusCode === HttpCodes.NotFound) {\n                    resolve(response);\n                }\n                // get the result from the body\n                function dateTimeDeserializer(key, value) {\n                    if (typeof value === 'string') {\n                        const a = new Date(value);\n                        if (!isNaN(a.valueOf())) {\n                            return a;\n                        }\n                    }\n                    return value;\n                }\n                let obj;\n                let contents;\n                try {\n                    contents = yield res.readBody();\n                    if (contents && contents.length > 0) {\n                        if (options && options.deserializeDates) {\n                            obj = JSON.parse(contents, dateTimeDeserializer);\n                        }\n                        else {\n                            obj = JSON.parse(contents);\n                        }\n                        response.result = obj;\n                    }\n                    response.headers = res.message.headers;\n                }\n                catch (err) {\n                    // Invalid resource (contents not json);  leaving result obj null\n                }\n                // note that 3xx redirects are handled by the http layer.\n                if (statusCode > 299) {\n                    let msg;\n                    // if exception/error in body, attempt to get better error\n                    if (obj && obj.message) {\n                        msg = obj.message;\n                    }\n                    else if (contents && contents.length > 0) {\n                        // it may be the case that the exception is in the body message as string\n                        msg = contents;\n                    }\n                    else {\n                        msg = `Failed request: (${statusCode})`;\n                    }\n                    const err = new HttpClientError(msg, statusCode);\n                    err.result = response.result;\n                    reject(err);\n                }\n                else {\n                    resolve(response);\n                }\n            }));\n        });\n    }\n}\nexports.HttpClient = HttpClient;\nconst lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});\n//# sourceMappingURL=index.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.checkBypass = exports.getProxyUrl = void 0;\nfunction getProxyUrl(reqUrl) {\n    const usingSsl = reqUrl.protocol === 'https:';\n    if (checkBypass(reqUrl)) {\n        return undefined;\n    }\n    const proxyVar = (() => {\n        if (usingSsl) {\n            return process.env['https_proxy'] || process.env['HTTPS_PROXY'];\n        }\n        else {\n            return process.env['http_proxy'] || process.env['HTTP_PROXY'];\n        }\n    })();\n    if (proxyVar) {\n        return new URL(proxyVar);\n    }\n    else {\n        return undefined;\n    }\n}\nexports.getProxyUrl = getProxyUrl;\nfunction checkBypass(reqUrl) {\n    if (!reqUrl.hostname) {\n        return false;\n    }\n    const noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || '';\n    if (!noProxy) {\n        return false;\n    }\n    // Determine the request port\n    let reqPort;\n    if (reqUrl.port) {\n        reqPort = Number(reqUrl.port);\n    }\n    else if (reqUrl.protocol === 'http:') {\n        reqPort = 80;\n    }\n    else if (reqUrl.protocol === 'https:') {\n        reqPort = 443;\n    }\n    // Format the request hostname and hostname with port\n    const upperReqHosts = [reqUrl.hostname.toUpperCase()];\n    if (typeof reqPort === 'number') {\n        upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`);\n    }\n    // Compare request host against noproxy\n    for (const upperNoProxyItem of noProxy\n        .split(',')\n        .map(x => x.trim().toUpperCase())\n        .filter(x => x)) {\n        if (upperReqHosts.some(x => x === upperNoProxyItem)) {\n            return true;\n        }\n    }\n    return false;\n}\nexports.checkBypass = checkBypass;\n//# sourceMappingURL=proxy.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar _a;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getCmdPath = exports.tryGetExecutablePath = exports.isRooted = exports.isDirectory = exports.exists = exports.READONLY = exports.UV_FS_O_EXLOCK = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rm = exports.rename = exports.readlink = exports.readdir = exports.open = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;\nconst fs = __importStar(require(\"fs\"));\nconst path = __importStar(require(\"path\"));\n_a = fs.promises\n// export const {open} = 'fs'\n, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.open = _a.open, exports.readdir = _a.readdir, exports.readlink = _a.readlink, exports.rename = _a.rename, exports.rm = _a.rm, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;\n// export const {open} = 'fs'\nexports.IS_WINDOWS = process.platform === 'win32';\n// See https://github.com/nodejs/node/blob/d0153aee367422d0858105abec186da4dff0a0c5/deps/uv/include/uv/win.h#L691\nexports.UV_FS_O_EXLOCK = 0x10000000;\nexports.READONLY = fs.constants.O_RDONLY;\nfunction exists(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        try {\n            yield exports.stat(fsPath);\n        }\n        catch (err) {\n            if (err.code === 'ENOENT') {\n                return false;\n            }\n            throw err;\n        }\n        return true;\n    });\n}\nexports.exists = exists;\nfunction isDirectory(fsPath, useStat = false) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const stats = useStat ? yield exports.stat(fsPath) : yield exports.lstat(fsPath);\n        return stats.isDirectory();\n    });\n}\nexports.isDirectory = isDirectory;\n/**\n * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:\n * \\, \\hello, \\\\hello\\share, C:, and C:\\hello (and corresponding alternate separator cases).\n */\nfunction isRooted(p) {\n    p = normalizeSeparators(p);\n    if (!p) {\n        throw new Error('isRooted() parameter \"p\" cannot be empty');\n    }\n    if (exports.IS_WINDOWS) {\n        return (p.startsWith('\\\\') || /^[A-Z]:/i.test(p) // e.g. \\ or \\hello or \\\\hello\n        ); // e.g. C: or C:\\hello\n    }\n    return p.startsWith('/');\n}\nexports.isRooted = isRooted;\n/**\n * Best effort attempt to determine whether a file exists and is executable.\n * @param filePath    file path to check\n * @param extensions  additional file extensions to try\n * @return if file exists and is executable, returns the file path. otherwise empty string.\n */\nfunction tryGetExecutablePath(filePath, extensions) {\n    return __awaiter(this, void 0, void 0, function* () {\n        let stats = undefined;\n        try {\n            // test file exists\n            stats = yield exports.stat(filePath);\n        }\n        catch (err) {\n            if (err.code !== 'ENOENT') {\n                // eslint-disable-next-line no-console\n                console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n            }\n        }\n        if (stats && stats.isFile()) {\n            if (exports.IS_WINDOWS) {\n                // on Windows, test for valid extension\n                const upperExt = path.extname(filePath).toUpperCase();\n                if (extensions.some(validExt => validExt.toUpperCase() === upperExt)) {\n                    return filePath;\n                }\n            }\n            else {\n                if (isUnixExecutable(stats)) {\n                    return filePath;\n                }\n            }\n        }\n        // try each extension\n        const originalFilePath = filePath;\n        for (const extension of extensions) {\n            filePath = originalFilePath + extension;\n            stats = undefined;\n            try {\n                stats = yield exports.stat(filePath);\n            }\n            catch (err) {\n                if (err.code !== 'ENOENT') {\n                    // eslint-disable-next-line no-console\n                    console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n                }\n            }\n            if (stats && stats.isFile()) {\n                if (exports.IS_WINDOWS) {\n                    // preserve the case of the actual file (since an extension was appended)\n                    try {\n                        const directory = path.dirname(filePath);\n                        const upperName = path.basename(filePath).toUpperCase();\n                        for (const actualName of yield exports.readdir(directory)) {\n                            if (upperName === actualName.toUpperCase()) {\n                                filePath = path.join(directory, actualName);\n                                break;\n                            }\n                        }\n                    }\n                    catch (err) {\n                        // eslint-disable-next-line no-console\n                        console.log(`Unexpected error attempting to determine the actual case of the file '${filePath}': ${err}`);\n                    }\n                    return filePath;\n                }\n                else {\n                    if (isUnixExecutable(stats)) {\n                        return filePath;\n                    }\n                }\n            }\n        }\n        return '';\n    });\n}\nexports.tryGetExecutablePath = tryGetExecutablePath;\nfunction normalizeSeparators(p) {\n    p = p || '';\n    if (exports.IS_WINDOWS) {\n        // convert slashes on Windows\n        p = p.replace(/\\//g, '\\\\');\n        // remove redundant slashes\n        return p.replace(/\\\\\\\\+/g, '\\\\');\n    }\n    // remove redundant slashes\n    return p.replace(/\\/\\/+/g, '/');\n}\n// on Mac/Linux, test the execute bit\n//     R   W  X  R  W X R W X\n//   256 128 64 32 16 8 4 2 1\nfunction isUnixExecutable(stats) {\n    return ((stats.mode & 1) > 0 ||\n        ((stats.mode & 8) > 0 && stats.gid === process.getgid()) ||\n        ((stats.mode & 64) > 0 && stats.uid === process.getuid()));\n}\n// Get the path of cmd.exe in windows\nfunction getCmdPath() {\n    var _a;\n    return (_a = process.env['COMSPEC']) !== null && _a !== void 0 ? _a : `cmd.exe`;\n}\nexports.getCmdPath = getCmdPath;\n//# sourceMappingURL=io-util.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.findInPath = exports.which = exports.mkdirP = exports.rmRF = exports.mv = exports.cp = void 0;\nconst assert_1 = require(\"assert\");\nconst path = __importStar(require(\"path\"));\nconst ioUtil = __importStar(require(\"./io-util\"));\n/**\n * Copies a file or folder.\n * Based off of shelljs - https://github.com/shelljs/shelljs/blob/9237f66c52e5daa40458f94f9565e18e8132f5a6/src/cp.js\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See CopyOptions.\n */\nfunction cp(source, dest, options = {}) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const { force, recursive, copySourceDirectory } = readCopyOptions(options);\n        const destStat = (yield ioUtil.exists(dest)) ? yield ioUtil.stat(dest) : null;\n        // Dest is an existing file, but not forcing\n        if (destStat && destStat.isFile() && !force) {\n            return;\n        }\n        // If dest is an existing directory, should copy inside.\n        const newDest = destStat && destStat.isDirectory() && copySourceDirectory\n            ? path.join(dest, path.basename(source))\n            : dest;\n        if (!(yield ioUtil.exists(source))) {\n            throw new Error(`no such file or directory: ${source}`);\n        }\n        const sourceStat = yield ioUtil.stat(source);\n        if (sourceStat.isDirectory()) {\n            if (!recursive) {\n                throw new Error(`Failed to copy. ${source} is a directory, but tried to copy without recursive flag.`);\n            }\n            else {\n                yield cpDirRecursive(source, newDest, 0, force);\n            }\n        }\n        else {\n            if (path.relative(source, newDest) === '') {\n                // a file cannot be copied to itself\n                throw new Error(`'${newDest}' and '${source}' are the same file`);\n            }\n            yield copyFile(source, newDest, force);\n        }\n    });\n}\nexports.cp = cp;\n/**\n * Moves a path.\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See MoveOptions.\n */\nfunction mv(source, dest, options = {}) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (yield ioUtil.exists(dest)) {\n            let destExists = true;\n            if (yield ioUtil.isDirectory(dest)) {\n                // If dest is directory copy src into dest\n                dest = path.join(dest, path.basename(source));\n                destExists = yield ioUtil.exists(dest);\n            }\n            if (destExists) {\n                if (options.force == null || options.force) {\n                    yield rmRF(dest);\n                }\n                else {\n                    throw new Error('Destination already exists');\n                }\n            }\n        }\n        yield mkdirP(path.dirname(dest));\n        yield ioUtil.rename(source, dest);\n    });\n}\nexports.mv = mv;\n/**\n * Remove a path recursively with force\n *\n * @param inputPath path to remove\n */\nfunction rmRF(inputPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (ioUtil.IS_WINDOWS) {\n            // Check for invalid characters\n            // https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file\n            if (/[*\"<>|]/.test(inputPath)) {\n                throw new Error('File path must not contain `*`, `\"`, `<`, `>` or `|` on Windows');\n            }\n        }\n        try {\n            // note if path does not exist, error is silent\n            yield ioUtil.rm(inputPath, {\n                force: true,\n                maxRetries: 3,\n                recursive: true,\n                retryDelay: 300\n            });\n        }\n        catch (err) {\n            throw new Error(`File was unable to be removed ${err}`);\n        }\n    });\n}\nexports.rmRF = rmRF;\n/**\n * Make a directory.  Creates the full path with folders in between\n * Will throw if it fails\n *\n * @param   fsPath        path to create\n * @returns Promise<void>\n */\nfunction mkdirP(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(fsPath, 'a path argument must be provided');\n        yield ioUtil.mkdir(fsPath, { recursive: true });\n    });\n}\nexports.mkdirP = mkdirP;\n/**\n * Returns path of a tool had the tool actually been invoked.  Resolves via paths.\n * If you check and the tool does not exist, it will throw.\n *\n * @param     tool              name of the tool\n * @param     check             whether to check if tool exists\n * @returns   Promise<string>   path to tool\n */\nfunction which(tool, check) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // recursive when check=true\n        if (check) {\n            const result = yield which(tool, false);\n            if (!result) {\n                if (ioUtil.IS_WINDOWS) {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.`);\n                }\n                else {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.`);\n                }\n            }\n            return result;\n        }\n        const matches = yield findInPath(tool);\n        if (matches && matches.length > 0) {\n            return matches[0];\n        }\n        return '';\n    });\n}\nexports.which = which;\n/**\n * Returns a list of all occurrences of the given tool on the system path.\n *\n * @returns   Promise<string[]>  the paths of the tool\n */\nfunction findInPath(tool) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // build the list of extensions to try\n        const extensions = [];\n        if (ioUtil.IS_WINDOWS && process.env['PATHEXT']) {\n            for (const extension of process.env['PATHEXT'].split(path.delimiter)) {\n                if (extension) {\n                    extensions.push(extension);\n                }\n            }\n        }\n        // if it's rooted, return it if exists. otherwise return empty.\n        if (ioUtil.isRooted(tool)) {\n            const filePath = yield ioUtil.tryGetExecutablePath(tool, extensions);\n            if (filePath) {\n                return [filePath];\n            }\n            return [];\n        }\n        // if any path separators, return empty\n        if (tool.includes(path.sep)) {\n            return [];\n        }\n        // build the list of directories\n        //\n        // Note, technically \"where\" checks the current directory on Windows. From a toolkit perspective,\n        // it feels like we should not do this. Checking the current directory seems like more of a use\n        // case of a shell, and the which() function exposed by the toolkit should strive for consistency\n        // across platforms.\n        const directories = [];\n        if (process.env.PATH) {\n            for (const p of process.env.PATH.split(path.delimiter)) {\n                if (p) {\n                    directories.push(p);\n                }\n            }\n        }\n        // find all matches\n        const matches = [];\n        for (const directory of directories) {\n            const filePath = yield ioUtil.tryGetExecutablePath(path.join(directory, tool), extensions);\n            if (filePath) {\n                matches.push(filePath);\n            }\n        }\n        return matches;\n    });\n}\nexports.findInPath = findInPath;\nfunction readCopyOptions(options) {\n    const force = options.force == null ? true : options.force;\n    const recursive = Boolean(options.recursive);\n    const copySourceDirectory = options.copySourceDirectory == null\n        ? true\n        : Boolean(options.copySourceDirectory);\n    return { force, recursive, copySourceDirectory };\n}\nfunction cpDirRecursive(sourceDir, destDir, currentDepth, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Ensure there is not a run away recursive copy\n        if (currentDepth >= 255)\n            return;\n        currentDepth++;\n        yield mkdirP(destDir);\n        const files = yield ioUtil.readdir(sourceDir);\n        for (const fileName of files) {\n            const srcFile = `${sourceDir}/${fileName}`;\n            const destFile = `${destDir}/${fileName}`;\n            const srcFileStat = yield ioUtil.lstat(srcFile);\n            if (srcFileStat.isDirectory()) {\n                // Recurse\n                yield cpDirRecursive(srcFile, destFile, currentDepth, force);\n            }\n            else {\n                yield copyFile(srcFile, destFile, force);\n            }\n        }\n        // Change the mode for the newly created directory\n        yield ioUtil.chmod(destDir, (yield ioUtil.stat(sourceDir)).mode);\n    });\n}\n// Buffered file copy\nfunction copyFile(srcFile, destFile, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if ((yield ioUtil.lstat(srcFile)).isSymbolicLink()) {\n            // unlink/re-link it\n            try {\n                yield ioUtil.lstat(destFile);\n                yield ioUtil.unlink(destFile);\n            }\n            catch (e) {\n                // Try to override file permission\n                if (e.code === 'EPERM') {\n                    yield ioUtil.chmod(destFile, '0666');\n                    yield ioUtil.unlink(destFile);\n                }\n                // other errors = it doesn't exist, no work to do\n            }\n            // Copy over symlink\n            const symlinkFull = yield ioUtil.readlink(srcFile);\n            yield ioUtil.symlink(symlinkFull, destFile, ioUtil.IS_WINDOWS ? 'junction' : null);\n        }\n        else if (!(yield ioUtil.exists(destFile)) || force) {\n            yield ioUtil.copyFile(srcFile, destFile);\n        }\n    });\n}\n//# sourceMappingURL=io.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports._readLinuxVersionFile = exports._getOsVersion = exports._findMatch = void 0;\nconst semver = __importStar(require(\"semver\"));\nconst core_1 = require(\"@actions/core\");\n// needs to be require for core node modules to be mocked\n/* eslint @typescript-eslint/no-require-imports: 0 */\nconst os = require(\"os\");\nconst cp = require(\"child_process\");\nconst fs = require(\"fs\");\nfunction _findMatch(versionSpec, stable, candidates, archFilter) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const platFilter = os.platform();\n        let result;\n        let match;\n        let file;\n        for (const candidate of candidates) {\n            const version = candidate.version;\n            core_1.debug(`check ${version} satisfies ${versionSpec}`);\n            if (semver.satisfies(version, versionSpec) &&\n                (!stable || candidate.stable === stable)) {\n                file = candidate.files.find(item => {\n                    core_1.debug(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);\n                    let chk = item.arch === archFilter && item.platform === platFilter;\n                    if (chk && item.platform_version) {\n                        const osVersion = module.exports._getOsVersion();\n                        if (osVersion === item.platform_version) {\n                            chk = true;\n                        }\n                        else {\n                            chk = semver.satisfies(osVersion, item.platform_version);\n                        }\n                    }\n                    return chk;\n                });\n                if (file) {\n                    core_1.debug(`matched ${candidate.version}`);\n                    match = candidate;\n                    break;\n                }\n            }\n        }\n        if (match && file) {\n            // clone since we're mutating the file list to be only the file that matches\n            result = Object.assign({}, match);\n            result.files = [file];\n        }\n        return result;\n    });\n}\nexports._findMatch = _findMatch;\nfunction _getOsVersion() {\n    // TODO: add windows and other linux, arm variants\n    // right now filtering on version is only an ubuntu and macos scenario for tools we build for hosted (python)\n    const plat = os.platform();\n    let version = '';\n    if (plat === 'darwin') {\n        version = cp.execSync('sw_vers -productVersion').toString();\n    }\n    else if (plat === 'linux') {\n        // lsb_release process not in some containers, readfile\n        // Run cat /etc/lsb-release\n        // DISTRIB_ID=Ubuntu\n        // DISTRIB_RELEASE=18.04\n        // DISTRIB_CODENAME=bionic\n        // DISTRIB_DESCRIPTION=\"Ubuntu 18.04.4 LTS\"\n        const lsbContents = module.exports._readLinuxVersionFile();\n        if (lsbContents) {\n            const lines = lsbContents.split('\\n');\n            for (const line of lines) {\n                const parts = line.split('=');\n                if (parts.length === 2 &&\n                    (parts[0].trim() === 'VERSION_ID' ||\n                        parts[0].trim() === 'DISTRIB_RELEASE')) {\n                    version = parts[1]\n                        .trim()\n                        .replace(/^\"/, '')\n                        .replace(/\"$/, '');\n                    break;\n                }\n            }\n        }\n    }\n    return version;\n}\nexports._getOsVersion = _getOsVersion;\nfunction _readLinuxVersionFile() {\n    const lsbReleaseFile = '/etc/lsb-release';\n    const osReleaseFile = '/etc/os-release';\n    let contents = '';\n    if (fs.existsSync(lsbReleaseFile)) {\n        contents = fs.readFileSync(lsbReleaseFile).toString();\n    }\n    else if (fs.existsSync(osReleaseFile)) {\n        contents = fs.readFileSync(osReleaseFile).toString();\n    }\n    return contents;\n}\nexports._readLinuxVersionFile = _readLinuxVersionFile;\n//# sourceMappingURL=manifest.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.RetryHelper = void 0;\nconst core = __importStar(require(\"@actions/core\"));\n/**\n * Internal class for retries\n */\nclass RetryHelper {\n    constructor(maxAttempts, minSeconds, maxSeconds) {\n        if (maxAttempts < 1) {\n            throw new Error('max attempts should be greater than or equal to 1');\n        }\n        this.maxAttempts = maxAttempts;\n        this.minSeconds = Math.floor(minSeconds);\n        this.maxSeconds = Math.floor(maxSeconds);\n        if (this.minSeconds > this.maxSeconds) {\n            throw new Error('min seconds should be less than or equal to max seconds');\n        }\n    }\n    execute(action, isRetryable) {\n        return __awaiter(this, void 0, void 0, function* () {\n            let attempt = 1;\n            while (attempt < this.maxAttempts) {\n                // Try\n                try {\n                    return yield action();\n                }\n                catch (err) {\n                    if (isRetryable && !isRetryable(err)) {\n                        throw err;\n                    }\n                    core.info(err.message);\n                }\n                // Sleep\n                const seconds = this.getSleepAmount();\n                core.info(`Waiting ${seconds} seconds before trying again`);\n                yield this.sleep(seconds);\n                attempt++;\n            }\n            // Last attempt\n            return yield action();\n        });\n    }\n    getSleepAmount() {\n        return (Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) +\n            this.minSeconds);\n    }\n    sleep(seconds) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise(resolve => setTimeout(resolve, seconds * 1000));\n        });\n    }\n}\nexports.RetryHelper = RetryHelper;\n//# sourceMappingURL=retry-helper.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || function (mod) {\n    if (mod && mod.__esModule) return mod;\n    var result = {};\n    if (mod != null) for (var k in mod) if (k !== \"default\" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\n    __setModuleDefault(result, mod);\n    return result;\n};\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar __importDefault = (this && this.__importDefault) || function (mod) {\n    return (mod && mod.__esModule) ? mod : { \"default\": mod };\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.evaluateVersions = exports.isExplicitVersion = exports.findFromManifest = exports.getManifestFromRepo = exports.findAllVersions = exports.find = exports.cacheFile = exports.cacheDir = exports.extractZip = exports.extractXar = exports.extractTar = exports.extract7z = exports.downloadTool = exports.HTTPError = void 0;\nconst core = __importStar(require(\"@actions/core\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst fs = __importStar(require(\"fs\"));\nconst mm = __importStar(require(\"./manifest\"));\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst httpm = __importStar(require(\"@actions/http-client\"));\nconst semver = __importStar(require(\"semver\"));\nconst stream = __importStar(require(\"stream\"));\nconst util = __importStar(require(\"util\"));\nconst assert_1 = require(\"assert\");\nconst v4_1 = __importDefault(require(\"uuid/v4\"));\nconst exec_1 = require(\"@actions/exec/lib/exec\");\nconst retry_helper_1 = require(\"./retry-helper\");\nclass HTTPError extends Error {\n    constructor(httpStatusCode) {\n        super(`Unexpected HTTP response: ${httpStatusCode}`);\n        this.httpStatusCode = httpStatusCode;\n        Object.setPrototypeOf(this, new.target.prototype);\n    }\n}\nexports.HTTPError = HTTPError;\nconst IS_WINDOWS = process.platform === 'win32';\nconst IS_MAC = process.platform === 'darwin';\nconst userAgent = 'actions/tool-cache';\n/**\n * Download a tool from an url and stream it into a file\n *\n * @param url       url of tool to download\n * @param dest      path to download tool\n * @param auth      authorization header\n * @param headers   other headers\n * @returns         path to downloaded tool\n */\nfunction downloadTool(url, dest, auth, headers) {\n    return __awaiter(this, void 0, void 0, function* () {\n        dest = dest || path.join(_getTempDirectory(), v4_1.default());\n        yield io.mkdirP(path.dirname(dest));\n        core.debug(`Downloading ${url}`);\n        core.debug(`Destination ${dest}`);\n        const maxAttempts = 3;\n        const minSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MIN_SECONDS', 10);\n        const maxSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MAX_SECONDS', 20);\n        const retryHelper = new retry_helper_1.RetryHelper(maxAttempts, minSeconds, maxSeconds);\n        return yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {\n            return yield downloadToolAttempt(url, dest || '', auth, headers);\n        }), (err) => {\n            if (err instanceof HTTPError && err.httpStatusCode) {\n                // Don't retry anything less than 500, except 408 Request Timeout and 429 Too Many Requests\n                if (err.httpStatusCode < 500 &&\n                    err.httpStatusCode !== 408 &&\n                    err.httpStatusCode !== 429) {\n                    return false;\n                }\n            }\n            // Otherwise retry\n            return true;\n        });\n    });\n}\nexports.downloadTool = downloadTool;\nfunction downloadToolAttempt(url, dest, auth, headers) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (fs.existsSync(dest)) {\n            throw new Error(`Destination file path ${dest} already exists`);\n        }\n        // Get the response headers\n        const http = new httpm.HttpClient(userAgent, [], {\n            allowRetries: false\n        });\n        if (auth) {\n            core.debug('set auth');\n            if (headers === undefined) {\n                headers = {};\n            }\n            headers.authorization = auth;\n        }\n        const response = yield http.get(url, headers);\n        if (response.message.statusCode !== 200) {\n            const err = new HTTPError(response.message.statusCode);\n            core.debug(`Failed to download from \"${url}\". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);\n            throw err;\n        }\n        // Download the response body\n        const pipeline = util.promisify(stream.pipeline);\n        const responseMessageFactory = _getGlobal('TEST_DOWNLOAD_TOOL_RESPONSE_MESSAGE_FACTORY', () => response.message);\n        const readStream = responseMessageFactory();\n        let succeeded = false;\n        try {\n            yield pipeline(readStream, fs.createWriteStream(dest));\n            core.debug('download complete');\n            succeeded = true;\n            return dest;\n        }\n        finally {\n            // Error, delete dest before retry\n            if (!succeeded) {\n                core.debug('download failed');\n                try {\n                    yield io.rmRF(dest);\n                }\n                catch (err) {\n                    core.debug(`Failed to delete '${dest}'. ${err.message}`);\n                }\n            }\n        }\n    });\n}\n/**\n * Extract a .7z file\n *\n * @param file     path to the .7z file\n * @param dest     destination directory. Optional.\n * @param _7zPath  path to 7zr.exe. Optional, for long path support. Most .7z archives do not have this\n * problem. If your .7z archive contains very long paths, you can pass the path to 7zr.exe which will\n * gracefully handle long paths. By default 7zdec.exe is used because it is a very small program and is\n * bundled with the tool lib. However it does not support long paths. 7zr.exe is the reduced command line\n * interface, it is smaller than the full command line interface, and it does support long paths. At the\n * time of this writing, it is freely available from the LZMA SDK that is available on the 7zip website.\n * Be sure to check the current license agreement. If 7zr.exe is bundled with your action, then the path\n * to 7zr.exe can be pass to this function.\n * @returns        path to the destination directory\n */\nfunction extract7z(file, dest, _7zPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(IS_WINDOWS, 'extract7z() not supported on current OS');\n        assert_1.ok(file, 'parameter \"file\" is required');\n        dest = yield _createExtractFolder(dest);\n        const originalCwd = process.cwd();\n        process.chdir(dest);\n        if (_7zPath) {\n            try {\n                const logLevel = core.isDebug() ? '-bb1' : '-bb0';\n                const args = [\n                    'x',\n                    logLevel,\n                    '-bd',\n                    '-sccUTF-8',\n                    file\n                ];\n                const options = {\n                    silent: true\n                };\n                yield exec_1.exec(`\"${_7zPath}\"`, args, options);\n            }\n            finally {\n                process.chdir(originalCwd);\n            }\n        }\n        else {\n            const escapedScript = path\n                .join(__dirname, '..', 'scripts', 'Invoke-7zdec.ps1')\n                .replace(/'/g, \"''\")\n                .replace(/\"|\\n|\\r/g, ''); // double-up single quotes, remove double quotes and newlines\n            const escapedFile = file.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n            const escapedTarget = dest.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n            const command = `& '${escapedScript}' -Source '${escapedFile}' -Target '${escapedTarget}'`;\n            const args = [\n                '-NoLogo',\n                '-Sta',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                command\n            ];\n            const options = {\n                silent: true\n            };\n            try {\n                const powershellPath = yield io.which('powershell', true);\n                yield exec_1.exec(`\"${powershellPath}\"`, args, options);\n            }\n            finally {\n                process.chdir(originalCwd);\n            }\n        }\n        return dest;\n    });\n}\nexports.extract7z = extract7z;\n/**\n * Extract a compressed tar archive\n *\n * @param file     path to the tar\n * @param dest     destination directory. Optional.\n * @param flags    flags for the tar command to use for extraction. Defaults to 'xz' (extracting gzipped tars). Optional.\n * @returns        path to the destination directory\n */\nfunction extractTar(file, dest, flags = 'xz') {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!file) {\n            throw new Error(\"parameter 'file' is required\");\n        }\n        // Create dest\n        dest = yield _createExtractFolder(dest);\n        // Determine whether GNU tar\n        core.debug('Checking tar --version');\n        let versionOutput = '';\n        yield exec_1.exec('tar --version', [], {\n            ignoreReturnCode: true,\n            silent: true,\n            listeners: {\n                stdout: (data) => (versionOutput += data.toString()),\n                stderr: (data) => (versionOutput += data.toString())\n            }\n        });\n        core.debug(versionOutput.trim());\n        const isGnuTar = versionOutput.toUpperCase().includes('GNU TAR');\n        // Initialize args\n        let args;\n        if (flags instanceof Array) {\n            args = flags;\n        }\n        else {\n            args = [flags];\n        }\n        if (core.isDebug() && !flags.includes('v')) {\n            args.push('-v');\n        }\n        let destArg = dest;\n        let fileArg = file;\n        if (IS_WINDOWS && isGnuTar) {\n            args.push('--force-local');\n            destArg = dest.replace(/\\\\/g, '/');\n            // Technically only the dest needs to have `/` but for aesthetic consistency\n            // convert slashes in the file arg too.\n            fileArg = file.replace(/\\\\/g, '/');\n        }\n        if (isGnuTar) {\n            // Suppress warnings when using GNU tar to extract archives created by BSD tar\n            args.push('--warning=no-unknown-keyword');\n            args.push('--overwrite');\n        }\n        args.push('-C', destArg, '-f', fileArg);\n        yield exec_1.exec(`tar`, args);\n        return dest;\n    });\n}\nexports.extractTar = extractTar;\n/**\n * Extract a xar compatible archive\n *\n * @param file     path to the archive\n * @param dest     destination directory. Optional.\n * @param flags    flags for the xar. Optional.\n * @returns        path to the destination directory\n */\nfunction extractXar(file, dest, flags = []) {\n    return __awaiter(this, void 0, void 0, function* () {\n        assert_1.ok(IS_MAC, 'extractXar() not supported on current OS');\n        assert_1.ok(file, 'parameter \"file\" is required');\n        dest = yield _createExtractFolder(dest);\n        let args;\n        if (flags instanceof Array) {\n            args = flags;\n        }\n        else {\n            args = [flags];\n        }\n        args.push('-x', '-C', dest, '-f', file);\n        if (core.isDebug()) {\n            args.push('-v');\n        }\n        const xarPath = yield io.which('xar', true);\n        yield exec_1.exec(`\"${xarPath}\"`, _unique(args));\n        return dest;\n    });\n}\nexports.extractXar = extractXar;\n/**\n * Extract a zip\n *\n * @param file     path to the zip\n * @param dest     destination directory. Optional.\n * @returns        path to the destination directory\n */\nfunction extractZip(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!file) {\n            throw new Error(\"parameter 'file' is required\");\n        }\n        dest = yield _createExtractFolder(dest);\n        if (IS_WINDOWS) {\n            yield extractZipWin(file, dest);\n        }\n        else {\n            yield extractZipNix(file, dest);\n        }\n        return dest;\n    });\n}\nexports.extractZip = extractZip;\nfunction extractZipWin(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // build the powershell command\n        const escapedFile = file.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, ''); // double-up single quotes, remove double quotes and newlines\n        const escapedDest = dest.replace(/'/g, \"''\").replace(/\"|\\n|\\r/g, '');\n        const pwshPath = yield io.which('pwsh', false);\n        //To match the file overwrite behavior on nix systems, we use the overwrite = true flag for ExtractToDirectory\n        //and the -Force flag for Expand-Archive as a fallback\n        if (pwshPath) {\n            //attempt to use pwsh with ExtractToDirectory, if this fails attempt Expand-Archive\n            const pwshCommand = [\n                `$ErrorActionPreference = 'Stop' ;`,\n                `try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ;`,\n                `try { [System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`,\n                `catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force } else { throw $_ } } ;`\n            ].join(' ');\n            const args = [\n                '-NoLogo',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                pwshCommand\n            ];\n            core.debug(`Using pwsh at path: ${pwshPath}`);\n            yield exec_1.exec(`\"${pwshPath}\"`, args);\n        }\n        else {\n            const powershellCommand = [\n                `$ErrorActionPreference = 'Stop' ;`,\n                `try { Add-Type -AssemblyName System.IO.Compression.FileSystem } catch { } ;`,\n                `if ((Get-Command -Name Expand-Archive -Module Microsoft.PowerShell.Archive -ErrorAction Ignore)) { Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force }`,\n                `else {[System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`\n            ].join(' ');\n            const args = [\n                '-NoLogo',\n                '-Sta',\n                '-NoProfile',\n                '-NonInteractive',\n                '-ExecutionPolicy',\n                'Unrestricted',\n                '-Command',\n                powershellCommand\n            ];\n            const powershellPath = yield io.which('powershell', true);\n            core.debug(`Using powershell at path: ${powershellPath}`);\n            yield exec_1.exec(`\"${powershellPath}\"`, args);\n        }\n    });\n}\nfunction extractZipNix(file, dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const unzipPath = yield io.which('unzip', true);\n        const args = [file];\n        if (!core.isDebug()) {\n            args.unshift('-q');\n        }\n        args.unshift('-o'); //overwrite with -o, otherwise a prompt is shown which freezes the run\n        yield exec_1.exec(`\"${unzipPath}\"`, args, { cwd: dest });\n    });\n}\n/**\n * Caches a directory and installs it into the tool cacheDir\n *\n * @param sourceDir    the directory to cache into tools\n * @param tool          tool name\n * @param version       version of the tool.  semver format\n * @param arch          architecture of the tool.  Optional.  Defaults to machine architecture\n */\nfunction cacheDir(sourceDir, tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        version = semver.clean(version) || version;\n        arch = arch || os.arch();\n        core.debug(`Caching tool ${tool} ${version} ${arch}`);\n        core.debug(`source dir: ${sourceDir}`);\n        if (!fs.statSync(sourceDir).isDirectory()) {\n            throw new Error('sourceDir is not a directory');\n        }\n        // Create the tool dir\n        const destPath = yield _createToolPath(tool, version, arch);\n        // copy each child item. do not move. move can fail on Windows\n        // due to anti-virus software having an open handle on a file.\n        for (const itemName of fs.readdirSync(sourceDir)) {\n            const s = path.join(sourceDir, itemName);\n            yield io.cp(s, destPath, { recursive: true });\n        }\n        // write .complete\n        _completeToolPath(tool, version, arch);\n        return destPath;\n    });\n}\nexports.cacheDir = cacheDir;\n/**\n * Caches a downloaded file (GUID) and installs it\n * into the tool cache with a given targetName\n *\n * @param sourceFile    the file to cache into tools.  Typically a result of downloadTool which is a guid.\n * @param targetFile    the name of the file name in the tools directory\n * @param tool          tool name\n * @param version       version of the tool.  semver format\n * @param arch          architecture of the tool.  Optional.  Defaults to machine architecture\n */\nfunction cacheFile(sourceFile, targetFile, tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        version = semver.clean(version) || version;\n        arch = arch || os.arch();\n        core.debug(`Caching tool ${tool} ${version} ${arch}`);\n        core.debug(`source file: ${sourceFile}`);\n        if (!fs.statSync(sourceFile).isFile()) {\n            throw new Error('sourceFile is not a file');\n        }\n        // create the tool dir\n        const destFolder = yield _createToolPath(tool, version, arch);\n        // copy instead of move. move can fail on Windows due to\n        // anti-virus software having an open handle on a file.\n        const destPath = path.join(destFolder, targetFile);\n        core.debug(`destination file ${destPath}`);\n        yield io.cp(sourceFile, destPath);\n        // write .complete\n        _completeToolPath(tool, version, arch);\n        return destFolder;\n    });\n}\nexports.cacheFile = cacheFile;\n/**\n * Finds the path to a tool version in the local installed tool cache\n *\n * @param toolName      name of the tool\n * @param versionSpec   version of the tool\n * @param arch          optional arch.  defaults to arch of computer\n */\nfunction find(toolName, versionSpec, arch) {\n    if (!toolName) {\n        throw new Error('toolName parameter is required');\n    }\n    if (!versionSpec) {\n        throw new Error('versionSpec parameter is required');\n    }\n    arch = arch || os.arch();\n    // attempt to resolve an explicit version\n    if (!isExplicitVersion(versionSpec)) {\n        const localVersions = findAllVersions(toolName, arch);\n        const match = evaluateVersions(localVersions, versionSpec);\n        versionSpec = match;\n    }\n    // check for the explicit version in the cache\n    let toolPath = '';\n    if (versionSpec) {\n        versionSpec = semver.clean(versionSpec) || '';\n        const cachePath = path.join(_getCacheDirectory(), toolName, versionSpec, arch);\n        core.debug(`checking cache: ${cachePath}`);\n        if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) {\n            core.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch}`);\n            toolPath = cachePath;\n        }\n        else {\n            core.debug('not found');\n        }\n    }\n    return toolPath;\n}\nexports.find = find;\n/**\n * Finds the paths to all versions of a tool that are installed in the local tool cache\n *\n * @param toolName  name of the tool\n * @param arch      optional arch.  defaults to arch of computer\n */\nfunction findAllVersions(toolName, arch) {\n    const versions = [];\n    arch = arch || os.arch();\n    const toolPath = path.join(_getCacheDirectory(), toolName);\n    if (fs.existsSync(toolPath)) {\n        const children = fs.readdirSync(toolPath);\n        for (const child of children) {\n            if (isExplicitVersion(child)) {\n                const fullPath = path.join(toolPath, child, arch || '');\n                if (fs.existsSync(fullPath) && fs.existsSync(`${fullPath}.complete`)) {\n                    versions.push(child);\n                }\n            }\n        }\n    }\n    return versions;\n}\nexports.findAllVersions = findAllVersions;\nfunction getManifestFromRepo(owner, repo, auth, branch = 'master') {\n    return __awaiter(this, void 0, void 0, function* () {\n        let releases = [];\n        const treeUrl = `https://api.github.com/repos/${owner}/${repo}/git/trees/${branch}`;\n        const http = new httpm.HttpClient('tool-cache');\n        const headers = {};\n        if (auth) {\n            core.debug('set auth');\n            headers.authorization = auth;\n        }\n        const response = yield http.getJson(treeUrl, headers);\n        if (!response.result) {\n            return releases;\n        }\n        let manifestUrl = '';\n        for (const item of response.result.tree) {\n            if (item.path === 'versions-manifest.json') {\n                manifestUrl = item.url;\n                break;\n            }\n        }\n        headers['accept'] = 'application/vnd.github.VERSION.raw';\n        let versionsRaw = yield (yield http.get(manifestUrl, headers)).readBody();\n        if (versionsRaw) {\n            // shouldn't be needed but protects against invalid json saved with BOM\n            versionsRaw = versionsRaw.replace(/^\\uFEFF/, '');\n            try {\n                releases = JSON.parse(versionsRaw);\n            }\n            catch (_a) {\n                core.debug('Invalid json');\n            }\n        }\n        return releases;\n    });\n}\nexports.getManifestFromRepo = getManifestFromRepo;\nfunction findFromManifest(versionSpec, stable, manifest, archFilter = os.arch()) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // wrap the internal impl\n        const match = yield mm._findMatch(versionSpec, stable, manifest, archFilter);\n        return match;\n    });\n}\nexports.findFromManifest = findFromManifest;\nfunction _createExtractFolder(dest) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!dest) {\n            // create a temp dir\n            dest = path.join(_getTempDirectory(), v4_1.default());\n        }\n        yield io.mkdirP(dest);\n        return dest;\n    });\n}\nfunction _createToolPath(tool, version, arch) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');\n        core.debug(`destination ${folderPath}`);\n        const markerPath = `${folderPath}.complete`;\n        yield io.rmRF(folderPath);\n        yield io.rmRF(markerPath);\n        yield io.mkdirP(folderPath);\n        return folderPath;\n    });\n}\nfunction _completeToolPath(tool, version, arch) {\n    const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');\n    const markerPath = `${folderPath}.complete`;\n    fs.writeFileSync(markerPath, '');\n    core.debug('finished caching tool');\n}\n/**\n * Check if version string is explicit\n *\n * @param versionSpec      version string to check\n */\nfunction isExplicitVersion(versionSpec) {\n    const c = semver.clean(versionSpec) || '';\n    core.debug(`isExplicit: ${c}`);\n    const valid = semver.valid(c) != null;\n    core.debug(`explicit? ${valid}`);\n    return valid;\n}\nexports.isExplicitVersion = isExplicitVersion;\n/**\n * Get the highest satisfiying semantic version in `versions` which satisfies `versionSpec`\n *\n * @param versions        array of versions to evaluate\n * @param versionSpec     semantic version spec to satisfy\n */\nfunction evaluateVersions(versions, versionSpec) {\n    let version = '';\n    core.debug(`evaluating ${versions.length} versions`);\n    versions = versions.sort((a, b) => {\n        if (semver.gt(a, b)) {\n            return 1;\n        }\n        return -1;\n    });\n    for (let i = versions.length - 1; i >= 0; i--) {\n        const potential = versions[i];\n        const satisfied = semver.satisfies(potential, versionSpec);\n        if (satisfied) {\n            version = potential;\n            break;\n        }\n    }\n    if (version) {\n        core.debug(`matched: ${version}`);\n    }\n    else {\n        core.debug('match not found');\n    }\n    return version;\n}\nexports.evaluateVersions = evaluateVersions;\n/**\n * Gets RUNNER_TOOL_CACHE\n */\nfunction _getCacheDirectory() {\n    const cacheDirectory = process.env['RUNNER_TOOL_CACHE'] || '';\n    assert_1.ok(cacheDirectory, 'Expected RUNNER_TOOL_CACHE to be defined');\n    return cacheDirectory;\n}\n/**\n * Gets RUNNER_TEMP\n */\nfunction _getTempDirectory() {\n    const tempDirectory = process.env['RUNNER_TEMP'] || '';\n    assert_1.ok(tempDirectory, 'Expected RUNNER_TEMP to be defined');\n    return tempDirectory;\n}\n/**\n * Gets a global variable\n */\nfunction _getGlobal(key, defaultValue) {\n    /* eslint-disable @typescript-eslint/no-explicit-any */\n    const value = global[key];\n    /* eslint-enable @typescript-eslint/no-explicit-any */\n    return value !== undefined ? value : defaultValue;\n}\n/**\n * Returns an array of unique values.\n * @param values Values to make unique.\n */\nfunction _unique(values) {\n    return Array.from(new Set(values));\n}\n//# sourceMappingURL=tool-cache.js.map","/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\nvar byteToHex = [];\nfor (var i = 0; i < 256; ++i) {\n  byteToHex[i] = (i + 0x100).toString(16).substr(1);\n}\n\nfunction bytesToUuid(buf, offset) {\n  var i = offset || 0;\n  var bth = byteToHex;\n  // join used to fix memory issue caused by concatenation: https://bugs.chromium.org/p/v8/issues/detail?id=3175#c4\n  return ([\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]], '-',\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]],\n    bth[buf[i++]], bth[buf[i++]]\n  ]).join('');\n}\n\nmodule.exports = bytesToUuid;\n","// Unique ID creation requires a high quality random # generator.  In node.js\n// this is pretty straight-forward - we use the crypto API.\n\nvar crypto = require('crypto');\n\nmodule.exports = function nodeRNG() {\n  return crypto.randomBytes(16);\n};\n","var rng = require('./lib/rng');\nvar bytesToUuid = require('./lib/bytesToUuid');\n\nfunction v4(options, buf, offset) {\n  var i = buf && offset || 0;\n\n  if (typeof(options) == 'string') {\n    buf = options === 'binary' ? new Array(16) : null;\n    options = null;\n  }\n  options = options || {};\n\n  var rnds = options.random || (options.rng || rng)();\n\n  // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n  rnds[6] = (rnds[6] & 0x0f) | 0x40;\n  rnds[8] = (rnds[8] & 0x3f) | 0x80;\n\n  // Copy bytes to buffer, if provided\n  if (buf) {\n    for (var ii = 0; ii < 16; ++ii) {\n      buf[i + ii] = rnds[ii];\n    }\n  }\n\n  return buf || bytesToUuid(rnds);\n}\n\nmodule.exports = v4;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nconst REGEX_IS_INSTALLATION_LEGACY = /^v1\\./;\nconst REGEX_IS_INSTALLATION = /^ghs_/;\nconst REGEX_IS_USER_TO_SERVER = /^ghu_/;\nasync function auth(token) {\n  const isApp = token.split(/\\./).length === 3;\n  const isInstallation = REGEX_IS_INSTALLATION_LEGACY.test(token) || REGEX_IS_INSTALLATION.test(token);\n  const isUserToServer = REGEX_IS_USER_TO_SERVER.test(token);\n  const tokenType = isApp ? \"app\" : isInstallation ? \"installation\" : isUserToServer ? \"user-to-server\" : \"oauth\";\n  return {\n    type: \"token\",\n    token: token,\n    tokenType\n  };\n}\n\n/**\n * Prefix token for usage in the Authorization header\n *\n * @param token OAuth token or JSON Web Token\n */\nfunction withAuthorizationPrefix(token) {\n  if (token.split(/\\./).length === 3) {\n    return `bearer ${token}`;\n  }\n\n  return `token ${token}`;\n}\n\nasync function hook(token, request, route, parameters) {\n  const endpoint = request.endpoint.merge(route, parameters);\n  endpoint.headers.authorization = withAuthorizationPrefix(token);\n  return request(endpoint);\n}\n\nconst createTokenAuth = function createTokenAuth(token) {\n  if (!token) {\n    throw new Error(\"[@octokit/auth-token] No token passed to createTokenAuth\");\n  }\n\n  if (typeof token !== \"string\") {\n    throw new Error(\"[@octokit/auth-token] Token passed to createTokenAuth is not a string\");\n  }\n\n  token = token.replace(/^(token|bearer) +/i, \"\");\n  return Object.assign(auth.bind(null, token), {\n    hook: hook.bind(null, token)\n  });\n};\n\nexports.createTokenAuth = createTokenAuth;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar universalUserAgent = require('universal-user-agent');\nvar beforeAfterHook = require('before-after-hook');\nvar request = require('@octokit/request');\nvar graphql = require('@octokit/graphql');\nvar authToken = require('@octokit/auth-token');\n\nfunction _objectWithoutPropertiesLoose(source, excluded) {\n  if (source == null) return {};\n  var target = {};\n  var sourceKeys = Object.keys(source);\n  var key, i;\n\n  for (i = 0; i < sourceKeys.length; i++) {\n    key = sourceKeys[i];\n    if (excluded.indexOf(key) >= 0) continue;\n    target[key] = source[key];\n  }\n\n  return target;\n}\n\nfunction _objectWithoutProperties(source, excluded) {\n  if (source == null) return {};\n\n  var target = _objectWithoutPropertiesLoose(source, excluded);\n\n  var key, i;\n\n  if (Object.getOwnPropertySymbols) {\n    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);\n\n    for (i = 0; i < sourceSymbolKeys.length; i++) {\n      key = sourceSymbolKeys[i];\n      if (excluded.indexOf(key) >= 0) continue;\n      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;\n      target[key] = source[key];\n    }\n  }\n\n  return target;\n}\n\nconst VERSION = \"3.6.0\";\n\nconst _excluded = [\"authStrategy\"];\nclass Octokit {\n  constructor(options = {}) {\n    const hook = new beforeAfterHook.Collection();\n    const requestDefaults = {\n      baseUrl: request.request.endpoint.DEFAULTS.baseUrl,\n      headers: {},\n      request: Object.assign({}, options.request, {\n        // @ts-ignore internal usage only, no need to type\n        hook: hook.bind(null, \"request\")\n      }),\n      mediaType: {\n        previews: [],\n        format: \"\"\n      }\n    }; // prepend default user agent with `options.userAgent` if set\n\n    requestDefaults.headers[\"user-agent\"] = [options.userAgent, `octokit-core.js/${VERSION} ${universalUserAgent.getUserAgent()}`].filter(Boolean).join(\" \");\n\n    if (options.baseUrl) {\n      requestDefaults.baseUrl = options.baseUrl;\n    }\n\n    if (options.previews) {\n      requestDefaults.mediaType.previews = options.previews;\n    }\n\n    if (options.timeZone) {\n      requestDefaults.headers[\"time-zone\"] = options.timeZone;\n    }\n\n    this.request = request.request.defaults(requestDefaults);\n    this.graphql = graphql.withCustomRequest(this.request).defaults(requestDefaults);\n    this.log = Object.assign({\n      debug: () => {},\n      info: () => {},\n      warn: console.warn.bind(console),\n      error: console.error.bind(console)\n    }, options.log);\n    this.hook = hook; // (1) If neither `options.authStrategy` nor `options.auth` are set, the `octokit` instance\n    //     is unauthenticated. The `this.auth()` method is a no-op and no request hook is registered.\n    // (2) If only `options.auth` is set, use the default token authentication strategy.\n    // (3) If `options.authStrategy` is set then use it and pass in `options.auth`. Always pass own request as many strategies accept a custom request instance.\n    // TODO: type `options.auth` based on `options.authStrategy`.\n\n    if (!options.authStrategy) {\n      if (!options.auth) {\n        // (1)\n        this.auth = async () => ({\n          type: \"unauthenticated\"\n        });\n      } else {\n        // (2)\n        const auth = authToken.createTokenAuth(options.auth); // @ts-ignore  ¯\\_(ツ)_/¯\n\n        hook.wrap(\"request\", auth.hook);\n        this.auth = auth;\n      }\n    } else {\n      const {\n        authStrategy\n      } = options,\n            otherOptions = _objectWithoutProperties(options, _excluded);\n\n      const auth = authStrategy(Object.assign({\n        request: this.request,\n        log: this.log,\n        // we pass the current octokit instance as well as its constructor options\n        // to allow for authentication strategies that return a new octokit instance\n        // that shares the same internal state as the current one. The original\n        // requirement for this was the \"event-octokit\" authentication strategy\n        // of https://github.com/probot/octokit-auth-probot.\n        octokit: this,\n        octokitOptions: otherOptions\n      }, options.auth)); // @ts-ignore  ¯\\_(ツ)_/¯\n\n      hook.wrap(\"request\", auth.hook);\n      this.auth = auth;\n    } // apply plugins\n    // https://stackoverflow.com/a/16345172\n\n\n    const classConstructor = this.constructor;\n    classConstructor.plugins.forEach(plugin => {\n      Object.assign(this, plugin(this, options));\n    });\n  }\n\n  static defaults(defaults) {\n    const OctokitWithDefaults = class extends this {\n      constructor(...args) {\n        const options = args[0] || {};\n\n        if (typeof defaults === \"function\") {\n          super(defaults(options));\n          return;\n        }\n\n        super(Object.assign({}, defaults, options, options.userAgent && defaults.userAgent ? {\n          userAgent: `${options.userAgent} ${defaults.userAgent}`\n        } : null));\n      }\n\n    };\n    return OctokitWithDefaults;\n  }\n  /**\n   * Attach a plugin (or many) to your Octokit instance.\n   *\n   * @example\n   * const API = Octokit.plugin(plugin1, plugin2, plugin3, ...)\n   */\n\n\n  static plugin(...newPlugins) {\n    var _a;\n\n    const currentPlugins = this.plugins;\n    const NewOctokit = (_a = class extends this {}, _a.plugins = currentPlugins.concat(newPlugins.filter(plugin => !currentPlugins.includes(plugin))), _a);\n    return NewOctokit;\n  }\n\n}\nOctokit.VERSION = VERSION;\nOctokit.plugins = [];\n\nexports.Octokit = Octokit;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar isPlainObject = require('is-plain-object');\nvar universalUserAgent = require('universal-user-agent');\n\nfunction lowercaseKeys(object) {\n  if (!object) {\n    return {};\n  }\n\n  return Object.keys(object).reduce((newObj, key) => {\n    newObj[key.toLowerCase()] = object[key];\n    return newObj;\n  }, {});\n}\n\nfunction mergeDeep(defaults, options) {\n  const result = Object.assign({}, defaults);\n  Object.keys(options).forEach(key => {\n    if (isPlainObject.isPlainObject(options[key])) {\n      if (!(key in defaults)) Object.assign(result, {\n        [key]: options[key]\n      });else result[key] = mergeDeep(defaults[key], options[key]);\n    } else {\n      Object.assign(result, {\n        [key]: options[key]\n      });\n    }\n  });\n  return result;\n}\n\nfunction removeUndefinedProperties(obj) {\n  for (const key in obj) {\n    if (obj[key] === undefined) {\n      delete obj[key];\n    }\n  }\n\n  return obj;\n}\n\nfunction merge(defaults, route, options) {\n  if (typeof route === \"string\") {\n    let [method, url] = route.split(\" \");\n    options = Object.assign(url ? {\n      method,\n      url\n    } : {\n      url: method\n    }, options);\n  } else {\n    options = Object.assign({}, route);\n  } // lowercase header names before merging with defaults to avoid duplicates\n\n\n  options.headers = lowercaseKeys(options.headers); // remove properties with undefined values before merging\n\n  removeUndefinedProperties(options);\n  removeUndefinedProperties(options.headers);\n  const mergedOptions = mergeDeep(defaults || {}, options); // mediaType.previews arrays are merged, instead of overwritten\n\n  if (defaults && defaults.mediaType.previews.length) {\n    mergedOptions.mediaType.previews = defaults.mediaType.previews.filter(preview => !mergedOptions.mediaType.previews.includes(preview)).concat(mergedOptions.mediaType.previews);\n  }\n\n  mergedOptions.mediaType.previews = mergedOptions.mediaType.previews.map(preview => preview.replace(/-preview/, \"\"));\n  return mergedOptions;\n}\n\nfunction addQueryParameters(url, parameters) {\n  const separator = /\\?/.test(url) ? \"&\" : \"?\";\n  const names = Object.keys(parameters);\n\n  if (names.length === 0) {\n    return url;\n  }\n\n  return url + separator + names.map(name => {\n    if (name === \"q\") {\n      return \"q=\" + parameters.q.split(\"+\").map(encodeURIComponent).join(\"+\");\n    }\n\n    return `${name}=${encodeURIComponent(parameters[name])}`;\n  }).join(\"&\");\n}\n\nconst urlVariableRegex = /\\{[^}]+\\}/g;\n\nfunction removeNonChars(variableName) {\n  return variableName.replace(/^\\W+|\\W+$/g, \"\").split(/,/);\n}\n\nfunction extractUrlVariableNames(url) {\n  const matches = url.match(urlVariableRegex);\n\n  if (!matches) {\n    return [];\n  }\n\n  return matches.map(removeNonChars).reduce((a, b) => a.concat(b), []);\n}\n\nfunction omit(object, keysToOmit) {\n  return Object.keys(object).filter(option => !keysToOmit.includes(option)).reduce((obj, key) => {\n    obj[key] = object[key];\n    return obj;\n  }, {});\n}\n\n// Based on https://github.com/bramstein/url-template, licensed under BSD\n// TODO: create separate package.\n//\n// Copyright (c) 2012-2014, Bram Stein\n// All rights reserved.\n// Redistribution and use in source and binary forms, with or without\n// modification, are permitted provided that the following conditions\n// are met:\n//  1. Redistributions of source code must retain the above copyright\n//     notice, this list of conditions and the following disclaimer.\n//  2. Redistributions in binary form must reproduce the above copyright\n//     notice, this list of conditions and the following disclaimer in the\n//     documentation and/or other materials provided with the distribution.\n//  3. The name of the author may not be used to endorse or promote products\n//     derived from this software without specific prior written permission.\n// THIS SOFTWARE IS PROVIDED BY THE AUTHOR \"AS IS\" AND ANY EXPRESS OR IMPLIED\n// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\n// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO\n// EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,\n// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\n// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY\n// OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\n// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,\n// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n/* istanbul ignore file */\nfunction encodeReserved(str) {\n  return str.split(/(%[0-9A-Fa-f]{2})/g).map(function (part) {\n    if (!/%[0-9A-Fa-f]/.test(part)) {\n      part = encodeURI(part).replace(/%5B/g, \"[\").replace(/%5D/g, \"]\");\n    }\n\n    return part;\n  }).join(\"\");\n}\n\nfunction encodeUnreserved(str) {\n  return encodeURIComponent(str).replace(/[!'()*]/g, function (c) {\n    return \"%\" + c.charCodeAt(0).toString(16).toUpperCase();\n  });\n}\n\nfunction encodeValue(operator, value, key) {\n  value = operator === \"+\" || operator === \"#\" ? encodeReserved(value) : encodeUnreserved(value);\n\n  if (key) {\n    return encodeUnreserved(key) + \"=\" + value;\n  } else {\n    return value;\n  }\n}\n\nfunction isDefined(value) {\n  return value !== undefined && value !== null;\n}\n\nfunction isKeyOperator(operator) {\n  return operator === \";\" || operator === \"&\" || operator === \"?\";\n}\n\nfunction getValues(context, operator, key, modifier) {\n  var value = context[key],\n      result = [];\n\n  if (isDefined(value) && value !== \"\") {\n    if (typeof value === \"string\" || typeof value === \"number\" || typeof value === \"boolean\") {\n      value = value.toString();\n\n      if (modifier && modifier !== \"*\") {\n        value = value.substring(0, parseInt(modifier, 10));\n      }\n\n      result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : \"\"));\n    } else {\n      if (modifier === \"*\") {\n        if (Array.isArray(value)) {\n          value.filter(isDefined).forEach(function (value) {\n            result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : \"\"));\n          });\n        } else {\n          Object.keys(value).forEach(function (k) {\n            if (isDefined(value[k])) {\n              result.push(encodeValue(operator, value[k], k));\n            }\n          });\n        }\n      } else {\n        const tmp = [];\n\n        if (Array.isArray(value)) {\n          value.filter(isDefined).forEach(function (value) {\n            tmp.push(encodeValue(operator, value));\n          });\n        } else {\n          Object.keys(value).forEach(function (k) {\n            if (isDefined(value[k])) {\n              tmp.push(encodeUnreserved(k));\n              tmp.push(encodeValue(operator, value[k].toString()));\n            }\n          });\n        }\n\n        if (isKeyOperator(operator)) {\n          result.push(encodeUnreserved(key) + \"=\" + tmp.join(\",\"));\n        } else if (tmp.length !== 0) {\n          result.push(tmp.join(\",\"));\n        }\n      }\n    }\n  } else {\n    if (operator === \";\") {\n      if (isDefined(value)) {\n        result.push(encodeUnreserved(key));\n      }\n    } else if (value === \"\" && (operator === \"&\" || operator === \"?\")) {\n      result.push(encodeUnreserved(key) + \"=\");\n    } else if (value === \"\") {\n      result.push(\"\");\n    }\n  }\n\n  return result;\n}\n\nfunction parseUrl(template) {\n  return {\n    expand: expand.bind(null, template)\n  };\n}\n\nfunction expand(template, context) {\n  var operators = [\"+\", \"#\", \".\", \"/\", \";\", \"?\", \"&\"];\n  return template.replace(/\\{([^\\{\\}]+)\\}|([^\\{\\}]+)/g, function (_, expression, literal) {\n    if (expression) {\n      let operator = \"\";\n      const values = [];\n\n      if (operators.indexOf(expression.charAt(0)) !== -1) {\n        operator = expression.charAt(0);\n        expression = expression.substr(1);\n      }\n\n      expression.split(/,/g).forEach(function (variable) {\n        var tmp = /([^:\\*]*)(?::(\\d+)|(\\*))?/.exec(variable);\n        values.push(getValues(context, operator, tmp[1], tmp[2] || tmp[3]));\n      });\n\n      if (operator && operator !== \"+\") {\n        var separator = \",\";\n\n        if (operator === \"?\") {\n          separator = \"&\";\n        } else if (operator !== \"#\") {\n          separator = operator;\n        }\n\n        return (values.length !== 0 ? operator : \"\") + values.join(separator);\n      } else {\n        return values.join(\",\");\n      }\n    } else {\n      return encodeReserved(literal);\n    }\n  });\n}\n\nfunction parse(options) {\n  // https://fetch.spec.whatwg.org/#methods\n  let method = options.method.toUpperCase(); // replace :varname with {varname} to make it RFC 6570 compatible\n\n  let url = (options.url || \"/\").replace(/:([a-z]\\w+)/g, \"{$1}\");\n  let headers = Object.assign({}, options.headers);\n  let body;\n  let parameters = omit(options, [\"method\", \"baseUrl\", \"url\", \"headers\", \"request\", \"mediaType\"]); // extract variable names from URL to calculate remaining variables later\n\n  const urlVariableNames = extractUrlVariableNames(url);\n  url = parseUrl(url).expand(parameters);\n\n  if (!/^http/.test(url)) {\n    url = options.baseUrl + url;\n  }\n\n  const omittedParameters = Object.keys(options).filter(option => urlVariableNames.includes(option)).concat(\"baseUrl\");\n  const remainingParameters = omit(parameters, omittedParameters);\n  const isBinaryRequest = /application\\/octet-stream/i.test(headers.accept);\n\n  if (!isBinaryRequest) {\n    if (options.mediaType.format) {\n      // e.g. application/vnd.github.v3+json => application/vnd.github.v3.raw\n      headers.accept = headers.accept.split(/,/).map(preview => preview.replace(/application\\/vnd(\\.\\w+)(\\.v3)?(\\.\\w+)?(\\+json)?$/, `application/vnd$1$2.${options.mediaType.format}`)).join(\",\");\n    }\n\n    if (options.mediaType.previews.length) {\n      const previewsFromAcceptHeader = headers.accept.match(/[\\w-]+(?=-preview)/g) || [];\n      headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map(preview => {\n        const format = options.mediaType.format ? `.${options.mediaType.format}` : \"+json\";\n        return `application/vnd.github.${preview}-preview${format}`;\n      }).join(\",\");\n    }\n  } // for GET/HEAD requests, set URL query parameters from remaining parameters\n  // for PATCH/POST/PUT/DELETE requests, set request body from remaining parameters\n\n\n  if ([\"GET\", \"HEAD\"].includes(method)) {\n    url = addQueryParameters(url, remainingParameters);\n  } else {\n    if (\"data\" in remainingParameters) {\n      body = remainingParameters.data;\n    } else {\n      if (Object.keys(remainingParameters).length) {\n        body = remainingParameters;\n      } else {\n        headers[\"content-length\"] = 0;\n      }\n    }\n  } // default content-type for JSON if body is set\n\n\n  if (!headers[\"content-type\"] && typeof body !== \"undefined\") {\n    headers[\"content-type\"] = \"application/json; charset=utf-8\";\n  } // GitHub expects 'content-length: 0' header for PUT/PATCH requests without body.\n  // fetch does not allow to set `content-length` header, but we can set body to an empty string\n\n\n  if ([\"PATCH\", \"PUT\"].includes(method) && typeof body === \"undefined\") {\n    body = \"\";\n  } // Only return body/request keys if present\n\n\n  return Object.assign({\n    method,\n    url,\n    headers\n  }, typeof body !== \"undefined\" ? {\n    body\n  } : null, options.request ? {\n    request: options.request\n  } : null);\n}\n\nfunction endpointWithDefaults(defaults, route, options) {\n  return parse(merge(defaults, route, options));\n}\n\nfunction withDefaults(oldDefaults, newDefaults) {\n  const DEFAULTS = merge(oldDefaults, newDefaults);\n  const endpoint = endpointWithDefaults.bind(null, DEFAULTS);\n  return Object.assign(endpoint, {\n    DEFAULTS,\n    defaults: withDefaults.bind(null, DEFAULTS),\n    merge: merge.bind(null, DEFAULTS),\n    parse\n  });\n}\n\nconst VERSION = \"6.0.12\";\n\nconst userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`; // DEFAULTS has all properties set that EndpointOptions has, except url.\n// So we use RequestParameters and add method as additional required property.\n\nconst DEFAULTS = {\n  method: \"GET\",\n  baseUrl: \"https://api.github.com\",\n  headers: {\n    accept: \"application/vnd.github.v3+json\",\n    \"user-agent\": userAgent\n  },\n  mediaType: {\n    format: \"\",\n    previews: []\n  }\n};\n\nconst endpoint = withDefaults(null, DEFAULTS);\n\nexports.endpoint = endpoint;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nvar request = require('@octokit/request');\nvar universalUserAgent = require('universal-user-agent');\n\nconst VERSION = \"4.8.0\";\n\nfunction _buildMessageForResponseErrors(data) {\n  return `Request failed due to following response errors:\\n` + data.errors.map(e => ` - ${e.message}`).join(\"\\n\");\n}\n\nclass GraphqlResponseError extends Error {\n  constructor(request, headers, response) {\n    super(_buildMessageForResponseErrors(response));\n    this.request = request;\n    this.headers = headers;\n    this.response = response;\n    this.name = \"GraphqlResponseError\"; // Expose the errors and response data in their shorthand properties.\n\n    this.errors = response.errors;\n    this.data = response.data; // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n  }\n\n}\n\nconst NON_VARIABLE_OPTIONS = [\"method\", \"baseUrl\", \"url\", \"headers\", \"request\", \"query\", \"mediaType\"];\nconst FORBIDDEN_VARIABLE_OPTIONS = [\"query\", \"method\", \"url\"];\nconst GHES_V3_SUFFIX_REGEX = /\\/api\\/v3\\/?$/;\nfunction graphql(request, query, options) {\n  if (options) {\n    if (typeof query === \"string\" && \"query\" in options) {\n      return Promise.reject(new Error(`[@octokit/graphql] \"query\" cannot be used as variable name`));\n    }\n\n    for (const key in options) {\n      if (!FORBIDDEN_VARIABLE_OPTIONS.includes(key)) continue;\n      return Promise.reject(new Error(`[@octokit/graphql] \"${key}\" cannot be used as variable name`));\n    }\n  }\n\n  const parsedOptions = typeof query === \"string\" ? Object.assign({\n    query\n  }, options) : query;\n  const requestOptions = Object.keys(parsedOptions).reduce((result, key) => {\n    if (NON_VARIABLE_OPTIONS.includes(key)) {\n      result[key] = parsedOptions[key];\n      return result;\n    }\n\n    if (!result.variables) {\n      result.variables = {};\n    }\n\n    result.variables[key] = parsedOptions[key];\n    return result;\n  }, {}); // workaround for GitHub Enterprise baseUrl set with /api/v3 suffix\n  // https://github.com/octokit/auth-app.js/issues/111#issuecomment-657610451\n\n  const baseUrl = parsedOptions.baseUrl || request.endpoint.DEFAULTS.baseUrl;\n\n  if (GHES_V3_SUFFIX_REGEX.test(baseUrl)) {\n    requestOptions.url = baseUrl.replace(GHES_V3_SUFFIX_REGEX, \"/api/graphql\");\n  }\n\n  return request(requestOptions).then(response => {\n    if (response.data.errors) {\n      const headers = {};\n\n      for (const key of Object.keys(response.headers)) {\n        headers[key] = response.headers[key];\n      }\n\n      throw new GraphqlResponseError(requestOptions, headers, response.data);\n    }\n\n    return response.data.data;\n  });\n}\n\nfunction withDefaults(request$1, newDefaults) {\n  const newRequest = request$1.defaults(newDefaults);\n\n  const newApi = (query, options) => {\n    return graphql(newRequest, query, options);\n  };\n\n  return Object.assign(newApi, {\n    defaults: withDefaults.bind(null, newRequest),\n    endpoint: request.request.endpoint\n  });\n}\n\nconst graphql$1 = withDefaults(request.request, {\n  headers: {\n    \"user-agent\": `octokit-graphql.js/${VERSION} ${universalUserAgent.getUserAgent()}`\n  },\n  method: \"POST\",\n  url: \"/graphql\"\n});\nfunction withCustomRequest(customRequest) {\n  return withDefaults(customRequest, {\n    method: \"POST\",\n    url: \"/graphql\"\n  });\n}\n\nexports.GraphqlResponseError = GraphqlResponseError;\nexports.graphql = graphql$1;\nexports.withCustomRequest = withCustomRequest;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nconst VERSION = \"2.21.3\";\n\nfunction ownKeys(object, enumerableOnly) {\n  var keys = Object.keys(object);\n\n  if (Object.getOwnPropertySymbols) {\n    var symbols = Object.getOwnPropertySymbols(object);\n    enumerableOnly && (symbols = symbols.filter(function (sym) {\n      return Object.getOwnPropertyDescriptor(object, sym).enumerable;\n    })), keys.push.apply(keys, symbols);\n  }\n\n  return keys;\n}\n\nfunction _objectSpread2(target) {\n  for (var i = 1; i < arguments.length; i++) {\n    var source = null != arguments[i] ? arguments[i] : {};\n    i % 2 ? ownKeys(Object(source), !0).forEach(function (key) {\n      _defineProperty(target, key, source[key]);\n    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) {\n      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));\n    });\n  }\n\n  return target;\n}\n\nfunction _defineProperty(obj, key, value) {\n  if (key in obj) {\n    Object.defineProperty(obj, key, {\n      value: value,\n      enumerable: true,\n      configurable: true,\n      writable: true\n    });\n  } else {\n    obj[key] = value;\n  }\n\n  return obj;\n}\n\n/**\n * Some “list” response that can be paginated have a different response structure\n *\n * They have a `total_count` key in the response (search also has `incomplete_results`,\n * /installation/repositories also has `repository_selection`), as well as a key with\n * the list of the items which name varies from endpoint to endpoint.\n *\n * Octokit normalizes these responses so that paginated results are always returned following\n * the same structure. One challenge is that if the list response has only one page, no Link\n * header is provided, so this header alone is not sufficient to check wether a response is\n * paginated or not.\n *\n * We check if a \"total_count\" key is present in the response data, but also make sure that\n * a \"url\" property is not, as the \"Get the combined status for a specific ref\" endpoint would\n * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref\n */\nfunction normalizePaginatedListResponse(response) {\n  // endpoints can respond with 204 if repository is empty\n  if (!response.data) {\n    return _objectSpread2(_objectSpread2({}, response), {}, {\n      data: []\n    });\n  }\n\n  const responseNeedsNormalization = \"total_count\" in response.data && !(\"url\" in response.data);\n  if (!responseNeedsNormalization) return response; // keep the additional properties intact as there is currently no other way\n  // to retrieve the same information.\n\n  const incompleteResults = response.data.incomplete_results;\n  const repositorySelection = response.data.repository_selection;\n  const totalCount = response.data.total_count;\n  delete response.data.incomplete_results;\n  delete response.data.repository_selection;\n  delete response.data.total_count;\n  const namespaceKey = Object.keys(response.data)[0];\n  const data = response.data[namespaceKey];\n  response.data = data;\n\n  if (typeof incompleteResults !== \"undefined\") {\n    response.data.incomplete_results = incompleteResults;\n  }\n\n  if (typeof repositorySelection !== \"undefined\") {\n    response.data.repository_selection = repositorySelection;\n  }\n\n  response.data.total_count = totalCount;\n  return response;\n}\n\nfunction iterator(octokit, route, parameters) {\n  const options = typeof route === \"function\" ? route.endpoint(parameters) : octokit.request.endpoint(route, parameters);\n  const requestMethod = typeof route === \"function\" ? route : octokit.request;\n  const method = options.method;\n  const headers = options.headers;\n  let url = options.url;\n  return {\n    [Symbol.asyncIterator]: () => ({\n      async next() {\n        if (!url) return {\n          done: true\n        };\n\n        try {\n          const response = await requestMethod({\n            method,\n            url,\n            headers\n          });\n          const normalizedResponse = normalizePaginatedListResponse(response); // `response.headers.link` format:\n          // '<https://api.github.com/users/aseemk/followers?page=2>; rel=\"next\", <https://api.github.com/users/aseemk/followers?page=2>; rel=\"last\"'\n          // sets `url` to undefined if \"next\" URL is not present or `link` header is not set\n\n          url = ((normalizedResponse.headers.link || \"\").match(/<([^>]+)>;\\s*rel=\"next\"/) || [])[1];\n          return {\n            value: normalizedResponse\n          };\n        } catch (error) {\n          if (error.status !== 409) throw error;\n          url = \"\";\n          return {\n            value: {\n              status: 200,\n              headers: {},\n              data: []\n            }\n          };\n        }\n      }\n\n    })\n  };\n}\n\nfunction paginate(octokit, route, parameters, mapFn) {\n  if (typeof parameters === \"function\") {\n    mapFn = parameters;\n    parameters = undefined;\n  }\n\n  return gather(octokit, [], iterator(octokit, route, parameters)[Symbol.asyncIterator](), mapFn);\n}\n\nfunction gather(octokit, results, iterator, mapFn) {\n  return iterator.next().then(result => {\n    if (result.done) {\n      return results;\n    }\n\n    let earlyExit = false;\n\n    function done() {\n      earlyExit = true;\n    }\n\n    results = results.concat(mapFn ? mapFn(result.value, done) : result.value.data);\n\n    if (earlyExit) {\n      return results;\n    }\n\n    return gather(octokit, results, iterator, mapFn);\n  });\n}\n\nconst composePaginateRest = Object.assign(paginate, {\n  iterator\n});\n\nconst paginatingEndpoints = [\"GET /app/hook/deliveries\", \"GET /app/installations\", \"GET /applications/grants\", \"GET /authorizations\", \"GET /enterprises/{enterprise}/actions/permissions/organizations\", \"GET /enterprises/{enterprise}/actions/runner-groups\", \"GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations\", \"GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners\", \"GET /enterprises/{enterprise}/actions/runners\", \"GET /enterprises/{enterprise}/audit-log\", \"GET /enterprises/{enterprise}/secret-scanning/alerts\", \"GET /enterprises/{enterprise}/settings/billing/advanced-security\", \"GET /events\", \"GET /gists\", \"GET /gists/public\", \"GET /gists/starred\", \"GET /gists/{gist_id}/comments\", \"GET /gists/{gist_id}/commits\", \"GET /gists/{gist_id}/forks\", \"GET /installation/repositories\", \"GET /issues\", \"GET /licenses\", \"GET /marketplace_listing/plans\", \"GET /marketplace_listing/plans/{plan_id}/accounts\", \"GET /marketplace_listing/stubbed/plans\", \"GET /marketplace_listing/stubbed/plans/{plan_id}/accounts\", \"GET /networks/{owner}/{repo}/events\", \"GET /notifications\", \"GET /organizations\", \"GET /orgs/{org}/actions/cache/usage-by-repository\", \"GET /orgs/{org}/actions/permissions/repositories\", \"GET /orgs/{org}/actions/runner-groups\", \"GET /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories\", \"GET /orgs/{org}/actions/runner-groups/{runner_group_id}/runners\", \"GET /orgs/{org}/actions/runners\", \"GET /orgs/{org}/actions/secrets\", \"GET /orgs/{org}/actions/secrets/{secret_name}/repositories\", \"GET /orgs/{org}/audit-log\", \"GET /orgs/{org}/blocks\", \"GET /orgs/{org}/code-scanning/alerts\", \"GET /orgs/{org}/codespaces\", \"GET /orgs/{org}/credential-authorizations\", \"GET /orgs/{org}/dependabot/secrets\", \"GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories\", \"GET /orgs/{org}/events\", \"GET /orgs/{org}/external-groups\", \"GET /orgs/{org}/failed_invitations\", \"GET /orgs/{org}/hooks\", \"GET /orgs/{org}/hooks/{hook_id}/deliveries\", \"GET /orgs/{org}/installations\", \"GET /orgs/{org}/invitations\", \"GET /orgs/{org}/invitations/{invitation_id}/teams\", \"GET /orgs/{org}/issues\", \"GET /orgs/{org}/members\", \"GET /orgs/{org}/migrations\", \"GET /orgs/{org}/migrations/{migration_id}/repositories\", \"GET /orgs/{org}/outside_collaborators\", \"GET /orgs/{org}/packages\", \"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\", \"GET /orgs/{org}/projects\", \"GET /orgs/{org}/public_members\", \"GET /orgs/{org}/repos\", \"GET /orgs/{org}/secret-scanning/alerts\", \"GET /orgs/{org}/settings/billing/advanced-security\", \"GET /orgs/{org}/team-sync/groups\", \"GET /orgs/{org}/teams\", \"GET /orgs/{org}/teams/{team_slug}/discussions\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\", \"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\", \"GET /orgs/{org}/teams/{team_slug}/invitations\", \"GET /orgs/{org}/teams/{team_slug}/members\", \"GET /orgs/{org}/teams/{team_slug}/projects\", \"GET /orgs/{org}/teams/{team_slug}/repos\", \"GET /orgs/{org}/teams/{team_slug}/teams\", \"GET /projects/columns/{column_id}/cards\", \"GET /projects/{project_id}/collaborators\", \"GET /projects/{project_id}/columns\", \"GET /repos/{owner}/{repo}/actions/artifacts\", \"GET /repos/{owner}/{repo}/actions/caches\", \"GET /repos/{owner}/{repo}/actions/runners\", \"GET /repos/{owner}/{repo}/actions/runs\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs\", \"GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs\", \"GET /repos/{owner}/{repo}/actions/secrets\", \"GET /repos/{owner}/{repo}/actions/workflows\", \"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs\", \"GET /repos/{owner}/{repo}/assignees\", \"GET /repos/{owner}/{repo}/branches\", \"GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations\", \"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs\", \"GET /repos/{owner}/{repo}/code-scanning/alerts\", \"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\", \"GET /repos/{owner}/{repo}/code-scanning/analyses\", \"GET /repos/{owner}/{repo}/codespaces\", \"GET /repos/{owner}/{repo}/codespaces/devcontainers\", \"GET /repos/{owner}/{repo}/codespaces/secrets\", \"GET /repos/{owner}/{repo}/collaborators\", \"GET /repos/{owner}/{repo}/comments\", \"GET /repos/{owner}/{repo}/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/commits\", \"GET /repos/{owner}/{repo}/commits/{commit_sha}/comments\", \"GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls\", \"GET /repos/{owner}/{repo}/commits/{ref}/check-runs\", \"GET /repos/{owner}/{repo}/commits/{ref}/check-suites\", \"GET /repos/{owner}/{repo}/commits/{ref}/status\", \"GET /repos/{owner}/{repo}/commits/{ref}/statuses\", \"GET /repos/{owner}/{repo}/contributors\", \"GET /repos/{owner}/{repo}/dependabot/secrets\", \"GET /repos/{owner}/{repo}/deployments\", \"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\", \"GET /repos/{owner}/{repo}/environments\", \"GET /repos/{owner}/{repo}/events\", \"GET /repos/{owner}/{repo}/forks\", \"GET /repos/{owner}/{repo}/git/matching-refs/{ref}\", \"GET /repos/{owner}/{repo}/hooks\", \"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries\", \"GET /repos/{owner}/{repo}/invitations\", \"GET /repos/{owner}/{repo}/issues\", \"GET /repos/{owner}/{repo}/issues/comments\", \"GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/issues/events\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/comments\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/events\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/labels\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/reactions\", \"GET /repos/{owner}/{repo}/issues/{issue_number}/timeline\", \"GET /repos/{owner}/{repo}/keys\", \"GET /repos/{owner}/{repo}/labels\", \"GET /repos/{owner}/{repo}/milestones\", \"GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels\", \"GET /repos/{owner}/{repo}/notifications\", \"GET /repos/{owner}/{repo}/pages/builds\", \"GET /repos/{owner}/{repo}/projects\", \"GET /repos/{owner}/{repo}/pulls\", \"GET /repos/{owner}/{repo}/pulls/comments\", \"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/comments\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/commits\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews\", \"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments\", \"GET /repos/{owner}/{repo}/releases\", \"GET /repos/{owner}/{repo}/releases/{release_id}/assets\", \"GET /repos/{owner}/{repo}/releases/{release_id}/reactions\", \"GET /repos/{owner}/{repo}/secret-scanning/alerts\", \"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations\", \"GET /repos/{owner}/{repo}/stargazers\", \"GET /repos/{owner}/{repo}/subscribers\", \"GET /repos/{owner}/{repo}/tags\", \"GET /repos/{owner}/{repo}/teams\", \"GET /repos/{owner}/{repo}/topics\", \"GET /repositories\", \"GET /repositories/{repository_id}/environments/{environment_name}/secrets\", \"GET /search/code\", \"GET /search/commits\", \"GET /search/issues\", \"GET /search/labels\", \"GET /search/repositories\", \"GET /search/topics\", \"GET /search/users\", \"GET /teams/{team_id}/discussions\", \"GET /teams/{team_id}/discussions/{discussion_number}/comments\", \"GET /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions\", \"GET /teams/{team_id}/discussions/{discussion_number}/reactions\", \"GET /teams/{team_id}/invitations\", \"GET /teams/{team_id}/members\", \"GET /teams/{team_id}/projects\", \"GET /teams/{team_id}/repos\", \"GET /teams/{team_id}/teams\", \"GET /user/blocks\", \"GET /user/codespaces\", \"GET /user/codespaces/secrets\", \"GET /user/emails\", \"GET /user/followers\", \"GET /user/following\", \"GET /user/gpg_keys\", \"GET /user/installations\", \"GET /user/installations/{installation_id}/repositories\", \"GET /user/issues\", \"GET /user/keys\", \"GET /user/marketplace_purchases\", \"GET /user/marketplace_purchases/stubbed\", \"GET /user/memberships/orgs\", \"GET /user/migrations\", \"GET /user/migrations/{migration_id}/repositories\", \"GET /user/orgs\", \"GET /user/packages\", \"GET /user/packages/{package_type}/{package_name}/versions\", \"GET /user/public_emails\", \"GET /user/repos\", \"GET /user/repository_invitations\", \"GET /user/starred\", \"GET /user/subscriptions\", \"GET /user/teams\", \"GET /users\", \"GET /users/{username}/events\", \"GET /users/{username}/events/orgs/{org}\", \"GET /users/{username}/events/public\", \"GET /users/{username}/followers\", \"GET /users/{username}/following\", \"GET /users/{username}/gists\", \"GET /users/{username}/gpg_keys\", \"GET /users/{username}/keys\", \"GET /users/{username}/orgs\", \"GET /users/{username}/packages\", \"GET /users/{username}/projects\", \"GET /users/{username}/received_events\", \"GET /users/{username}/received_events/public\", \"GET /users/{username}/repos\", \"GET /users/{username}/starred\", \"GET /users/{username}/subscriptions\"];\n\nfunction isPaginatingEndpoint(arg) {\n  if (typeof arg === \"string\") {\n    return paginatingEndpoints.includes(arg);\n  } else {\n    return false;\n  }\n}\n\n/**\n * @param octokit Octokit instance\n * @param options Options passed to Octokit constructor\n */\n\nfunction paginateRest(octokit) {\n  return {\n    paginate: Object.assign(paginate.bind(null, octokit), {\n      iterator: iterator.bind(null, octokit)\n    })\n  };\n}\npaginateRest.VERSION = VERSION;\n\nexports.composePaginateRest = composePaginateRest;\nexports.isPaginatingEndpoint = isPaginatingEndpoint;\nexports.paginateRest = paginateRest;\nexports.paginatingEndpoints = paginatingEndpoints;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction ownKeys(object, enumerableOnly) {\n  var keys = Object.keys(object);\n\n  if (Object.getOwnPropertySymbols) {\n    var symbols = Object.getOwnPropertySymbols(object);\n\n    if (enumerableOnly) {\n      symbols = symbols.filter(function (sym) {\n        return Object.getOwnPropertyDescriptor(object, sym).enumerable;\n      });\n    }\n\n    keys.push.apply(keys, symbols);\n  }\n\n  return keys;\n}\n\nfunction _objectSpread2(target) {\n  for (var i = 1; i < arguments.length; i++) {\n    var source = arguments[i] != null ? arguments[i] : {};\n\n    if (i % 2) {\n      ownKeys(Object(source), true).forEach(function (key) {\n        _defineProperty(target, key, source[key]);\n      });\n    } else if (Object.getOwnPropertyDescriptors) {\n      Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));\n    } else {\n      ownKeys(Object(source)).forEach(function (key) {\n        Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));\n      });\n    }\n  }\n\n  return target;\n}\n\nfunction _defineProperty(obj, key, value) {\n  if (key in obj) {\n    Object.defineProperty(obj, key, {\n      value: value,\n      enumerable: true,\n      configurable: true,\n      writable: true\n    });\n  } else {\n    obj[key] = value;\n  }\n\n  return obj;\n}\n\nconst Endpoints = {\n  actions: {\n    addCustomLabelsToSelfHostedRunnerForOrg: [\"POST /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    addCustomLabelsToSelfHostedRunnerForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    addSelectedRepoToOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}\"],\n    approveWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve\"],\n    cancelWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel\"],\n    createOrUpdateEnvironmentSecret: [\"PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    createOrUpdateOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    createRegistrationTokenForOrg: [\"POST /orgs/{org}/actions/runners/registration-token\"],\n    createRegistrationTokenForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/registration-token\"],\n    createRemoveTokenForOrg: [\"POST /orgs/{org}/actions/runners/remove-token\"],\n    createRemoveTokenForRepo: [\"POST /repos/{owner}/{repo}/actions/runners/remove-token\"],\n    createWorkflowDispatch: [\"POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches\"],\n    deleteActionsCacheById: [\"DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}\"],\n    deleteActionsCacheByKey: [\"DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}\"],\n    deleteArtifact: [\"DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}\"],\n    deleteEnvironmentSecret: [\"DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    deleteOrgSecret: [\"DELETE /orgs/{org}/actions/secrets/{secret_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    deleteSelfHostedRunnerFromOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}\"],\n    deleteSelfHostedRunnerFromRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}\"],\n    deleteWorkflowRun: [\"DELETE /repos/{owner}/{repo}/actions/runs/{run_id}\"],\n    deleteWorkflowRunLogs: [\"DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs\"],\n    disableSelectedRepositoryGithubActionsOrganization: [\"DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}\"],\n    disableWorkflow: [\"PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable\"],\n    downloadArtifact: [\"GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}\"],\n    downloadJobLogsForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs\"],\n    downloadWorkflowRunAttemptLogs: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs\"],\n    downloadWorkflowRunLogs: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs\"],\n    enableSelectedRepositoryGithubActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/repositories/{repository_id}\"],\n    enableWorkflow: [\"PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable\"],\n    getActionsCacheList: [\"GET /repos/{owner}/{repo}/actions/caches\"],\n    getActionsCacheUsage: [\"GET /repos/{owner}/{repo}/actions/cache/usage\"],\n    getActionsCacheUsageByRepoForOrg: [\"GET /orgs/{org}/actions/cache/usage-by-repository\"],\n    getActionsCacheUsageForEnterprise: [\"GET /enterprises/{enterprise}/actions/cache/usage\"],\n    getActionsCacheUsageForOrg: [\"GET /orgs/{org}/actions/cache/usage\"],\n    getAllowedActionsOrganization: [\"GET /orgs/{org}/actions/permissions/selected-actions\"],\n    getAllowedActionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/selected-actions\"],\n    getArtifact: [\"GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}\"],\n    getEnvironmentPublicKey: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key\"],\n    getEnvironmentSecret: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}\"],\n    getGithubActionsDefaultWorkflowPermissionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/workflow\"],\n    getGithubActionsDefaultWorkflowPermissionsOrganization: [\"GET /orgs/{org}/actions/permissions/workflow\"],\n    getGithubActionsDefaultWorkflowPermissionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/workflow\"],\n    getGithubActionsPermissionsOrganization: [\"GET /orgs/{org}/actions/permissions\"],\n    getGithubActionsPermissionsRepository: [\"GET /repos/{owner}/{repo}/actions/permissions\"],\n    getJobForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/jobs/{job_id}\"],\n    getOrgPublicKey: [\"GET /orgs/{org}/actions/secrets/public-key\"],\n    getOrgSecret: [\"GET /orgs/{org}/actions/secrets/{secret_name}\"],\n    getPendingDeploymentsForRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments\"],\n    getRepoPermissions: [\"GET /repos/{owner}/{repo}/actions/permissions\", {}, {\n      renamed: [\"actions\", \"getGithubActionsPermissionsRepository\"]\n    }],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/actions/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/actions/secrets/{secret_name}\"],\n    getReviewsForRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals\"],\n    getSelfHostedRunnerForOrg: [\"GET /orgs/{org}/actions/runners/{runner_id}\"],\n    getSelfHostedRunnerForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/{runner_id}\"],\n    getWorkflow: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}\"],\n    getWorkflowAccessToRepository: [\"GET /repos/{owner}/{repo}/actions/permissions/access\"],\n    getWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}\"],\n    getWorkflowRunAttempt: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}\"],\n    getWorkflowRunUsage: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing\"],\n    getWorkflowUsage: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing\"],\n    listArtifactsForRepo: [\"GET /repos/{owner}/{repo}/actions/artifacts\"],\n    listEnvironmentSecrets: [\"GET /repositories/{repository_id}/environments/{environment_name}/secrets\"],\n    listJobsForWorkflowRun: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs\"],\n    listJobsForWorkflowRunAttempt: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs\"],\n    listLabelsForSelfHostedRunnerForOrg: [\"GET /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    listLabelsForSelfHostedRunnerForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    listOrgSecrets: [\"GET /orgs/{org}/actions/secrets\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/actions/secrets\"],\n    listRepoWorkflows: [\"GET /repos/{owner}/{repo}/actions/workflows\"],\n    listRunnerApplicationsForOrg: [\"GET /orgs/{org}/actions/runners/downloads\"],\n    listRunnerApplicationsForRepo: [\"GET /repos/{owner}/{repo}/actions/runners/downloads\"],\n    listSelectedReposForOrgSecret: [\"GET /orgs/{org}/actions/secrets/{secret_name}/repositories\"],\n    listSelectedRepositoriesEnabledGithubActionsOrganization: [\"GET /orgs/{org}/actions/permissions/repositories\"],\n    listSelfHostedRunnersForOrg: [\"GET /orgs/{org}/actions/runners\"],\n    listSelfHostedRunnersForRepo: [\"GET /repos/{owner}/{repo}/actions/runners\"],\n    listWorkflowRunArtifacts: [\"GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts\"],\n    listWorkflowRuns: [\"GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs\"],\n    listWorkflowRunsForRepo: [\"GET /repos/{owner}/{repo}/actions/runs\"],\n    reRunJobForWorkflowRun: [\"POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun\"],\n    reRunWorkflow: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun\"],\n    reRunWorkflowFailedJobs: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    removeCustomLabelFromSelfHostedRunnerForOrg: [\"DELETE /orgs/{org}/actions/runners/{runner_id}/labels/{name}\"],\n    removeCustomLabelFromSelfHostedRunnerForRepo: [\"DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}\"],\n    removeSelectedRepoFromOrgSecret: [\"DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}\"],\n    reviewPendingDeploymentsForRun: [\"POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments\"],\n    setAllowedActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/selected-actions\"],\n    setAllowedActionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/selected-actions\"],\n    setCustomLabelsForSelfHostedRunnerForOrg: [\"PUT /orgs/{org}/actions/runners/{runner_id}/labels\"],\n    setCustomLabelsForSelfHostedRunnerForRepo: [\"PUT /repos/{owner}/{repo}/actions/runners/{runner_id}/labels\"],\n    setGithubActionsDefaultWorkflowPermissionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/workflow\"],\n    setGithubActionsDefaultWorkflowPermissionsOrganization: [\"PUT /orgs/{org}/actions/permissions/workflow\"],\n    setGithubActionsDefaultWorkflowPermissionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/workflow\"],\n    setGithubActionsPermissionsOrganization: [\"PUT /orgs/{org}/actions/permissions\"],\n    setGithubActionsPermissionsRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions\"],\n    setSelectedReposForOrgSecret: [\"PUT /orgs/{org}/actions/secrets/{secret_name}/repositories\"],\n    setSelectedRepositoriesEnabledGithubActionsOrganization: [\"PUT /orgs/{org}/actions/permissions/repositories\"],\n    setWorkflowAccessToRepository: [\"PUT /repos/{owner}/{repo}/actions/permissions/access\"]\n  },\n  activity: {\n    checkRepoIsStarredByAuthenticatedUser: [\"GET /user/starred/{owner}/{repo}\"],\n    deleteRepoSubscription: [\"DELETE /repos/{owner}/{repo}/subscription\"],\n    deleteThreadSubscription: [\"DELETE /notifications/threads/{thread_id}/subscription\"],\n    getFeeds: [\"GET /feeds\"],\n    getRepoSubscription: [\"GET /repos/{owner}/{repo}/subscription\"],\n    getThread: [\"GET /notifications/threads/{thread_id}\"],\n    getThreadSubscriptionForAuthenticatedUser: [\"GET /notifications/threads/{thread_id}/subscription\"],\n    listEventsForAuthenticatedUser: [\"GET /users/{username}/events\"],\n    listNotificationsForAuthenticatedUser: [\"GET /notifications\"],\n    listOrgEventsForAuthenticatedUser: [\"GET /users/{username}/events/orgs/{org}\"],\n    listPublicEvents: [\"GET /events\"],\n    listPublicEventsForRepoNetwork: [\"GET /networks/{owner}/{repo}/events\"],\n    listPublicEventsForUser: [\"GET /users/{username}/events/public\"],\n    listPublicOrgEvents: [\"GET /orgs/{org}/events\"],\n    listReceivedEventsForUser: [\"GET /users/{username}/received_events\"],\n    listReceivedPublicEventsForUser: [\"GET /users/{username}/received_events/public\"],\n    listRepoEvents: [\"GET /repos/{owner}/{repo}/events\"],\n    listRepoNotificationsForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/notifications\"],\n    listReposStarredByAuthenticatedUser: [\"GET /user/starred\"],\n    listReposStarredByUser: [\"GET /users/{username}/starred\"],\n    listReposWatchedByUser: [\"GET /users/{username}/subscriptions\"],\n    listStargazersForRepo: [\"GET /repos/{owner}/{repo}/stargazers\"],\n    listWatchedReposForAuthenticatedUser: [\"GET /user/subscriptions\"],\n    listWatchersForRepo: [\"GET /repos/{owner}/{repo}/subscribers\"],\n    markNotificationsAsRead: [\"PUT /notifications\"],\n    markRepoNotificationsAsRead: [\"PUT /repos/{owner}/{repo}/notifications\"],\n    markThreadAsRead: [\"PATCH /notifications/threads/{thread_id}\"],\n    setRepoSubscription: [\"PUT /repos/{owner}/{repo}/subscription\"],\n    setThreadSubscription: [\"PUT /notifications/threads/{thread_id}/subscription\"],\n    starRepoForAuthenticatedUser: [\"PUT /user/starred/{owner}/{repo}\"],\n    unstarRepoForAuthenticatedUser: [\"DELETE /user/starred/{owner}/{repo}\"]\n  },\n  apps: {\n    addRepoToInstallation: [\"PUT /user/installations/{installation_id}/repositories/{repository_id}\", {}, {\n      renamed: [\"apps\", \"addRepoToInstallationForAuthenticatedUser\"]\n    }],\n    addRepoToInstallationForAuthenticatedUser: [\"PUT /user/installations/{installation_id}/repositories/{repository_id}\"],\n    checkToken: [\"POST /applications/{client_id}/token\"],\n    createFromManifest: [\"POST /app-manifests/{code}/conversions\"],\n    createInstallationAccessToken: [\"POST /app/installations/{installation_id}/access_tokens\"],\n    deleteAuthorization: [\"DELETE /applications/{client_id}/grant\"],\n    deleteInstallation: [\"DELETE /app/installations/{installation_id}\"],\n    deleteToken: [\"DELETE /applications/{client_id}/token\"],\n    getAuthenticated: [\"GET /app\"],\n    getBySlug: [\"GET /apps/{app_slug}\"],\n    getInstallation: [\"GET /app/installations/{installation_id}\"],\n    getOrgInstallation: [\"GET /orgs/{org}/installation\"],\n    getRepoInstallation: [\"GET /repos/{owner}/{repo}/installation\"],\n    getSubscriptionPlanForAccount: [\"GET /marketplace_listing/accounts/{account_id}\"],\n    getSubscriptionPlanForAccountStubbed: [\"GET /marketplace_listing/stubbed/accounts/{account_id}\"],\n    getUserInstallation: [\"GET /users/{username}/installation\"],\n    getWebhookConfigForApp: [\"GET /app/hook/config\"],\n    getWebhookDelivery: [\"GET /app/hook/deliveries/{delivery_id}\"],\n    listAccountsForPlan: [\"GET /marketplace_listing/plans/{plan_id}/accounts\"],\n    listAccountsForPlanStubbed: [\"GET /marketplace_listing/stubbed/plans/{plan_id}/accounts\"],\n    listInstallationReposForAuthenticatedUser: [\"GET /user/installations/{installation_id}/repositories\"],\n    listInstallations: [\"GET /app/installations\"],\n    listInstallationsForAuthenticatedUser: [\"GET /user/installations\"],\n    listPlans: [\"GET /marketplace_listing/plans\"],\n    listPlansStubbed: [\"GET /marketplace_listing/stubbed/plans\"],\n    listReposAccessibleToInstallation: [\"GET /installation/repositories\"],\n    listSubscriptionsForAuthenticatedUser: [\"GET /user/marketplace_purchases\"],\n    listSubscriptionsForAuthenticatedUserStubbed: [\"GET /user/marketplace_purchases/stubbed\"],\n    listWebhookDeliveries: [\"GET /app/hook/deliveries\"],\n    redeliverWebhookDelivery: [\"POST /app/hook/deliveries/{delivery_id}/attempts\"],\n    removeRepoFromInstallation: [\"DELETE /user/installations/{installation_id}/repositories/{repository_id}\", {}, {\n      renamed: [\"apps\", \"removeRepoFromInstallationForAuthenticatedUser\"]\n    }],\n    removeRepoFromInstallationForAuthenticatedUser: [\"DELETE /user/installations/{installation_id}/repositories/{repository_id}\"],\n    resetToken: [\"PATCH /applications/{client_id}/token\"],\n    revokeInstallationAccessToken: [\"DELETE /installation/token\"],\n    scopeToken: [\"POST /applications/{client_id}/token/scoped\"],\n    suspendInstallation: [\"PUT /app/installations/{installation_id}/suspended\"],\n    unsuspendInstallation: [\"DELETE /app/installations/{installation_id}/suspended\"],\n    updateWebhookConfigForApp: [\"PATCH /app/hook/config\"]\n  },\n  billing: {\n    getGithubActionsBillingOrg: [\"GET /orgs/{org}/settings/billing/actions\"],\n    getGithubActionsBillingUser: [\"GET /users/{username}/settings/billing/actions\"],\n    getGithubAdvancedSecurityBillingGhe: [\"GET /enterprises/{enterprise}/settings/billing/advanced-security\"],\n    getGithubAdvancedSecurityBillingOrg: [\"GET /orgs/{org}/settings/billing/advanced-security\"],\n    getGithubPackagesBillingOrg: [\"GET /orgs/{org}/settings/billing/packages\"],\n    getGithubPackagesBillingUser: [\"GET /users/{username}/settings/billing/packages\"],\n    getSharedStorageBillingOrg: [\"GET /orgs/{org}/settings/billing/shared-storage\"],\n    getSharedStorageBillingUser: [\"GET /users/{username}/settings/billing/shared-storage\"]\n  },\n  checks: {\n    create: [\"POST /repos/{owner}/{repo}/check-runs\"],\n    createSuite: [\"POST /repos/{owner}/{repo}/check-suites\"],\n    get: [\"GET /repos/{owner}/{repo}/check-runs/{check_run_id}\"],\n    getSuite: [\"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}\"],\n    listAnnotations: [\"GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations\"],\n    listForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/check-runs\"],\n    listForSuite: [\"GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs\"],\n    listSuitesForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/check-suites\"],\n    rerequestRun: [\"POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest\"],\n    rerequestSuite: [\"POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest\"],\n    setSuitesPreferences: [\"PATCH /repos/{owner}/{repo}/check-suites/preferences\"],\n    update: [\"PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}\"]\n  },\n  codeScanning: {\n    deleteAnalysis: [\"DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}\"],\n    getAlert: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}\", {}, {\n      renamedParameters: {\n        alert_id: \"alert_number\"\n      }\n    }],\n    getAnalysis: [\"GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}\"],\n    getSarif: [\"GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}\"],\n    listAlertInstances: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\"],\n    listAlertsForOrg: [\"GET /orgs/{org}/code-scanning/alerts\"],\n    listAlertsForRepo: [\"GET /repos/{owner}/{repo}/code-scanning/alerts\"],\n    listAlertsInstances: [\"GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances\", {}, {\n      renamed: [\"codeScanning\", \"listAlertInstances\"]\n    }],\n    listRecentAnalyses: [\"GET /repos/{owner}/{repo}/code-scanning/analyses\"],\n    updateAlert: [\"PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}\"],\n    uploadSarif: [\"POST /repos/{owner}/{repo}/code-scanning/sarifs\"]\n  },\n  codesOfConduct: {\n    getAllCodesOfConduct: [\"GET /codes_of_conduct\"],\n    getConductCode: [\"GET /codes_of_conduct/{key}\"]\n  },\n  codespaces: {\n    addRepositoryForSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}\"],\n    codespaceMachinesForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}/machines\"],\n    createForAuthenticatedUser: [\"POST /user/codespaces\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    createOrUpdateSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}\"],\n    createWithPrForAuthenticatedUser: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces\"],\n    createWithRepoForAuthenticatedUser: [\"POST /repos/{owner}/{repo}/codespaces\"],\n    deleteForAuthenticatedUser: [\"DELETE /user/codespaces/{codespace_name}\"],\n    deleteFromOrganization: [\"DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    deleteSecretForAuthenticatedUser: [\"DELETE /user/codespaces/secrets/{secret_name}\"],\n    exportForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/exports\"],\n    getExportDetailsForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}/exports/{export_id}\"],\n    getForAuthenticatedUser: [\"GET /user/codespaces/{codespace_name}\"],\n    getPublicKeyForAuthenticatedUser: [\"GET /user/codespaces/secrets/public-key\"],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/codespaces/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}\"],\n    getSecretForAuthenticatedUser: [\"GET /user/codespaces/secrets/{secret_name}\"],\n    listDevcontainersInRepositoryForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces/devcontainers\"],\n    listForAuthenticatedUser: [\"GET /user/codespaces\"],\n    listInOrganization: [\"GET /orgs/{org}/codespaces\", {}, {\n      renamedParameters: {\n        org_id: \"org\"\n      }\n    }],\n    listInRepositoryForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/codespaces/secrets\"],\n    listRepositoriesForSecretForAuthenticatedUser: [\"GET /user/codespaces/secrets/{secret_name}/repositories\"],\n    listSecretsForAuthenticatedUser: [\"GET /user/codespaces/secrets\"],\n    removeRepositoryForSecretForAuthenticatedUser: [\"DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}\"],\n    repoMachinesForAuthenticatedUser: [\"GET /repos/{owner}/{repo}/codespaces/machines\"],\n    setRepositoriesForSecretForAuthenticatedUser: [\"PUT /user/codespaces/secrets/{secret_name}/repositories\"],\n    startForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/start\"],\n    stopForAuthenticatedUser: [\"POST /user/codespaces/{codespace_name}/stop\"],\n    stopInOrganization: [\"POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop\"],\n    updateForAuthenticatedUser: [\"PATCH /user/codespaces/{codespace_name}\"]\n  },\n  dependabot: {\n    addSelectedRepoToOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}\"],\n    createOrUpdateOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    createOrUpdateRepoSecret: [\"PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    deleteOrgSecret: [\"DELETE /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    deleteRepoSecret: [\"DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    getOrgPublicKey: [\"GET /orgs/{org}/dependabot/secrets/public-key\"],\n    getOrgSecret: [\"GET /orgs/{org}/dependabot/secrets/{secret_name}\"],\n    getRepoPublicKey: [\"GET /repos/{owner}/{repo}/dependabot/secrets/public-key\"],\n    getRepoSecret: [\"GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}\"],\n    listOrgSecrets: [\"GET /orgs/{org}/dependabot/secrets\"],\n    listRepoSecrets: [\"GET /repos/{owner}/{repo}/dependabot/secrets\"],\n    listSelectedReposForOrgSecret: [\"GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories\"],\n    removeSelectedRepoFromOrgSecret: [\"DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}\"],\n    setSelectedReposForOrgSecret: [\"PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories\"]\n  },\n  dependencyGraph: {\n    createRepositorySnapshot: [\"POST /repos/{owner}/{repo}/dependency-graph/snapshots\"],\n    diffRange: [\"GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}\"]\n  },\n  emojis: {\n    get: [\"GET /emojis\"]\n  },\n  enterpriseAdmin: {\n    addCustomLabelsToSelfHostedRunnerForEnterprise: [\"POST /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    disableSelectedOrganizationGithubActionsEnterprise: [\"DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}\"],\n    enableSelectedOrganizationGithubActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}\"],\n    getAllowedActionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/selected-actions\"],\n    getGithubActionsPermissionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions\"],\n    getServerStatistics: [\"GET /enterprise-installation/{enterprise_or_org}/server-statistics\"],\n    listLabelsForSelfHostedRunnerForEnterprise: [\"GET /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    listSelectedOrganizationsEnabledGithubActionsEnterprise: [\"GET /enterprises/{enterprise}/actions/permissions/organizations\"],\n    removeAllCustomLabelsFromSelfHostedRunnerForEnterprise: [\"DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    removeCustomLabelFromSelfHostedRunnerForEnterprise: [\"DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels/{name}\"],\n    setAllowedActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/selected-actions\"],\n    setCustomLabelsForSelfHostedRunnerForEnterprise: [\"PUT /enterprises/{enterprise}/actions/runners/{runner_id}/labels\"],\n    setGithubActionsPermissionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions\"],\n    setSelectedOrganizationsEnabledGithubActionsEnterprise: [\"PUT /enterprises/{enterprise}/actions/permissions/organizations\"]\n  },\n  gists: {\n    checkIsStarred: [\"GET /gists/{gist_id}/star\"],\n    create: [\"POST /gists\"],\n    createComment: [\"POST /gists/{gist_id}/comments\"],\n    delete: [\"DELETE /gists/{gist_id}\"],\n    deleteComment: [\"DELETE /gists/{gist_id}/comments/{comment_id}\"],\n    fork: [\"POST /gists/{gist_id}/forks\"],\n    get: [\"GET /gists/{gist_id}\"],\n    getComment: [\"GET /gists/{gist_id}/comments/{comment_id}\"],\n    getRevision: [\"GET /gists/{gist_id}/{sha}\"],\n    list: [\"GET /gists\"],\n    listComments: [\"GET /gists/{gist_id}/comments\"],\n    listCommits: [\"GET /gists/{gist_id}/commits\"],\n    listForUser: [\"GET /users/{username}/gists\"],\n    listForks: [\"GET /gists/{gist_id}/forks\"],\n    listPublic: [\"GET /gists/public\"],\n    listStarred: [\"GET /gists/starred\"],\n    star: [\"PUT /gists/{gist_id}/star\"],\n    unstar: [\"DELETE /gists/{gist_id}/star\"],\n    update: [\"PATCH /gists/{gist_id}\"],\n    updateComment: [\"PATCH /gists/{gist_id}/comments/{comment_id}\"]\n  },\n  git: {\n    createBlob: [\"POST /repos/{owner}/{repo}/git/blobs\"],\n    createCommit: [\"POST /repos/{owner}/{repo}/git/commits\"],\n    createRef: [\"POST /repos/{owner}/{repo}/git/refs\"],\n    createTag: [\"POST /repos/{owner}/{repo}/git/tags\"],\n    createTree: [\"POST /repos/{owner}/{repo}/git/trees\"],\n    deleteRef: [\"DELETE /repos/{owner}/{repo}/git/refs/{ref}\"],\n    getBlob: [\"GET /repos/{owner}/{repo}/git/blobs/{file_sha}\"],\n    getCommit: [\"GET /repos/{owner}/{repo}/git/commits/{commit_sha}\"],\n    getRef: [\"GET /repos/{owner}/{repo}/git/ref/{ref}\"],\n    getTag: [\"GET /repos/{owner}/{repo}/git/tags/{tag_sha}\"],\n    getTree: [\"GET /repos/{owner}/{repo}/git/trees/{tree_sha}\"],\n    listMatchingRefs: [\"GET /repos/{owner}/{repo}/git/matching-refs/{ref}\"],\n    updateRef: [\"PATCH /repos/{owner}/{repo}/git/refs/{ref}\"]\n  },\n  gitignore: {\n    getAllTemplates: [\"GET /gitignore/templates\"],\n    getTemplate: [\"GET /gitignore/templates/{name}\"]\n  },\n  interactions: {\n    getRestrictionsForAuthenticatedUser: [\"GET /user/interaction-limits\"],\n    getRestrictionsForOrg: [\"GET /orgs/{org}/interaction-limits\"],\n    getRestrictionsForRepo: [\"GET /repos/{owner}/{repo}/interaction-limits\"],\n    getRestrictionsForYourPublicRepos: [\"GET /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"getRestrictionsForAuthenticatedUser\"]\n    }],\n    removeRestrictionsForAuthenticatedUser: [\"DELETE /user/interaction-limits\"],\n    removeRestrictionsForOrg: [\"DELETE /orgs/{org}/interaction-limits\"],\n    removeRestrictionsForRepo: [\"DELETE /repos/{owner}/{repo}/interaction-limits\"],\n    removeRestrictionsForYourPublicRepos: [\"DELETE /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"removeRestrictionsForAuthenticatedUser\"]\n    }],\n    setRestrictionsForAuthenticatedUser: [\"PUT /user/interaction-limits\"],\n    setRestrictionsForOrg: [\"PUT /orgs/{org}/interaction-limits\"],\n    setRestrictionsForRepo: [\"PUT /repos/{owner}/{repo}/interaction-limits\"],\n    setRestrictionsForYourPublicRepos: [\"PUT /user/interaction-limits\", {}, {\n      renamed: [\"interactions\", \"setRestrictionsForAuthenticatedUser\"]\n    }]\n  },\n  issues: {\n    addAssignees: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/assignees\"],\n    addLabels: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    checkUserCanBeAssigned: [\"GET /repos/{owner}/{repo}/assignees/{assignee}\"],\n    create: [\"POST /repos/{owner}/{repo}/issues\"],\n    createComment: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/comments\"],\n    createLabel: [\"POST /repos/{owner}/{repo}/labels\"],\n    createMilestone: [\"POST /repos/{owner}/{repo}/milestones\"],\n    deleteComment: [\"DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    deleteLabel: [\"DELETE /repos/{owner}/{repo}/labels/{name}\"],\n    deleteMilestone: [\"DELETE /repos/{owner}/{repo}/milestones/{milestone_number}\"],\n    get: [\"GET /repos/{owner}/{repo}/issues/{issue_number}\"],\n    getComment: [\"GET /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    getEvent: [\"GET /repos/{owner}/{repo}/issues/events/{event_id}\"],\n    getLabel: [\"GET /repos/{owner}/{repo}/labels/{name}\"],\n    getMilestone: [\"GET /repos/{owner}/{repo}/milestones/{milestone_number}\"],\n    list: [\"GET /issues\"],\n    listAssignees: [\"GET /repos/{owner}/{repo}/assignees\"],\n    listComments: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/comments\"],\n    listCommentsForRepo: [\"GET /repos/{owner}/{repo}/issues/comments\"],\n    listEvents: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/events\"],\n    listEventsForRepo: [\"GET /repos/{owner}/{repo}/issues/events\"],\n    listEventsForTimeline: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/timeline\"],\n    listForAuthenticatedUser: [\"GET /user/issues\"],\n    listForOrg: [\"GET /orgs/{org}/issues\"],\n    listForRepo: [\"GET /repos/{owner}/{repo}/issues\"],\n    listLabelsForMilestone: [\"GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels\"],\n    listLabelsForRepo: [\"GET /repos/{owner}/{repo}/labels\"],\n    listLabelsOnIssue: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    listMilestones: [\"GET /repos/{owner}/{repo}/milestones\"],\n    lock: [\"PUT /repos/{owner}/{repo}/issues/{issue_number}/lock\"],\n    removeAllLabels: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    removeAssignees: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees\"],\n    removeLabel: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}\"],\n    setLabels: [\"PUT /repos/{owner}/{repo}/issues/{issue_number}/labels\"],\n    unlock: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock\"],\n    update: [\"PATCH /repos/{owner}/{repo}/issues/{issue_number}\"],\n    updateComment: [\"PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}\"],\n    updateLabel: [\"PATCH /repos/{owner}/{repo}/labels/{name}\"],\n    updateMilestone: [\"PATCH /repos/{owner}/{repo}/milestones/{milestone_number}\"]\n  },\n  licenses: {\n    get: [\"GET /licenses/{license}\"],\n    getAllCommonlyUsed: [\"GET /licenses\"],\n    getForRepo: [\"GET /repos/{owner}/{repo}/license\"]\n  },\n  markdown: {\n    render: [\"POST /markdown\"],\n    renderRaw: [\"POST /markdown/raw\", {\n      headers: {\n        \"content-type\": \"text/plain; charset=utf-8\"\n      }\n    }]\n  },\n  meta: {\n    get: [\"GET /meta\"],\n    getOctocat: [\"GET /octocat\"],\n    getZen: [\"GET /zen\"],\n    root: [\"GET /\"]\n  },\n  migrations: {\n    cancelImport: [\"DELETE /repos/{owner}/{repo}/import\"],\n    deleteArchiveForAuthenticatedUser: [\"DELETE /user/migrations/{migration_id}/archive\"],\n    deleteArchiveForOrg: [\"DELETE /orgs/{org}/migrations/{migration_id}/archive\"],\n    downloadArchiveForOrg: [\"GET /orgs/{org}/migrations/{migration_id}/archive\"],\n    getArchiveForAuthenticatedUser: [\"GET /user/migrations/{migration_id}/archive\"],\n    getCommitAuthors: [\"GET /repos/{owner}/{repo}/import/authors\"],\n    getImportStatus: [\"GET /repos/{owner}/{repo}/import\"],\n    getLargeFiles: [\"GET /repos/{owner}/{repo}/import/large_files\"],\n    getStatusForAuthenticatedUser: [\"GET /user/migrations/{migration_id}\"],\n    getStatusForOrg: [\"GET /orgs/{org}/migrations/{migration_id}\"],\n    listForAuthenticatedUser: [\"GET /user/migrations\"],\n    listForOrg: [\"GET /orgs/{org}/migrations\"],\n    listReposForAuthenticatedUser: [\"GET /user/migrations/{migration_id}/repositories\"],\n    listReposForOrg: [\"GET /orgs/{org}/migrations/{migration_id}/repositories\"],\n    listReposForUser: [\"GET /user/migrations/{migration_id}/repositories\", {}, {\n      renamed: [\"migrations\", \"listReposForAuthenticatedUser\"]\n    }],\n    mapCommitAuthor: [\"PATCH /repos/{owner}/{repo}/import/authors/{author_id}\"],\n    setLfsPreference: [\"PATCH /repos/{owner}/{repo}/import/lfs\"],\n    startForAuthenticatedUser: [\"POST /user/migrations\"],\n    startForOrg: [\"POST /orgs/{org}/migrations\"],\n    startImport: [\"PUT /repos/{owner}/{repo}/import\"],\n    unlockRepoForAuthenticatedUser: [\"DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock\"],\n    unlockRepoForOrg: [\"DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock\"],\n    updateImport: [\"PATCH /repos/{owner}/{repo}/import\"]\n  },\n  orgs: {\n    blockUser: [\"PUT /orgs/{org}/blocks/{username}\"],\n    cancelInvitation: [\"DELETE /orgs/{org}/invitations/{invitation_id}\"],\n    checkBlockedUser: [\"GET /orgs/{org}/blocks/{username}\"],\n    checkMembershipForUser: [\"GET /orgs/{org}/members/{username}\"],\n    checkPublicMembershipForUser: [\"GET /orgs/{org}/public_members/{username}\"],\n    convertMemberToOutsideCollaborator: [\"PUT /orgs/{org}/outside_collaborators/{username}\"],\n    createInvitation: [\"POST /orgs/{org}/invitations\"],\n    createWebhook: [\"POST /orgs/{org}/hooks\"],\n    deleteWebhook: [\"DELETE /orgs/{org}/hooks/{hook_id}\"],\n    get: [\"GET /orgs/{org}\"],\n    getMembershipForAuthenticatedUser: [\"GET /user/memberships/orgs/{org}\"],\n    getMembershipForUser: [\"GET /orgs/{org}/memberships/{username}\"],\n    getWebhook: [\"GET /orgs/{org}/hooks/{hook_id}\"],\n    getWebhookConfigForOrg: [\"GET /orgs/{org}/hooks/{hook_id}/config\"],\n    getWebhookDelivery: [\"GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}\"],\n    list: [\"GET /organizations\"],\n    listAppInstallations: [\"GET /orgs/{org}/installations\"],\n    listBlockedUsers: [\"GET /orgs/{org}/blocks\"],\n    listCustomRoles: [\"GET /organizations/{organization_id}/custom_roles\"],\n    listFailedInvitations: [\"GET /orgs/{org}/failed_invitations\"],\n    listForAuthenticatedUser: [\"GET /user/orgs\"],\n    listForUser: [\"GET /users/{username}/orgs\"],\n    listInvitationTeams: [\"GET /orgs/{org}/invitations/{invitation_id}/teams\"],\n    listMembers: [\"GET /orgs/{org}/members\"],\n    listMembershipsForAuthenticatedUser: [\"GET /user/memberships/orgs\"],\n    listOutsideCollaborators: [\"GET /orgs/{org}/outside_collaborators\"],\n    listPendingInvitations: [\"GET /orgs/{org}/invitations\"],\n    listPublicMembers: [\"GET /orgs/{org}/public_members\"],\n    listWebhookDeliveries: [\"GET /orgs/{org}/hooks/{hook_id}/deliveries\"],\n    listWebhooks: [\"GET /orgs/{org}/hooks\"],\n    pingWebhook: [\"POST /orgs/{org}/hooks/{hook_id}/pings\"],\n    redeliverWebhookDelivery: [\"POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts\"],\n    removeMember: [\"DELETE /orgs/{org}/members/{username}\"],\n    removeMembershipForUser: [\"DELETE /orgs/{org}/memberships/{username}\"],\n    removeOutsideCollaborator: [\"DELETE /orgs/{org}/outside_collaborators/{username}\"],\n    removePublicMembershipForAuthenticatedUser: [\"DELETE /orgs/{org}/public_members/{username}\"],\n    setMembershipForUser: [\"PUT /orgs/{org}/memberships/{username}\"],\n    setPublicMembershipForAuthenticatedUser: [\"PUT /orgs/{org}/public_members/{username}\"],\n    unblockUser: [\"DELETE /orgs/{org}/blocks/{username}\"],\n    update: [\"PATCH /orgs/{org}\"],\n    updateMembershipForAuthenticatedUser: [\"PATCH /user/memberships/orgs/{org}\"],\n    updateWebhook: [\"PATCH /orgs/{org}/hooks/{hook_id}\"],\n    updateWebhookConfigForOrg: [\"PATCH /orgs/{org}/hooks/{hook_id}/config\"]\n  },\n  packages: {\n    deletePackageForAuthenticatedUser: [\"DELETE /user/packages/{package_type}/{package_name}\"],\n    deletePackageForOrg: [\"DELETE /orgs/{org}/packages/{package_type}/{package_name}\"],\n    deletePackageForUser: [\"DELETE /users/{username}/packages/{package_type}/{package_name}\"],\n    deletePackageVersionForAuthenticatedUser: [\"DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    deletePackageVersionForOrg: [\"DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    deletePackageVersionForUser: [\"DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getAllPackageVersionsForAPackageOwnedByAnOrg: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\", {}, {\n      renamed: [\"packages\", \"getAllPackageVersionsForPackageOwnedByOrg\"]\n    }],\n    getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions\", {}, {\n      renamed: [\"packages\", \"getAllPackageVersionsForPackageOwnedByAuthenticatedUser\"]\n    }],\n    getAllPackageVersionsForPackageOwnedByAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions\"],\n    getAllPackageVersionsForPackageOwnedByOrg: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions\"],\n    getAllPackageVersionsForPackageOwnedByUser: [\"GET /users/{username}/packages/{package_type}/{package_name}/versions\"],\n    getPackageForAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}\"],\n    getPackageForOrganization: [\"GET /orgs/{org}/packages/{package_type}/{package_name}\"],\n    getPackageForUser: [\"GET /users/{username}/packages/{package_type}/{package_name}\"],\n    getPackageVersionForAuthenticatedUser: [\"GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getPackageVersionForOrganization: [\"GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    getPackageVersionForUser: [\"GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}\"],\n    listPackagesForAuthenticatedUser: [\"GET /user/packages\"],\n    listPackagesForOrganization: [\"GET /orgs/{org}/packages\"],\n    listPackagesForUser: [\"GET /users/{username}/packages\"],\n    restorePackageForAuthenticatedUser: [\"POST /user/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageForOrg: [\"POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageForUser: [\"POST /users/{username}/packages/{package_type}/{package_name}/restore{?token}\"],\n    restorePackageVersionForAuthenticatedUser: [\"POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"],\n    restorePackageVersionForOrg: [\"POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"],\n    restorePackageVersionForUser: [\"POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore\"]\n  },\n  projects: {\n    addCollaborator: [\"PUT /projects/{project_id}/collaborators/{username}\"],\n    createCard: [\"POST /projects/columns/{column_id}/cards\"],\n    createColumn: [\"POST /projects/{project_id}/columns\"],\n    createForAuthenticatedUser: [\"POST /user/projects\"],\n    createForOrg: [\"POST /orgs/{org}/projects\"],\n    createForRepo: [\"POST /repos/{owner}/{repo}/projects\"],\n    delete: [\"DELETE /projects/{project_id}\"],\n    deleteCard: [\"DELETE /projects/columns/cards/{card_id}\"],\n    deleteColumn: [\"DELETE /projects/columns/{column_id}\"],\n    get: [\"GET /projects/{project_id}\"],\n    getCard: [\"GET /projects/columns/cards/{card_id}\"],\n    getColumn: [\"GET /projects/columns/{column_id}\"],\n    getPermissionForUser: [\"GET /projects/{project_id}/collaborators/{username}/permission\"],\n    listCards: [\"GET /projects/columns/{column_id}/cards\"],\n    listCollaborators: [\"GET /projects/{project_id}/collaborators\"],\n    listColumns: [\"GET /projects/{project_id}/columns\"],\n    listForOrg: [\"GET /orgs/{org}/projects\"],\n    listForRepo: [\"GET /repos/{owner}/{repo}/projects\"],\n    listForUser: [\"GET /users/{username}/projects\"],\n    moveCard: [\"POST /projects/columns/cards/{card_id}/moves\"],\n    moveColumn: [\"POST /projects/columns/{column_id}/moves\"],\n    removeCollaborator: [\"DELETE /projects/{project_id}/collaborators/{username}\"],\n    update: [\"PATCH /projects/{project_id}\"],\n    updateCard: [\"PATCH /projects/columns/cards/{card_id}\"],\n    updateColumn: [\"PATCH /projects/columns/{column_id}\"]\n  },\n  pulls: {\n    checkIfMerged: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/merge\"],\n    create: [\"POST /repos/{owner}/{repo}/pulls\"],\n    createReplyForReviewComment: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies\"],\n    createReview: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews\"],\n    createReviewComment: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/comments\"],\n    deletePendingReview: [\"DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    deleteReviewComment: [\"DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}\"],\n    dismissReview: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals\"],\n    get: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}\"],\n    getReview: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    getReviewComment: [\"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}\"],\n    list: [\"GET /repos/{owner}/{repo}/pulls\"],\n    listCommentsForReview: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments\"],\n    listCommits: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/commits\"],\n    listFiles: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/files\"],\n    listRequestedReviewers: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    listReviewComments: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/comments\"],\n    listReviewCommentsForRepo: [\"GET /repos/{owner}/{repo}/pulls/comments\"],\n    listReviews: [\"GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews\"],\n    merge: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge\"],\n    removeRequestedReviewers: [\"DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    requestReviewers: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers\"],\n    submitReview: [\"POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events\"],\n    update: [\"PATCH /repos/{owner}/{repo}/pulls/{pull_number}\"],\n    updateBranch: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch\"],\n    updateReview: [\"PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}\"],\n    updateReviewComment: [\"PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}\"]\n  },\n  rateLimit: {\n    get: [\"GET /rate_limit\"]\n  },\n  reactions: {\n    createForCommitComment: [\"POST /repos/{owner}/{repo}/comments/{comment_id}/reactions\"],\n    createForIssue: [\"POST /repos/{owner}/{repo}/issues/{issue_number}/reactions\"],\n    createForIssueComment: [\"POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\"],\n    createForPullRequestReviewComment: [\"POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\"],\n    createForRelease: [\"POST /repos/{owner}/{repo}/releases/{release_id}/reactions\"],\n    createForTeamDiscussionCommentInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\"],\n    createForTeamDiscussionInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\"],\n    deleteForCommitComment: [\"DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForIssue: [\"DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}\"],\n    deleteForIssueComment: [\"DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForPullRequestComment: [\"DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}\"],\n    deleteForRelease: [\"DELETE /repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}\"],\n    deleteForTeamDiscussion: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}\"],\n    deleteForTeamDiscussionComment: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}\"],\n    listForCommitComment: [\"GET /repos/{owner}/{repo}/comments/{comment_id}/reactions\"],\n    listForIssue: [\"GET /repos/{owner}/{repo}/issues/{issue_number}/reactions\"],\n    listForIssueComment: [\"GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions\"],\n    listForPullRequestReviewComment: [\"GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions\"],\n    listForRelease: [\"GET /repos/{owner}/{repo}/releases/{release_id}/reactions\"],\n    listForTeamDiscussionCommentInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions\"],\n    listForTeamDiscussionInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions\"]\n  },\n  repos: {\n    acceptInvitation: [\"PATCH /user/repository_invitations/{invitation_id}\", {}, {\n      renamed: [\"repos\", \"acceptInvitationForAuthenticatedUser\"]\n    }],\n    acceptInvitationForAuthenticatedUser: [\"PATCH /user/repository_invitations/{invitation_id}\"],\n    addAppAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    addCollaborator: [\"PUT /repos/{owner}/{repo}/collaborators/{username}\"],\n    addStatusCheckContexts: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    addTeamAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    addUserAccessRestrictions: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    checkCollaborator: [\"GET /repos/{owner}/{repo}/collaborators/{username}\"],\n    checkVulnerabilityAlerts: [\"GET /repos/{owner}/{repo}/vulnerability-alerts\"],\n    codeownersErrors: [\"GET /repos/{owner}/{repo}/codeowners/errors\"],\n    compareCommits: [\"GET /repos/{owner}/{repo}/compare/{base}...{head}\"],\n    compareCommitsWithBasehead: [\"GET /repos/{owner}/{repo}/compare/{basehead}\"],\n    createAutolink: [\"POST /repos/{owner}/{repo}/autolinks\"],\n    createCommitComment: [\"POST /repos/{owner}/{repo}/commits/{commit_sha}/comments\"],\n    createCommitSignatureProtection: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    createCommitStatus: [\"POST /repos/{owner}/{repo}/statuses/{sha}\"],\n    createDeployKey: [\"POST /repos/{owner}/{repo}/keys\"],\n    createDeployment: [\"POST /repos/{owner}/{repo}/deployments\"],\n    createDeploymentStatus: [\"POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\"],\n    createDispatchEvent: [\"POST /repos/{owner}/{repo}/dispatches\"],\n    createForAuthenticatedUser: [\"POST /user/repos\"],\n    createFork: [\"POST /repos/{owner}/{repo}/forks\"],\n    createInOrg: [\"POST /orgs/{org}/repos\"],\n    createOrUpdateEnvironment: [\"PUT /repos/{owner}/{repo}/environments/{environment_name}\"],\n    createOrUpdateFileContents: [\"PUT /repos/{owner}/{repo}/contents/{path}\"],\n    createPagesSite: [\"POST /repos/{owner}/{repo}/pages\"],\n    createRelease: [\"POST /repos/{owner}/{repo}/releases\"],\n    createTagProtection: [\"POST /repos/{owner}/{repo}/tags/protection\"],\n    createUsingTemplate: [\"POST /repos/{template_owner}/{template_repo}/generate\"],\n    createWebhook: [\"POST /repos/{owner}/{repo}/hooks\"],\n    declineInvitation: [\"DELETE /user/repository_invitations/{invitation_id}\", {}, {\n      renamed: [\"repos\", \"declineInvitationForAuthenticatedUser\"]\n    }],\n    declineInvitationForAuthenticatedUser: [\"DELETE /user/repository_invitations/{invitation_id}\"],\n    delete: [\"DELETE /repos/{owner}/{repo}\"],\n    deleteAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions\"],\n    deleteAdminBranchProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    deleteAnEnvironment: [\"DELETE /repos/{owner}/{repo}/environments/{environment_name}\"],\n    deleteAutolink: [\"DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}\"],\n    deleteBranchProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    deleteCommitComment: [\"DELETE /repos/{owner}/{repo}/comments/{comment_id}\"],\n    deleteCommitSignatureProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    deleteDeployKey: [\"DELETE /repos/{owner}/{repo}/keys/{key_id}\"],\n    deleteDeployment: [\"DELETE /repos/{owner}/{repo}/deployments/{deployment_id}\"],\n    deleteFile: [\"DELETE /repos/{owner}/{repo}/contents/{path}\"],\n    deleteInvitation: [\"DELETE /repos/{owner}/{repo}/invitations/{invitation_id}\"],\n    deletePagesSite: [\"DELETE /repos/{owner}/{repo}/pages\"],\n    deletePullRequestReviewProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    deleteRelease: [\"DELETE /repos/{owner}/{repo}/releases/{release_id}\"],\n    deleteReleaseAsset: [\"DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    deleteTagProtection: [\"DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}\"],\n    deleteWebhook: [\"DELETE /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    disableAutomatedSecurityFixes: [\"DELETE /repos/{owner}/{repo}/automated-security-fixes\"],\n    disableLfsForRepo: [\"DELETE /repos/{owner}/{repo}/lfs\"],\n    disableVulnerabilityAlerts: [\"DELETE /repos/{owner}/{repo}/vulnerability-alerts\"],\n    downloadArchive: [\"GET /repos/{owner}/{repo}/zipball/{ref}\", {}, {\n      renamed: [\"repos\", \"downloadZipballArchive\"]\n    }],\n    downloadTarballArchive: [\"GET /repos/{owner}/{repo}/tarball/{ref}\"],\n    downloadZipballArchive: [\"GET /repos/{owner}/{repo}/zipball/{ref}\"],\n    enableAutomatedSecurityFixes: [\"PUT /repos/{owner}/{repo}/automated-security-fixes\"],\n    enableLfsForRepo: [\"PUT /repos/{owner}/{repo}/lfs\"],\n    enableVulnerabilityAlerts: [\"PUT /repos/{owner}/{repo}/vulnerability-alerts\"],\n    generateReleaseNotes: [\"POST /repos/{owner}/{repo}/releases/generate-notes\"],\n    get: [\"GET /repos/{owner}/{repo}\"],\n    getAccessRestrictions: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions\"],\n    getAdminBranchProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    getAllEnvironments: [\"GET /repos/{owner}/{repo}/environments\"],\n    getAllStatusCheckContexts: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\"],\n    getAllTopics: [\"GET /repos/{owner}/{repo}/topics\"],\n    getAppsWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\"],\n    getAutolink: [\"GET /repos/{owner}/{repo}/autolinks/{autolink_id}\"],\n    getBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}\"],\n    getBranchProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    getClones: [\"GET /repos/{owner}/{repo}/traffic/clones\"],\n    getCodeFrequencyStats: [\"GET /repos/{owner}/{repo}/stats/code_frequency\"],\n    getCollaboratorPermissionLevel: [\"GET /repos/{owner}/{repo}/collaborators/{username}/permission\"],\n    getCombinedStatusForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/status\"],\n    getCommit: [\"GET /repos/{owner}/{repo}/commits/{ref}\"],\n    getCommitActivityStats: [\"GET /repos/{owner}/{repo}/stats/commit_activity\"],\n    getCommitComment: [\"GET /repos/{owner}/{repo}/comments/{comment_id}\"],\n    getCommitSignatureProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures\"],\n    getCommunityProfileMetrics: [\"GET /repos/{owner}/{repo}/community/profile\"],\n    getContent: [\"GET /repos/{owner}/{repo}/contents/{path}\"],\n    getContributorsStats: [\"GET /repos/{owner}/{repo}/stats/contributors\"],\n    getDeployKey: [\"GET /repos/{owner}/{repo}/keys/{key_id}\"],\n    getDeployment: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}\"],\n    getDeploymentStatus: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}\"],\n    getEnvironment: [\"GET /repos/{owner}/{repo}/environments/{environment_name}\"],\n    getLatestPagesBuild: [\"GET /repos/{owner}/{repo}/pages/builds/latest\"],\n    getLatestRelease: [\"GET /repos/{owner}/{repo}/releases/latest\"],\n    getPages: [\"GET /repos/{owner}/{repo}/pages\"],\n    getPagesBuild: [\"GET /repos/{owner}/{repo}/pages/builds/{build_id}\"],\n    getPagesHealthCheck: [\"GET /repos/{owner}/{repo}/pages/health\"],\n    getParticipationStats: [\"GET /repos/{owner}/{repo}/stats/participation\"],\n    getPullRequestReviewProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    getPunchCardStats: [\"GET /repos/{owner}/{repo}/stats/punch_card\"],\n    getReadme: [\"GET /repos/{owner}/{repo}/readme\"],\n    getReadmeInDirectory: [\"GET /repos/{owner}/{repo}/readme/{dir}\"],\n    getRelease: [\"GET /repos/{owner}/{repo}/releases/{release_id}\"],\n    getReleaseAsset: [\"GET /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    getReleaseByTag: [\"GET /repos/{owner}/{repo}/releases/tags/{tag}\"],\n    getStatusChecksProtection: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    getTeamsWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\"],\n    getTopPaths: [\"GET /repos/{owner}/{repo}/traffic/popular/paths\"],\n    getTopReferrers: [\"GET /repos/{owner}/{repo}/traffic/popular/referrers\"],\n    getUsersWithAccessToProtectedBranch: [\"GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\"],\n    getViews: [\"GET /repos/{owner}/{repo}/traffic/views\"],\n    getWebhook: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    getWebhookConfigForRepo: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/config\"],\n    getWebhookDelivery: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}\"],\n    listAutolinks: [\"GET /repos/{owner}/{repo}/autolinks\"],\n    listBranches: [\"GET /repos/{owner}/{repo}/branches\"],\n    listBranchesForHeadCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head\"],\n    listCollaborators: [\"GET /repos/{owner}/{repo}/collaborators\"],\n    listCommentsForCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/comments\"],\n    listCommitCommentsForRepo: [\"GET /repos/{owner}/{repo}/comments\"],\n    listCommitStatusesForRef: [\"GET /repos/{owner}/{repo}/commits/{ref}/statuses\"],\n    listCommits: [\"GET /repos/{owner}/{repo}/commits\"],\n    listContributors: [\"GET /repos/{owner}/{repo}/contributors\"],\n    listDeployKeys: [\"GET /repos/{owner}/{repo}/keys\"],\n    listDeploymentStatuses: [\"GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses\"],\n    listDeployments: [\"GET /repos/{owner}/{repo}/deployments\"],\n    listForAuthenticatedUser: [\"GET /user/repos\"],\n    listForOrg: [\"GET /orgs/{org}/repos\"],\n    listForUser: [\"GET /users/{username}/repos\"],\n    listForks: [\"GET /repos/{owner}/{repo}/forks\"],\n    listInvitations: [\"GET /repos/{owner}/{repo}/invitations\"],\n    listInvitationsForAuthenticatedUser: [\"GET /user/repository_invitations\"],\n    listLanguages: [\"GET /repos/{owner}/{repo}/languages\"],\n    listPagesBuilds: [\"GET /repos/{owner}/{repo}/pages/builds\"],\n    listPublic: [\"GET /repositories\"],\n    listPullRequestsAssociatedWithCommit: [\"GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls\"],\n    listReleaseAssets: [\"GET /repos/{owner}/{repo}/releases/{release_id}/assets\"],\n    listReleases: [\"GET /repos/{owner}/{repo}/releases\"],\n    listTagProtection: [\"GET /repos/{owner}/{repo}/tags/protection\"],\n    listTags: [\"GET /repos/{owner}/{repo}/tags\"],\n    listTeams: [\"GET /repos/{owner}/{repo}/teams\"],\n    listWebhookDeliveries: [\"GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries\"],\n    listWebhooks: [\"GET /repos/{owner}/{repo}/hooks\"],\n    merge: [\"POST /repos/{owner}/{repo}/merges\"],\n    mergeUpstream: [\"POST /repos/{owner}/{repo}/merge-upstream\"],\n    pingWebhook: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/pings\"],\n    redeliverWebhookDelivery: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts\"],\n    removeAppAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    removeCollaborator: [\"DELETE /repos/{owner}/{repo}/collaborators/{username}\"],\n    removeStatusCheckContexts: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    removeStatusCheckProtection: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    removeTeamAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    removeUserAccessRestrictions: [\"DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    renameBranch: [\"POST /repos/{owner}/{repo}/branches/{branch}/rename\"],\n    replaceAllTopics: [\"PUT /repos/{owner}/{repo}/topics\"],\n    requestPagesBuild: [\"POST /repos/{owner}/{repo}/pages/builds\"],\n    setAdminBranchProtection: [\"POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins\"],\n    setAppAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps\", {}, {\n      mapToData: \"apps\"\n    }],\n    setStatusCheckContexts: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts\", {}, {\n      mapToData: \"contexts\"\n    }],\n    setTeamAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams\", {}, {\n      mapToData: \"teams\"\n    }],\n    setUserAccessRestrictions: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users\", {}, {\n      mapToData: \"users\"\n    }],\n    testPushWebhook: [\"POST /repos/{owner}/{repo}/hooks/{hook_id}/tests\"],\n    transfer: [\"POST /repos/{owner}/{repo}/transfer\"],\n    update: [\"PATCH /repos/{owner}/{repo}\"],\n    updateBranchProtection: [\"PUT /repos/{owner}/{repo}/branches/{branch}/protection\"],\n    updateCommitComment: [\"PATCH /repos/{owner}/{repo}/comments/{comment_id}\"],\n    updateInformationAboutPagesSite: [\"PUT /repos/{owner}/{repo}/pages\"],\n    updateInvitation: [\"PATCH /repos/{owner}/{repo}/invitations/{invitation_id}\"],\n    updatePullRequestReviewProtection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews\"],\n    updateRelease: [\"PATCH /repos/{owner}/{repo}/releases/{release_id}\"],\n    updateReleaseAsset: [\"PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}\"],\n    updateStatusCheckPotection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\", {}, {\n      renamed: [\"repos\", \"updateStatusCheckProtection\"]\n    }],\n    updateStatusCheckProtection: [\"PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks\"],\n    updateWebhook: [\"PATCH /repos/{owner}/{repo}/hooks/{hook_id}\"],\n    updateWebhookConfigForRepo: [\"PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config\"],\n    uploadReleaseAsset: [\"POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}\", {\n      baseUrl: \"https://uploads.github.com\"\n    }]\n  },\n  search: {\n    code: [\"GET /search/code\"],\n    commits: [\"GET /search/commits\"],\n    issuesAndPullRequests: [\"GET /search/issues\"],\n    labels: [\"GET /search/labels\"],\n    repos: [\"GET /search/repositories\"],\n    topics: [\"GET /search/topics\"],\n    users: [\"GET /search/users\"]\n  },\n  secretScanning: {\n    getAlert: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}\"],\n    listAlertsForEnterprise: [\"GET /enterprises/{enterprise}/secret-scanning/alerts\"],\n    listAlertsForOrg: [\"GET /orgs/{org}/secret-scanning/alerts\"],\n    listAlertsForRepo: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts\"],\n    listLocationsForAlert: [\"GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations\"],\n    updateAlert: [\"PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}\"]\n  },\n  teams: {\n    addOrUpdateMembershipForUserInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    addOrUpdateProjectPermissionsInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    addOrUpdateRepoPermissionsInOrg: [\"PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    checkPermissionsForProjectInOrg: [\"GET /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    checkPermissionsForRepoInOrg: [\"GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    create: [\"POST /orgs/{org}/teams\"],\n    createDiscussionCommentInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\"],\n    createDiscussionInOrg: [\"POST /orgs/{org}/teams/{team_slug}/discussions\"],\n    deleteDiscussionCommentInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    deleteDiscussionInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    deleteInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}\"],\n    getByName: [\"GET /orgs/{org}/teams/{team_slug}\"],\n    getDiscussionCommentInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    getDiscussionInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    getMembershipForUserInOrg: [\"GET /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    list: [\"GET /orgs/{org}/teams\"],\n    listChildInOrg: [\"GET /orgs/{org}/teams/{team_slug}/teams\"],\n    listDiscussionCommentsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments\"],\n    listDiscussionsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/discussions\"],\n    listForAuthenticatedUser: [\"GET /user/teams\"],\n    listMembersInOrg: [\"GET /orgs/{org}/teams/{team_slug}/members\"],\n    listPendingInvitationsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/invitations\"],\n    listProjectsInOrg: [\"GET /orgs/{org}/teams/{team_slug}/projects\"],\n    listReposInOrg: [\"GET /orgs/{org}/teams/{team_slug}/repos\"],\n    removeMembershipForUserInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}\"],\n    removeProjectInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}\"],\n    removeRepoInOrg: [\"DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}\"],\n    updateDiscussionCommentInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}\"],\n    updateDiscussionInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}\"],\n    updateInOrg: [\"PATCH /orgs/{org}/teams/{team_slug}\"]\n  },\n  users: {\n    addEmailForAuthenticated: [\"POST /user/emails\", {}, {\n      renamed: [\"users\", \"addEmailForAuthenticatedUser\"]\n    }],\n    addEmailForAuthenticatedUser: [\"POST /user/emails\"],\n    block: [\"PUT /user/blocks/{username}\"],\n    checkBlocked: [\"GET /user/blocks/{username}\"],\n    checkFollowingForUser: [\"GET /users/{username}/following/{target_user}\"],\n    checkPersonIsFollowedByAuthenticated: [\"GET /user/following/{username}\"],\n    createGpgKeyForAuthenticated: [\"POST /user/gpg_keys\", {}, {\n      renamed: [\"users\", \"createGpgKeyForAuthenticatedUser\"]\n    }],\n    createGpgKeyForAuthenticatedUser: [\"POST /user/gpg_keys\"],\n    createPublicSshKeyForAuthenticated: [\"POST /user/keys\", {}, {\n      renamed: [\"users\", \"createPublicSshKeyForAuthenticatedUser\"]\n    }],\n    createPublicSshKeyForAuthenticatedUser: [\"POST /user/keys\"],\n    deleteEmailForAuthenticated: [\"DELETE /user/emails\", {}, {\n      renamed: [\"users\", \"deleteEmailForAuthenticatedUser\"]\n    }],\n    deleteEmailForAuthenticatedUser: [\"DELETE /user/emails\"],\n    deleteGpgKeyForAuthenticated: [\"DELETE /user/gpg_keys/{gpg_key_id}\", {}, {\n      renamed: [\"users\", \"deleteGpgKeyForAuthenticatedUser\"]\n    }],\n    deleteGpgKeyForAuthenticatedUser: [\"DELETE /user/gpg_keys/{gpg_key_id}\"],\n    deletePublicSshKeyForAuthenticated: [\"DELETE /user/keys/{key_id}\", {}, {\n      renamed: [\"users\", \"deletePublicSshKeyForAuthenticatedUser\"]\n    }],\n    deletePublicSshKeyForAuthenticatedUser: [\"DELETE /user/keys/{key_id}\"],\n    follow: [\"PUT /user/following/{username}\"],\n    getAuthenticated: [\"GET /user\"],\n    getByUsername: [\"GET /users/{username}\"],\n    getContextForUser: [\"GET /users/{username}/hovercard\"],\n    getGpgKeyForAuthenticated: [\"GET /user/gpg_keys/{gpg_key_id}\", {}, {\n      renamed: [\"users\", \"getGpgKeyForAuthenticatedUser\"]\n    }],\n    getGpgKeyForAuthenticatedUser: [\"GET /user/gpg_keys/{gpg_key_id}\"],\n    getPublicSshKeyForAuthenticated: [\"GET /user/keys/{key_id}\", {}, {\n      renamed: [\"users\", \"getPublicSshKeyForAuthenticatedUser\"]\n    }],\n    getPublicSshKeyForAuthenticatedUser: [\"GET /user/keys/{key_id}\"],\n    list: [\"GET /users\"],\n    listBlockedByAuthenticated: [\"GET /user/blocks\", {}, {\n      renamed: [\"users\", \"listBlockedByAuthenticatedUser\"]\n    }],\n    listBlockedByAuthenticatedUser: [\"GET /user/blocks\"],\n    listEmailsForAuthenticated: [\"GET /user/emails\", {}, {\n      renamed: [\"users\", \"listEmailsForAuthenticatedUser\"]\n    }],\n    listEmailsForAuthenticatedUser: [\"GET /user/emails\"],\n    listFollowedByAuthenticated: [\"GET /user/following\", {}, {\n      renamed: [\"users\", \"listFollowedByAuthenticatedUser\"]\n    }],\n    listFollowedByAuthenticatedUser: [\"GET /user/following\"],\n    listFollowersForAuthenticatedUser: [\"GET /user/followers\"],\n    listFollowersForUser: [\"GET /users/{username}/followers\"],\n    listFollowingForUser: [\"GET /users/{username}/following\"],\n    listGpgKeysForAuthenticated: [\"GET /user/gpg_keys\", {}, {\n      renamed: [\"users\", \"listGpgKeysForAuthenticatedUser\"]\n    }],\n    listGpgKeysForAuthenticatedUser: [\"GET /user/gpg_keys\"],\n    listGpgKeysForUser: [\"GET /users/{username}/gpg_keys\"],\n    listPublicEmailsForAuthenticated: [\"GET /user/public_emails\", {}, {\n      renamed: [\"users\", \"listPublicEmailsForAuthenticatedUser\"]\n    }],\n    listPublicEmailsForAuthenticatedUser: [\"GET /user/public_emails\"],\n    listPublicKeysForUser: [\"GET /users/{username}/keys\"],\n    listPublicSshKeysForAuthenticated: [\"GET /user/keys\", {}, {\n      renamed: [\"users\", \"listPublicSshKeysForAuthenticatedUser\"]\n    }],\n    listPublicSshKeysForAuthenticatedUser: [\"GET /user/keys\"],\n    setPrimaryEmailVisibilityForAuthenticated: [\"PATCH /user/email/visibility\", {}, {\n      renamed: [\"users\", \"setPrimaryEmailVisibilityForAuthenticatedUser\"]\n    }],\n    setPrimaryEmailVisibilityForAuthenticatedUser: [\"PATCH /user/email/visibility\"],\n    unblock: [\"DELETE /user/blocks/{username}\"],\n    unfollow: [\"DELETE /user/following/{username}\"],\n    updateAuthenticated: [\"PATCH /user\"]\n  }\n};\n\nconst VERSION = \"5.16.2\";\n\nfunction endpointsToMethods(octokit, endpointsMap) {\n  const newMethods = {};\n\n  for (const [scope, endpoints] of Object.entries(endpointsMap)) {\n    for (const [methodName, endpoint] of Object.entries(endpoints)) {\n      const [route, defaults, decorations] = endpoint;\n      const [method, url] = route.split(/ /);\n      const endpointDefaults = Object.assign({\n        method,\n        url\n      }, defaults);\n\n      if (!newMethods[scope]) {\n        newMethods[scope] = {};\n      }\n\n      const scopeMethods = newMethods[scope];\n\n      if (decorations) {\n        scopeMethods[methodName] = decorate(octokit, scope, methodName, endpointDefaults, decorations);\n        continue;\n      }\n\n      scopeMethods[methodName] = octokit.request.defaults(endpointDefaults);\n    }\n  }\n\n  return newMethods;\n}\n\nfunction decorate(octokit, scope, methodName, defaults, decorations) {\n  const requestWithDefaults = octokit.request.defaults(defaults);\n  /* istanbul ignore next */\n\n  function withDecorations(...args) {\n    // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n    let options = requestWithDefaults.endpoint.merge(...args); // There are currently no other decorations than `.mapToData`\n\n    if (decorations.mapToData) {\n      options = Object.assign({}, options, {\n        data: options[decorations.mapToData],\n        [decorations.mapToData]: undefined\n      });\n      return requestWithDefaults(options);\n    }\n\n    if (decorations.renamed) {\n      const [newScope, newMethodName] = decorations.renamed;\n      octokit.log.warn(`octokit.${scope}.${methodName}() has been renamed to octokit.${newScope}.${newMethodName}()`);\n    }\n\n    if (decorations.deprecated) {\n      octokit.log.warn(decorations.deprecated);\n    }\n\n    if (decorations.renamedParameters) {\n      // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n      const options = requestWithDefaults.endpoint.merge(...args);\n\n      for (const [name, alias] of Object.entries(decorations.renamedParameters)) {\n        if (name in options) {\n          octokit.log.warn(`\"${name}\" parameter is deprecated for \"octokit.${scope}.${methodName}()\". Use \"${alias}\" instead`);\n\n          if (!(alias in options)) {\n            options[alias] = options[name];\n          }\n\n          delete options[name];\n        }\n      }\n\n      return requestWithDefaults(options);\n    } // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488\n\n\n    return requestWithDefaults(...args);\n  }\n\n  return Object.assign(withDecorations, requestWithDefaults);\n}\n\nfunction restEndpointMethods(octokit) {\n  const api = endpointsToMethods(octokit, Endpoints);\n  return {\n    rest: api\n  };\n}\nrestEndpointMethods.VERSION = VERSION;\nfunction legacyRestEndpointMethods(octokit) {\n  const api = endpointsToMethods(octokit, Endpoints);\n  return _objectSpread2(_objectSpread2({}, api), {}, {\n    rest: api\n  });\n}\nlegacyRestEndpointMethods.VERSION = VERSION;\n\nexports.legacyRestEndpointMethods = legacyRestEndpointMethods;\nexports.restEndpointMethods = restEndpointMethods;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar deprecation = require('deprecation');\nvar once = _interopDefault(require('once'));\n\nconst logOnceCode = once(deprecation => console.warn(deprecation));\nconst logOnceHeaders = once(deprecation => console.warn(deprecation));\n/**\n * Error with extra properties to help with debugging\n */\n\nclass RequestError extends Error {\n  constructor(message, statusCode, options) {\n    super(message); // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n\n    this.name = \"HttpError\";\n    this.status = statusCode;\n    let headers;\n\n    if (\"headers\" in options && typeof options.headers !== \"undefined\") {\n      headers = options.headers;\n    }\n\n    if (\"response\" in options) {\n      this.response = options.response;\n      headers = options.response.headers;\n    } // redact request credentials without mutating original request options\n\n\n    const requestCopy = Object.assign({}, options.request);\n\n    if (options.request.headers.authorization) {\n      requestCopy.headers = Object.assign({}, options.request.headers, {\n        authorization: options.request.headers.authorization.replace(/ .*$/, \" [REDACTED]\")\n      });\n    }\n\n    requestCopy.url = requestCopy.url // client_id & client_secret can be passed as URL query parameters to increase rate limit\n    // see https://developer.github.com/v3/#increasing-the-unauthenticated-rate-limit-for-oauth-applications\n    .replace(/\\bclient_secret=\\w+/g, \"client_secret=[REDACTED]\") // OAuth tokens can be passed as URL query parameters, although it is not recommended\n    // see https://developer.github.com/v3/#oauth2-token-sent-in-a-header\n    .replace(/\\baccess_token=\\w+/g, \"access_token=[REDACTED]\");\n    this.request = requestCopy; // deprecations\n\n    Object.defineProperty(this, \"code\", {\n      get() {\n        logOnceCode(new deprecation.Deprecation(\"[@octokit/request-error] `error.code` is deprecated, use `error.status`.\"));\n        return statusCode;\n      }\n\n    });\n    Object.defineProperty(this, \"headers\", {\n      get() {\n        logOnceHeaders(new deprecation.Deprecation(\"[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`.\"));\n        return headers || {};\n      }\n\n    });\n  }\n\n}\n\nexports.RequestError = RequestError;\n//# sourceMappingURL=index.js.map\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar endpoint = require('@octokit/endpoint');\nvar universalUserAgent = require('universal-user-agent');\nvar isPlainObject = require('is-plain-object');\nvar nodeFetch = _interopDefault(require('node-fetch'));\nvar requestError = require('@octokit/request-error');\n\nconst VERSION = \"5.6.3\";\n\nfunction getBufferResponse(response) {\n  return response.arrayBuffer();\n}\n\nfunction fetchWrapper(requestOptions) {\n  const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;\n\n  if (isPlainObject.isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) {\n    requestOptions.body = JSON.stringify(requestOptions.body);\n  }\n\n  let headers = {};\n  let status;\n  let url;\n  const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch;\n  return fetch(requestOptions.url, Object.assign({\n    method: requestOptions.method,\n    body: requestOptions.body,\n    headers: requestOptions.headers,\n    redirect: requestOptions.redirect\n  }, // `requestOptions.request.agent` type is incompatible\n  // see https://github.com/octokit/types.ts/pull/264\n  requestOptions.request)).then(async response => {\n    url = response.url;\n    status = response.status;\n\n    for (const keyAndValue of response.headers) {\n      headers[keyAndValue[0]] = keyAndValue[1];\n    }\n\n    if (\"deprecation\" in headers) {\n      const matches = headers.link && headers.link.match(/<([^>]+)>; rel=\"deprecation\"/);\n      const deprecationLink = matches && matches.pop();\n      log.warn(`[@octokit/request] \"${requestOptions.method} ${requestOptions.url}\" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : \"\"}`);\n    }\n\n    if (status === 204 || status === 205) {\n      return;\n    } // GitHub API returns 200 for HEAD requests\n\n\n    if (requestOptions.method === \"HEAD\") {\n      if (status < 400) {\n        return;\n      }\n\n      throw new requestError.RequestError(response.statusText, status, {\n        response: {\n          url,\n          status,\n          headers,\n          data: undefined\n        },\n        request: requestOptions\n      });\n    }\n\n    if (status === 304) {\n      throw new requestError.RequestError(\"Not modified\", status, {\n        response: {\n          url,\n          status,\n          headers,\n          data: await getResponseData(response)\n        },\n        request: requestOptions\n      });\n    }\n\n    if (status >= 400) {\n      const data = await getResponseData(response);\n      const error = new requestError.RequestError(toErrorMessage(data), status, {\n        response: {\n          url,\n          status,\n          headers,\n          data\n        },\n        request: requestOptions\n      });\n      throw error;\n    }\n\n    return getResponseData(response);\n  }).then(data => {\n    return {\n      status,\n      url,\n      headers,\n      data\n    };\n  }).catch(error => {\n    if (error instanceof requestError.RequestError) throw error;\n    throw new requestError.RequestError(error.message, 500, {\n      request: requestOptions\n    });\n  });\n}\n\nasync function getResponseData(response) {\n  const contentType = response.headers.get(\"content-type\");\n\n  if (/application\\/json/.test(contentType)) {\n    return response.json();\n  }\n\n  if (!contentType || /^text\\/|charset=utf-8$/.test(contentType)) {\n    return response.text();\n  }\n\n  return getBufferResponse(response);\n}\n\nfunction toErrorMessage(data) {\n  if (typeof data === \"string\") return data; // istanbul ignore else - just in case\n\n  if (\"message\" in data) {\n    if (Array.isArray(data.errors)) {\n      return `${data.message}: ${data.errors.map(JSON.stringify).join(\", \")}`;\n    }\n\n    return data.message;\n  } // istanbul ignore next - just in case\n\n\n  return `Unknown error: ${JSON.stringify(data)}`;\n}\n\nfunction withDefaults(oldEndpoint, newDefaults) {\n  const endpoint = oldEndpoint.defaults(newDefaults);\n\n  const newApi = function (route, parameters) {\n    const endpointOptions = endpoint.merge(route, parameters);\n\n    if (!endpointOptions.request || !endpointOptions.request.hook) {\n      return fetchWrapper(endpoint.parse(endpointOptions));\n    }\n\n    const request = (route, parameters) => {\n      return fetchWrapper(endpoint.parse(endpoint.merge(route, parameters)));\n    };\n\n    Object.assign(request, {\n      endpoint,\n      defaults: withDefaults.bind(null, endpoint)\n    });\n    return endpointOptions.request.hook(request, endpointOptions);\n  };\n\n  return Object.assign(newApi, {\n    endpoint,\n    defaults: withDefaults.bind(null, endpoint)\n  });\n}\n\nconst request = withDefaults(endpoint.endpoint, {\n  headers: {\n    \"user-agent\": `octokit-request.js/${VERSION} ${universalUserAgent.getUserAgent()}`\n  }\n});\n\nexports.request = request;\n//# sourceMappingURL=index.js.map\n","var register = require('./lib/register')\nvar addHook = require('./lib/add')\nvar removeHook = require('./lib/remove')\n\n// bind with array of arguments: https://stackoverflow.com/a/21792913\nvar bind = Function.bind\nvar bindable = bind.bind(bind)\n\nfunction bindApi (hook, state, name) {\n  var removeHookRef = bindable(removeHook, null).apply(null, name ? [state, name] : [state])\n  hook.api = { remove: removeHookRef }\n  hook.remove = removeHookRef\n\n  ;['before', 'error', 'after', 'wrap'].forEach(function (kind) {\n    var args = name ? [state, kind, name] : [state, kind]\n    hook[kind] = hook.api[kind] = bindable(addHook, null).apply(null, args)\n  })\n}\n\nfunction HookSingular () {\n  var singularHookName = 'h'\n  var singularHookState = {\n    registry: {}\n  }\n  var singularHook = register.bind(null, singularHookState, singularHookName)\n  bindApi(singularHook, singularHookState, singularHookName)\n  return singularHook\n}\n\nfunction HookCollection () {\n  var state = {\n    registry: {}\n  }\n\n  var hook = register.bind(null, state)\n  bindApi(hook, state)\n\n  return hook\n}\n\nvar collectionHookDeprecationMessageDisplayed = false\nfunction Hook () {\n  if (!collectionHookDeprecationMessageDisplayed) {\n    console.warn('[before-after-hook]: \"Hook()\" repurposing warning, use \"Hook.Collection()\". Read more: https://git.io/upgrade-before-after-hook-to-1.4')\n    collectionHookDeprecationMessageDisplayed = true\n  }\n  return HookCollection()\n}\n\nHook.Singular = HookSingular.bind()\nHook.Collection = HookCollection.bind()\n\nmodule.exports = Hook\n// expose constructors as a named property for TypeScript\nmodule.exports.Hook = Hook\nmodule.exports.Singular = Hook.Singular\nmodule.exports.Collection = Hook.Collection\n","module.exports = addHook;\n\nfunction addHook(state, kind, name, hook) {\n  var orig = hook;\n  if (!state.registry[name]) {\n    state.registry[name] = [];\n  }\n\n  if (kind === \"before\") {\n    hook = function (method, options) {\n      return Promise.resolve()\n        .then(orig.bind(null, options))\n        .then(method.bind(null, options));\n    };\n  }\n\n  if (kind === \"after\") {\n    hook = function (method, options) {\n      var result;\n      return Promise.resolve()\n        .then(method.bind(null, options))\n        .then(function (result_) {\n          result = result_;\n          return orig(result, options);\n        })\n        .then(function () {\n          return result;\n        });\n    };\n  }\n\n  if (kind === \"error\") {\n    hook = function (method, options) {\n      return Promise.resolve()\n        .then(method.bind(null, options))\n        .catch(function (error) {\n          return orig(error, options);\n        });\n    };\n  }\n\n  state.registry[name].push({\n    hook: hook,\n    orig: orig,\n  });\n}\n","module.exports = register;\n\nfunction register(state, name, method, options) {\n  if (typeof method !== \"function\") {\n    throw new Error(\"method for before hook must be a function\");\n  }\n\n  if (!options) {\n    options = {};\n  }\n\n  if (Array.isArray(name)) {\n    return name.reverse().reduce(function (callback, name) {\n      return register.bind(null, state, name, callback, options);\n    }, method)();\n  }\n\n  return Promise.resolve().then(function () {\n    if (!state.registry[name]) {\n      return method(options);\n    }\n\n    return state.registry[name].reduce(function (method, registered) {\n      return registered.hook.bind(null, method, options);\n    }, method)();\n  });\n}\n","module.exports = removeHook;\n\nfunction removeHook(state, name, method) {\n  if (!state.registry[name]) {\n    return;\n  }\n\n  var index = state.registry[name]\n    .map(function (registered) {\n      return registered.orig;\n    })\n    .indexOf(method);\n\n  if (index === -1) {\n    return;\n  }\n\n  state.registry[name].splice(index, 1);\n}\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nclass Deprecation extends Error {\n  constructor(message) {\n    super(message); // Maintains proper stack trace (only available on V8)\n\n    /* istanbul ignore next */\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, this.constructor);\n    }\n\n    this.name = 'Deprecation';\n  }\n\n}\n\nexports.Deprecation = Deprecation;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\n/*!\n * is-plain-object <https://github.com/jonschlinkert/is-plain-object>\n *\n * Copyright (c) 2014-2017, Jon Schlinkert.\n * Released under the MIT License.\n */\n\nfunction isObject(o) {\n  return Object.prototype.toString.call(o) === '[object Object]';\n}\n\nfunction isPlainObject(o) {\n  var ctor,prot;\n\n  if (isObject(o) === false) return false;\n\n  // If has modified constructor\n  ctor = o.constructor;\n  if (ctor === undefined) return true;\n\n  // If has modified prototype\n  prot = ctor.prototype;\n  if (isObject(prot) === false) return false;\n\n  // If constructor does not have an Object-specific method\n  if (prot.hasOwnProperty('isPrototypeOf') === false) {\n    return false;\n  }\n\n  // Most likely a plain Object\n  return true;\n}\n\nexports.isPlainObject = isPlainObject;\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }\n\nvar Stream = _interopDefault(require('stream'));\nvar http = _interopDefault(require('http'));\nvar Url = _interopDefault(require('url'));\nvar whatwgUrl = _interopDefault(require('whatwg-url'));\nvar https = _interopDefault(require('https'));\nvar zlib = _interopDefault(require('zlib'));\n\n// Based on https://github.com/tmpvar/jsdom/blob/aa85b2abf07766ff7bf5c1f6daafb3726f2f2db5/lib/jsdom/living/blob.js\n\n// fix for \"Readable\" isn't a named export issue\nconst Readable = Stream.Readable;\n\nconst BUFFER = Symbol('buffer');\nconst TYPE = Symbol('type');\n\nclass Blob {\n\tconstructor() {\n\t\tthis[TYPE] = '';\n\n\t\tconst blobParts = arguments[0];\n\t\tconst options = arguments[1];\n\n\t\tconst buffers = [];\n\t\tlet size = 0;\n\n\t\tif (blobParts) {\n\t\t\tconst a = blobParts;\n\t\t\tconst length = Number(a.length);\n\t\t\tfor (let i = 0; i < length; i++) {\n\t\t\t\tconst element = a[i];\n\t\t\t\tlet buffer;\n\t\t\t\tif (element instanceof Buffer) {\n\t\t\t\t\tbuffer = element;\n\t\t\t\t} else if (ArrayBuffer.isView(element)) {\n\t\t\t\t\tbuffer = Buffer.from(element.buffer, element.byteOffset, element.byteLength);\n\t\t\t\t} else if (element instanceof ArrayBuffer) {\n\t\t\t\t\tbuffer = Buffer.from(element);\n\t\t\t\t} else if (element instanceof Blob) {\n\t\t\t\t\tbuffer = element[BUFFER];\n\t\t\t\t} else {\n\t\t\t\t\tbuffer = Buffer.from(typeof element === 'string' ? element : String(element));\n\t\t\t\t}\n\t\t\t\tsize += buffer.length;\n\t\t\t\tbuffers.push(buffer);\n\t\t\t}\n\t\t}\n\n\t\tthis[BUFFER] = Buffer.concat(buffers);\n\n\t\tlet type = options && options.type !== undefined && String(options.type).toLowerCase();\n\t\tif (type && !/[^\\u0020-\\u007E]/.test(type)) {\n\t\t\tthis[TYPE] = type;\n\t\t}\n\t}\n\tget size() {\n\t\treturn this[BUFFER].length;\n\t}\n\tget type() {\n\t\treturn this[TYPE];\n\t}\n\ttext() {\n\t\treturn Promise.resolve(this[BUFFER].toString());\n\t}\n\tarrayBuffer() {\n\t\tconst buf = this[BUFFER];\n\t\tconst ab = buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);\n\t\treturn Promise.resolve(ab);\n\t}\n\tstream() {\n\t\tconst readable = new Readable();\n\t\treadable._read = function () {};\n\t\treadable.push(this[BUFFER]);\n\t\treadable.push(null);\n\t\treturn readable;\n\t}\n\ttoString() {\n\t\treturn '[object Blob]';\n\t}\n\tslice() {\n\t\tconst size = this.size;\n\n\t\tconst start = arguments[0];\n\t\tconst end = arguments[1];\n\t\tlet relativeStart, relativeEnd;\n\t\tif (start === undefined) {\n\t\t\trelativeStart = 0;\n\t\t} else if (start < 0) {\n\t\t\trelativeStart = Math.max(size + start, 0);\n\t\t} else {\n\t\t\trelativeStart = Math.min(start, size);\n\t\t}\n\t\tif (end === undefined) {\n\t\t\trelativeEnd = size;\n\t\t} else if (end < 0) {\n\t\t\trelativeEnd = Math.max(size + end, 0);\n\t\t} else {\n\t\t\trelativeEnd = Math.min(end, size);\n\t\t}\n\t\tconst span = Math.max(relativeEnd - relativeStart, 0);\n\n\t\tconst buffer = this[BUFFER];\n\t\tconst slicedBuffer = buffer.slice(relativeStart, relativeStart + span);\n\t\tconst blob = new Blob([], { type: arguments[2] });\n\t\tblob[BUFFER] = slicedBuffer;\n\t\treturn blob;\n\t}\n}\n\nObject.defineProperties(Blob.prototype, {\n\tsize: { enumerable: true },\n\ttype: { enumerable: true },\n\tslice: { enumerable: true }\n});\n\nObject.defineProperty(Blob.prototype, Symbol.toStringTag, {\n\tvalue: 'Blob',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\n/**\n * fetch-error.js\n *\n * FetchError interface for operational errors\n */\n\n/**\n * Create FetchError instance\n *\n * @param   String      message      Error message for human\n * @param   String      type         Error type for machine\n * @param   String      systemError  For Node.js system error\n * @return  FetchError\n */\nfunction FetchError(message, type, systemError) {\n  Error.call(this, message);\n\n  this.message = message;\n  this.type = type;\n\n  // when err.type is `system`, err.code contains system error code\n  if (systemError) {\n    this.code = this.errno = systemError.code;\n  }\n\n  // hide custom error implementation details from end-users\n  Error.captureStackTrace(this, this.constructor);\n}\n\nFetchError.prototype = Object.create(Error.prototype);\nFetchError.prototype.constructor = FetchError;\nFetchError.prototype.name = 'FetchError';\n\nlet convert;\ntry {\n\tconvert = require('encoding').convert;\n} catch (e) {}\n\nconst INTERNALS = Symbol('Body internals');\n\n// fix an issue where \"PassThrough\" isn't a named export for node <10\nconst PassThrough = Stream.PassThrough;\n\n/**\n * Body mixin\n *\n * Ref: https://fetch.spec.whatwg.org/#body\n *\n * @param   Stream  body  Readable stream\n * @param   Object  opts  Response options\n * @return  Void\n */\nfunction Body(body) {\n\tvar _this = this;\n\n\tvar _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},\n\t    _ref$size = _ref.size;\n\n\tlet size = _ref$size === undefined ? 0 : _ref$size;\n\tvar _ref$timeout = _ref.timeout;\n\tlet timeout = _ref$timeout === undefined ? 0 : _ref$timeout;\n\n\tif (body == null) {\n\t\t// body is undefined or null\n\t\tbody = null;\n\t} else if (isURLSearchParams(body)) {\n\t\t// body is a URLSearchParams\n\t\tbody = Buffer.from(body.toString());\n\t} else if (isBlob(body)) ; else if (Buffer.isBuffer(body)) ; else if (Object.prototype.toString.call(body) === '[object ArrayBuffer]') {\n\t\t// body is ArrayBuffer\n\t\tbody = Buffer.from(body);\n\t} else if (ArrayBuffer.isView(body)) {\n\t\t// body is ArrayBufferView\n\t\tbody = Buffer.from(body.buffer, body.byteOffset, body.byteLength);\n\t} else if (body instanceof Stream) ; else {\n\t\t// none of the above\n\t\t// coerce to string then buffer\n\t\tbody = Buffer.from(String(body));\n\t}\n\tthis[INTERNALS] = {\n\t\tbody,\n\t\tdisturbed: false,\n\t\terror: null\n\t};\n\tthis.size = size;\n\tthis.timeout = timeout;\n\n\tif (body instanceof Stream) {\n\t\tbody.on('error', function (err) {\n\t\t\tconst error = err.name === 'AbortError' ? err : new FetchError(`Invalid response body while trying to fetch ${_this.url}: ${err.message}`, 'system', err);\n\t\t\t_this[INTERNALS].error = error;\n\t\t});\n\t}\n}\n\nBody.prototype = {\n\tget body() {\n\t\treturn this[INTERNALS].body;\n\t},\n\n\tget bodyUsed() {\n\t\treturn this[INTERNALS].disturbed;\n\t},\n\n\t/**\n  * Decode response as ArrayBuffer\n  *\n  * @return  Promise\n  */\n\tarrayBuffer() {\n\t\treturn consumeBody.call(this).then(function (buf) {\n\t\t\treturn buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);\n\t\t});\n\t},\n\n\t/**\n  * Return raw response as Blob\n  *\n  * @return Promise\n  */\n\tblob() {\n\t\tlet ct = this.headers && this.headers.get('content-type') || '';\n\t\treturn consumeBody.call(this).then(function (buf) {\n\t\t\treturn Object.assign(\n\t\t\t// Prevent copying\n\t\t\tnew Blob([], {\n\t\t\t\ttype: ct.toLowerCase()\n\t\t\t}), {\n\t\t\t\t[BUFFER]: buf\n\t\t\t});\n\t\t});\n\t},\n\n\t/**\n  * Decode response as json\n  *\n  * @return  Promise\n  */\n\tjson() {\n\t\tvar _this2 = this;\n\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\ttry {\n\t\t\t\treturn JSON.parse(buffer.toString());\n\t\t\t} catch (err) {\n\t\t\t\treturn Body.Promise.reject(new FetchError(`invalid json response body at ${_this2.url} reason: ${err.message}`, 'invalid-json'));\n\t\t\t}\n\t\t});\n\t},\n\n\t/**\n  * Decode response as text\n  *\n  * @return  Promise\n  */\n\ttext() {\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\treturn buffer.toString();\n\t\t});\n\t},\n\n\t/**\n  * Decode response as buffer (non-spec api)\n  *\n  * @return  Promise\n  */\n\tbuffer() {\n\t\treturn consumeBody.call(this);\n\t},\n\n\t/**\n  * Decode response as text, while automatically detecting the encoding and\n  * trying to decode to UTF-8 (non-spec api)\n  *\n  * @return  Promise\n  */\n\ttextConverted() {\n\t\tvar _this3 = this;\n\n\t\treturn consumeBody.call(this).then(function (buffer) {\n\t\t\treturn convertBody(buffer, _this3.headers);\n\t\t});\n\t}\n};\n\n// In browsers, all properties are enumerable.\nObject.defineProperties(Body.prototype, {\n\tbody: { enumerable: true },\n\tbodyUsed: { enumerable: true },\n\tarrayBuffer: { enumerable: true },\n\tblob: { enumerable: true },\n\tjson: { enumerable: true },\n\ttext: { enumerable: true }\n});\n\nBody.mixIn = function (proto) {\n\tfor (const name of Object.getOwnPropertyNames(Body.prototype)) {\n\t\t// istanbul ignore else: future proof\n\t\tif (!(name in proto)) {\n\t\t\tconst desc = Object.getOwnPropertyDescriptor(Body.prototype, name);\n\t\t\tObject.defineProperty(proto, name, desc);\n\t\t}\n\t}\n};\n\n/**\n * Consume and convert an entire Body to a Buffer.\n *\n * Ref: https://fetch.spec.whatwg.org/#concept-body-consume-body\n *\n * @return  Promise\n */\nfunction consumeBody() {\n\tvar _this4 = this;\n\n\tif (this[INTERNALS].disturbed) {\n\t\treturn Body.Promise.reject(new TypeError(`body used already for: ${this.url}`));\n\t}\n\n\tthis[INTERNALS].disturbed = true;\n\n\tif (this[INTERNALS].error) {\n\t\treturn Body.Promise.reject(this[INTERNALS].error);\n\t}\n\n\tlet body = this.body;\n\n\t// body is null\n\tif (body === null) {\n\t\treturn Body.Promise.resolve(Buffer.alloc(0));\n\t}\n\n\t// body is blob\n\tif (isBlob(body)) {\n\t\tbody = body.stream();\n\t}\n\n\t// body is buffer\n\tif (Buffer.isBuffer(body)) {\n\t\treturn Body.Promise.resolve(body);\n\t}\n\n\t// istanbul ignore if: should never happen\n\tif (!(body instanceof Stream)) {\n\t\treturn Body.Promise.resolve(Buffer.alloc(0));\n\t}\n\n\t// body is stream\n\t// get ready to actually consume the body\n\tlet accum = [];\n\tlet accumBytes = 0;\n\tlet abort = false;\n\n\treturn new Body.Promise(function (resolve, reject) {\n\t\tlet resTimeout;\n\n\t\t// allow timeout on slow response body\n\t\tif (_this4.timeout) {\n\t\t\tresTimeout = setTimeout(function () {\n\t\t\t\tabort = true;\n\t\t\t\treject(new FetchError(`Response timeout while trying to fetch ${_this4.url} (over ${_this4.timeout}ms)`, 'body-timeout'));\n\t\t\t}, _this4.timeout);\n\t\t}\n\n\t\t// handle stream errors\n\t\tbody.on('error', function (err) {\n\t\t\tif (err.name === 'AbortError') {\n\t\t\t\t// if the request was aborted, reject with this Error\n\t\t\t\tabort = true;\n\t\t\t\treject(err);\n\t\t\t} else {\n\t\t\t\t// other errors, such as incorrect content-encoding\n\t\t\t\treject(new FetchError(`Invalid response body while trying to fetch ${_this4.url}: ${err.message}`, 'system', err));\n\t\t\t}\n\t\t});\n\n\t\tbody.on('data', function (chunk) {\n\t\t\tif (abort || chunk === null) {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\tif (_this4.size && accumBytes + chunk.length > _this4.size) {\n\t\t\t\tabort = true;\n\t\t\t\treject(new FetchError(`content size at ${_this4.url} over limit: ${_this4.size}`, 'max-size'));\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\taccumBytes += chunk.length;\n\t\t\taccum.push(chunk);\n\t\t});\n\n\t\tbody.on('end', function () {\n\t\t\tif (abort) {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\tclearTimeout(resTimeout);\n\n\t\t\ttry {\n\t\t\t\tresolve(Buffer.concat(accum, accumBytes));\n\t\t\t} catch (err) {\n\t\t\t\t// handle streams that have accumulated too much data (issue #414)\n\t\t\t\treject(new FetchError(`Could not create Buffer from response body for ${_this4.url}: ${err.message}`, 'system', err));\n\t\t\t}\n\t\t});\n\t});\n}\n\n/**\n * Detect buffer encoding and convert to target encoding\n * ref: http://www.w3.org/TR/2011/WD-html5-20110113/parsing.html#determining-the-character-encoding\n *\n * @param   Buffer  buffer    Incoming buffer\n * @param   String  encoding  Target encoding\n * @return  String\n */\nfunction convertBody(buffer, headers) {\n\tif (typeof convert !== 'function') {\n\t\tthrow new Error('The package `encoding` must be installed to use the textConverted() function');\n\t}\n\n\tconst ct = headers.get('content-type');\n\tlet charset = 'utf-8';\n\tlet res, str;\n\n\t// header\n\tif (ct) {\n\t\tres = /charset=([^;]*)/i.exec(ct);\n\t}\n\n\t// no charset in content type, peek at response body for at most 1024 bytes\n\tstr = buffer.slice(0, 1024).toString();\n\n\t// html5\n\tif (!res && str) {\n\t\tres = /<meta.+?charset=(['\"])(.+?)\\1/i.exec(str);\n\t}\n\n\t// html4\n\tif (!res && str) {\n\t\tres = /<meta[\\s]+?http-equiv=(['\"])content-type\\1[\\s]+?content=(['\"])(.+?)\\2/i.exec(str);\n\t\tif (!res) {\n\t\t\tres = /<meta[\\s]+?content=(['\"])(.+?)\\1[\\s]+?http-equiv=(['\"])content-type\\3/i.exec(str);\n\t\t\tif (res) {\n\t\t\t\tres.pop(); // drop last quote\n\t\t\t}\n\t\t}\n\n\t\tif (res) {\n\t\t\tres = /charset=(.*)/i.exec(res.pop());\n\t\t}\n\t}\n\n\t// xml\n\tif (!res && str) {\n\t\tres = /<\\?xml.+?encoding=(['\"])(.+?)\\1/i.exec(str);\n\t}\n\n\t// found charset\n\tif (res) {\n\t\tcharset = res.pop();\n\n\t\t// prevent decode issues when sites use incorrect encoding\n\t\t// ref: https://hsivonen.fi/encoding-menu/\n\t\tif (charset === 'gb2312' || charset === 'gbk') {\n\t\t\tcharset = 'gb18030';\n\t\t}\n\t}\n\n\t// turn raw buffers into a single utf-8 buffer\n\treturn convert(buffer, 'UTF-8', charset).toString();\n}\n\n/**\n * Detect a URLSearchParams object\n * ref: https://github.com/bitinn/node-fetch/issues/296#issuecomment-307598143\n *\n * @param   Object  obj     Object to detect by type or brand\n * @return  String\n */\nfunction isURLSearchParams(obj) {\n\t// Duck-typing as a necessary condition.\n\tif (typeof obj !== 'object' || typeof obj.append !== 'function' || typeof obj.delete !== 'function' || typeof obj.get !== 'function' || typeof obj.getAll !== 'function' || typeof obj.has !== 'function' || typeof obj.set !== 'function') {\n\t\treturn false;\n\t}\n\n\t// Brand-checking and more duck-typing as optional condition.\n\treturn obj.constructor.name === 'URLSearchParams' || Object.prototype.toString.call(obj) === '[object URLSearchParams]' || typeof obj.sort === 'function';\n}\n\n/**\n * Check if `obj` is a W3C `Blob` object (which `File` inherits from)\n * @param  {*} obj\n * @return {boolean}\n */\nfunction isBlob(obj) {\n\treturn typeof obj === 'object' && typeof obj.arrayBuffer === 'function' && typeof obj.type === 'string' && typeof obj.stream === 'function' && typeof obj.constructor === 'function' && typeof obj.constructor.name === 'string' && /^(Blob|File)$/.test(obj.constructor.name) && /^(Blob|File)$/.test(obj[Symbol.toStringTag]);\n}\n\n/**\n * Clone body given Res/Req instance\n *\n * @param   Mixed  instance  Response or Request instance\n * @return  Mixed\n */\nfunction clone(instance) {\n\tlet p1, p2;\n\tlet body = instance.body;\n\n\t// don't allow cloning a used body\n\tif (instance.bodyUsed) {\n\t\tthrow new Error('cannot clone body after it is used');\n\t}\n\n\t// check that body is a stream and not form-data object\n\t// note: we can't clone the form-data object without having it as a dependency\n\tif (body instanceof Stream && typeof body.getBoundary !== 'function') {\n\t\t// tee instance body\n\t\tp1 = new PassThrough();\n\t\tp2 = new PassThrough();\n\t\tbody.pipe(p1);\n\t\tbody.pipe(p2);\n\t\t// set instance body to teed body and return the other teed body\n\t\tinstance[INTERNALS].body = p1;\n\t\tbody = p2;\n\t}\n\n\treturn body;\n}\n\n/**\n * Performs the operation \"extract a `Content-Type` value from |object|\" as\n * specified in the specification:\n * https://fetch.spec.whatwg.org/#concept-bodyinit-extract\n *\n * This function assumes that instance.body is present.\n *\n * @param   Mixed  instance  Any options.body input\n */\nfunction extractContentType(body) {\n\tif (body === null) {\n\t\t// body is null\n\t\treturn null;\n\t} else if (typeof body === 'string') {\n\t\t// body is string\n\t\treturn 'text/plain;charset=UTF-8';\n\t} else if (isURLSearchParams(body)) {\n\t\t// body is a URLSearchParams\n\t\treturn 'application/x-www-form-urlencoded;charset=UTF-8';\n\t} else if (isBlob(body)) {\n\t\t// body is blob\n\t\treturn body.type || null;\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\treturn null;\n\t} else if (Object.prototype.toString.call(body) === '[object ArrayBuffer]') {\n\t\t// body is ArrayBuffer\n\t\treturn null;\n\t} else if (ArrayBuffer.isView(body)) {\n\t\t// body is ArrayBufferView\n\t\treturn null;\n\t} else if (typeof body.getBoundary === 'function') {\n\t\t// detect form data input from form-data module\n\t\treturn `multipart/form-data;boundary=${body.getBoundary()}`;\n\t} else if (body instanceof Stream) {\n\t\t// body is stream\n\t\t// can't really do much about this\n\t\treturn null;\n\t} else {\n\t\t// Body constructor defaults other things to string\n\t\treturn 'text/plain;charset=UTF-8';\n\t}\n}\n\n/**\n * The Fetch Standard treats this as if \"total bytes\" is a property on the body.\n * For us, we have to explicitly get it with a function.\n *\n * ref: https://fetch.spec.whatwg.org/#concept-body-total-bytes\n *\n * @param   Body    instance   Instance of Body\n * @return  Number?            Number of bytes, or null if not possible\n */\nfunction getTotalBytes(instance) {\n\tconst body = instance.body;\n\n\n\tif (body === null) {\n\t\t// body is null\n\t\treturn 0;\n\t} else if (isBlob(body)) {\n\t\treturn body.size;\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\treturn body.length;\n\t} else if (body && typeof body.getLengthSync === 'function') {\n\t\t// detect form data input from form-data module\n\t\tif (body._lengthRetrievers && body._lengthRetrievers.length == 0 || // 1.x\n\t\tbody.hasKnownLength && body.hasKnownLength()) {\n\t\t\t// 2.x\n\t\t\treturn body.getLengthSync();\n\t\t}\n\t\treturn null;\n\t} else {\n\t\t// body is stream\n\t\treturn null;\n\t}\n}\n\n/**\n * Write a Body to a Node.js WritableStream (e.g. http.Request) object.\n *\n * @param   Body    instance   Instance of Body\n * @return  Void\n */\nfunction writeToStream(dest, instance) {\n\tconst body = instance.body;\n\n\n\tif (body === null) {\n\t\t// body is null\n\t\tdest.end();\n\t} else if (isBlob(body)) {\n\t\tbody.stream().pipe(dest);\n\t} else if (Buffer.isBuffer(body)) {\n\t\t// body is buffer\n\t\tdest.write(body);\n\t\tdest.end();\n\t} else {\n\t\t// body is stream\n\t\tbody.pipe(dest);\n\t}\n}\n\n// expose Promise\nBody.Promise = global.Promise;\n\n/**\n * headers.js\n *\n * Headers class offers convenient helpers\n */\n\nconst invalidTokenRegex = /[^\\^_`a-zA-Z\\-0-9!#$%&'*+.|~]/;\nconst invalidHeaderCharRegex = /[^\\t\\x20-\\x7e\\x80-\\xff]/;\n\nfunction validateName(name) {\n\tname = `${name}`;\n\tif (invalidTokenRegex.test(name) || name === '') {\n\t\tthrow new TypeError(`${name} is not a legal HTTP header name`);\n\t}\n}\n\nfunction validateValue(value) {\n\tvalue = `${value}`;\n\tif (invalidHeaderCharRegex.test(value)) {\n\t\tthrow new TypeError(`${value} is not a legal HTTP header value`);\n\t}\n}\n\n/**\n * Find the key in the map object given a header name.\n *\n * Returns undefined if not found.\n *\n * @param   String  name  Header name\n * @return  String|Undefined\n */\nfunction find(map, name) {\n\tname = name.toLowerCase();\n\tfor (const key in map) {\n\t\tif (key.toLowerCase() === name) {\n\t\t\treturn key;\n\t\t}\n\t}\n\treturn undefined;\n}\n\nconst MAP = Symbol('map');\nclass Headers {\n\t/**\n  * Headers class\n  *\n  * @param   Object  headers  Response headers\n  * @return  Void\n  */\n\tconstructor() {\n\t\tlet init = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : undefined;\n\n\t\tthis[MAP] = Object.create(null);\n\n\t\tif (init instanceof Headers) {\n\t\t\tconst rawHeaders = init.raw();\n\t\t\tconst headerNames = Object.keys(rawHeaders);\n\n\t\t\tfor (const headerName of headerNames) {\n\t\t\t\tfor (const value of rawHeaders[headerName]) {\n\t\t\t\t\tthis.append(headerName, value);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn;\n\t\t}\n\n\t\t// We don't worry about converting prop to ByteString here as append()\n\t\t// will handle it.\n\t\tif (init == null) ; else if (typeof init === 'object') {\n\t\t\tconst method = init[Symbol.iterator];\n\t\t\tif (method != null) {\n\t\t\t\tif (typeof method !== 'function') {\n\t\t\t\t\tthrow new TypeError('Header pairs must be iterable');\n\t\t\t\t}\n\n\t\t\t\t// sequence<sequence<ByteString>>\n\t\t\t\t// Note: per spec we have to first exhaust the lists then process them\n\t\t\t\tconst pairs = [];\n\t\t\t\tfor (const pair of init) {\n\t\t\t\t\tif (typeof pair !== 'object' || typeof pair[Symbol.iterator] !== 'function') {\n\t\t\t\t\t\tthrow new TypeError('Each header pair must be iterable');\n\t\t\t\t\t}\n\t\t\t\t\tpairs.push(Array.from(pair));\n\t\t\t\t}\n\n\t\t\t\tfor (const pair of pairs) {\n\t\t\t\t\tif (pair.length !== 2) {\n\t\t\t\t\t\tthrow new TypeError('Each header pair must be a name/value tuple');\n\t\t\t\t\t}\n\t\t\t\t\tthis.append(pair[0], pair[1]);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\t// record<ByteString, ByteString>\n\t\t\t\tfor (const key of Object.keys(init)) {\n\t\t\t\t\tconst value = init[key];\n\t\t\t\t\tthis.append(key, value);\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tthrow new TypeError('Provided initializer must be an object');\n\t\t}\n\t}\n\n\t/**\n  * Return combined header value given name\n  *\n  * @param   String  name  Header name\n  * @return  Mixed\n  */\n\tget(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key === undefined) {\n\t\t\treturn null;\n\t\t}\n\n\t\treturn this[MAP][key].join(', ');\n\t}\n\n\t/**\n  * Iterate over all headers\n  *\n  * @param   Function  callback  Executed for each item with parameters (value, name, thisArg)\n  * @param   Boolean   thisArg   `this` context for callback function\n  * @return  Void\n  */\n\tforEach(callback) {\n\t\tlet thisArg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;\n\n\t\tlet pairs = getHeaders(this);\n\t\tlet i = 0;\n\t\twhile (i < pairs.length) {\n\t\t\tvar _pairs$i = pairs[i];\n\t\t\tconst name = _pairs$i[0],\n\t\t\t      value = _pairs$i[1];\n\n\t\t\tcallback.call(thisArg, value, name, this);\n\t\t\tpairs = getHeaders(this);\n\t\t\ti++;\n\t\t}\n\t}\n\n\t/**\n  * Overwrite header values given name\n  *\n  * @param   String  name   Header name\n  * @param   String  value  Header value\n  * @return  Void\n  */\n\tset(name, value) {\n\t\tname = `${name}`;\n\t\tvalue = `${value}`;\n\t\tvalidateName(name);\n\t\tvalidateValue(value);\n\t\tconst key = find(this[MAP], name);\n\t\tthis[MAP][key !== undefined ? key : name] = [value];\n\t}\n\n\t/**\n  * Append a value onto existing header\n  *\n  * @param   String  name   Header name\n  * @param   String  value  Header value\n  * @return  Void\n  */\n\tappend(name, value) {\n\t\tname = `${name}`;\n\t\tvalue = `${value}`;\n\t\tvalidateName(name);\n\t\tvalidateValue(value);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key !== undefined) {\n\t\t\tthis[MAP][key].push(value);\n\t\t} else {\n\t\t\tthis[MAP][name] = [value];\n\t\t}\n\t}\n\n\t/**\n  * Check for header name existence\n  *\n  * @param   String   name  Header name\n  * @return  Boolean\n  */\n\thas(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\treturn find(this[MAP], name) !== undefined;\n\t}\n\n\t/**\n  * Delete all header values given name\n  *\n  * @param   String  name  Header name\n  * @return  Void\n  */\n\tdelete(name) {\n\t\tname = `${name}`;\n\t\tvalidateName(name);\n\t\tconst key = find(this[MAP], name);\n\t\tif (key !== undefined) {\n\t\t\tdelete this[MAP][key];\n\t\t}\n\t}\n\n\t/**\n  * Return raw headers (non-spec api)\n  *\n  * @return  Object\n  */\n\traw() {\n\t\treturn this[MAP];\n\t}\n\n\t/**\n  * Get an iterator on keys.\n  *\n  * @return  Iterator\n  */\n\tkeys() {\n\t\treturn createHeadersIterator(this, 'key');\n\t}\n\n\t/**\n  * Get an iterator on values.\n  *\n  * @return  Iterator\n  */\n\tvalues() {\n\t\treturn createHeadersIterator(this, 'value');\n\t}\n\n\t/**\n  * Get an iterator on entries.\n  *\n  * This is the default iterator of the Headers object.\n  *\n  * @return  Iterator\n  */\n\t[Symbol.iterator]() {\n\t\treturn createHeadersIterator(this, 'key+value');\n\t}\n}\nHeaders.prototype.entries = Headers.prototype[Symbol.iterator];\n\nObject.defineProperty(Headers.prototype, Symbol.toStringTag, {\n\tvalue: 'Headers',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nObject.defineProperties(Headers.prototype, {\n\tget: { enumerable: true },\n\tforEach: { enumerable: true },\n\tset: { enumerable: true },\n\tappend: { enumerable: true },\n\thas: { enumerable: true },\n\tdelete: { enumerable: true },\n\tkeys: { enumerable: true },\n\tvalues: { enumerable: true },\n\tentries: { enumerable: true }\n});\n\nfunction getHeaders(headers) {\n\tlet kind = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'key+value';\n\n\tconst keys = Object.keys(headers[MAP]).sort();\n\treturn keys.map(kind === 'key' ? function (k) {\n\t\treturn k.toLowerCase();\n\t} : kind === 'value' ? function (k) {\n\t\treturn headers[MAP][k].join(', ');\n\t} : function (k) {\n\t\treturn [k.toLowerCase(), headers[MAP][k].join(', ')];\n\t});\n}\n\nconst INTERNAL = Symbol('internal');\n\nfunction createHeadersIterator(target, kind) {\n\tconst iterator = Object.create(HeadersIteratorPrototype);\n\titerator[INTERNAL] = {\n\t\ttarget,\n\t\tkind,\n\t\tindex: 0\n\t};\n\treturn iterator;\n}\n\nconst HeadersIteratorPrototype = Object.setPrototypeOf({\n\tnext() {\n\t\t// istanbul ignore if\n\t\tif (!this || Object.getPrototypeOf(this) !== HeadersIteratorPrototype) {\n\t\t\tthrow new TypeError('Value of `this` is not a HeadersIterator');\n\t\t}\n\n\t\tvar _INTERNAL = this[INTERNAL];\n\t\tconst target = _INTERNAL.target,\n\t\t      kind = _INTERNAL.kind,\n\t\t      index = _INTERNAL.index;\n\n\t\tconst values = getHeaders(target, kind);\n\t\tconst len = values.length;\n\t\tif (index >= len) {\n\t\t\treturn {\n\t\t\t\tvalue: undefined,\n\t\t\t\tdone: true\n\t\t\t};\n\t\t}\n\n\t\tthis[INTERNAL].index = index + 1;\n\n\t\treturn {\n\t\t\tvalue: values[index],\n\t\t\tdone: false\n\t\t};\n\t}\n}, Object.getPrototypeOf(Object.getPrototypeOf([][Symbol.iterator]())));\n\nObject.defineProperty(HeadersIteratorPrototype, Symbol.toStringTag, {\n\tvalue: 'HeadersIterator',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\n/**\n * Export the Headers object in a form that Node.js can consume.\n *\n * @param   Headers  headers\n * @return  Object\n */\nfunction exportNodeCompatibleHeaders(headers) {\n\tconst obj = Object.assign({ __proto__: null }, headers[MAP]);\n\n\t// http.request() only supports string as Host header. This hack makes\n\t// specifying custom Host header possible.\n\tconst hostHeaderKey = find(headers[MAP], 'Host');\n\tif (hostHeaderKey !== undefined) {\n\t\tobj[hostHeaderKey] = obj[hostHeaderKey][0];\n\t}\n\n\treturn obj;\n}\n\n/**\n * Create a Headers object from an object of headers, ignoring those that do\n * not conform to HTTP grammar productions.\n *\n * @param   Object  obj  Object of headers\n * @return  Headers\n */\nfunction createHeadersLenient(obj) {\n\tconst headers = new Headers();\n\tfor (const name of Object.keys(obj)) {\n\t\tif (invalidTokenRegex.test(name)) {\n\t\t\tcontinue;\n\t\t}\n\t\tif (Array.isArray(obj[name])) {\n\t\t\tfor (const val of obj[name]) {\n\t\t\t\tif (invalidHeaderCharRegex.test(val)) {\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\t\t\t\tif (headers[MAP][name] === undefined) {\n\t\t\t\t\theaders[MAP][name] = [val];\n\t\t\t\t} else {\n\t\t\t\t\theaders[MAP][name].push(val);\n\t\t\t\t}\n\t\t\t}\n\t\t} else if (!invalidHeaderCharRegex.test(obj[name])) {\n\t\t\theaders[MAP][name] = [obj[name]];\n\t\t}\n\t}\n\treturn headers;\n}\n\nconst INTERNALS$1 = Symbol('Response internals');\n\n// fix an issue where \"STATUS_CODES\" aren't a named export for node <10\nconst STATUS_CODES = http.STATUS_CODES;\n\n/**\n * Response class\n *\n * @param   Stream  body  Readable stream\n * @param   Object  opts  Response options\n * @return  Void\n */\nclass Response {\n\tconstructor() {\n\t\tlet body = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;\n\t\tlet opts = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};\n\n\t\tBody.call(this, body, opts);\n\n\t\tconst status = opts.status || 200;\n\t\tconst headers = new Headers(opts.headers);\n\n\t\tif (body != null && !headers.has('Content-Type')) {\n\t\t\tconst contentType = extractContentType(body);\n\t\t\tif (contentType) {\n\t\t\t\theaders.append('Content-Type', contentType);\n\t\t\t}\n\t\t}\n\n\t\tthis[INTERNALS$1] = {\n\t\t\turl: opts.url,\n\t\t\tstatus,\n\t\t\tstatusText: opts.statusText || STATUS_CODES[status],\n\t\t\theaders,\n\t\t\tcounter: opts.counter\n\t\t};\n\t}\n\n\tget url() {\n\t\treturn this[INTERNALS$1].url || '';\n\t}\n\n\tget status() {\n\t\treturn this[INTERNALS$1].status;\n\t}\n\n\t/**\n  * Convenience property representing if the request ended normally\n  */\n\tget ok() {\n\t\treturn this[INTERNALS$1].status >= 200 && this[INTERNALS$1].status < 300;\n\t}\n\n\tget redirected() {\n\t\treturn this[INTERNALS$1].counter > 0;\n\t}\n\n\tget statusText() {\n\t\treturn this[INTERNALS$1].statusText;\n\t}\n\n\tget headers() {\n\t\treturn this[INTERNALS$1].headers;\n\t}\n\n\t/**\n  * Clone this response\n  *\n  * @return  Response\n  */\n\tclone() {\n\t\treturn new Response(clone(this), {\n\t\t\turl: this.url,\n\t\t\tstatus: this.status,\n\t\t\tstatusText: this.statusText,\n\t\t\theaders: this.headers,\n\t\t\tok: this.ok,\n\t\t\tredirected: this.redirected\n\t\t});\n\t}\n}\n\nBody.mixIn(Response.prototype);\n\nObject.defineProperties(Response.prototype, {\n\turl: { enumerable: true },\n\tstatus: { enumerable: true },\n\tok: { enumerable: true },\n\tredirected: { enumerable: true },\n\tstatusText: { enumerable: true },\n\theaders: { enumerable: true },\n\tclone: { enumerable: true }\n});\n\nObject.defineProperty(Response.prototype, Symbol.toStringTag, {\n\tvalue: 'Response',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nconst INTERNALS$2 = Symbol('Request internals');\nconst URL = Url.URL || whatwgUrl.URL;\n\n// fix an issue where \"format\", \"parse\" aren't a named export for node <10\nconst parse_url = Url.parse;\nconst format_url = Url.format;\n\n/**\n * Wrapper around `new URL` to handle arbitrary URLs\n *\n * @param  {string} urlStr\n * @return {void}\n */\nfunction parseURL(urlStr) {\n\t/*\n \tCheck whether the URL is absolute or not\n \t\tScheme: https://tools.ietf.org/html/rfc3986#section-3.1\n \tAbsolute URL: https://tools.ietf.org/html/rfc3986#section-4.3\n */\n\tif (/^[a-zA-Z][a-zA-Z\\d+\\-.]*:/.exec(urlStr)) {\n\t\turlStr = new URL(urlStr).toString();\n\t}\n\n\t// Fallback to old implementation for arbitrary URLs\n\treturn parse_url(urlStr);\n}\n\nconst streamDestructionSupported = 'destroy' in Stream.Readable.prototype;\n\n/**\n * Check if a value is an instance of Request.\n *\n * @param   Mixed   input\n * @return  Boolean\n */\nfunction isRequest(input) {\n\treturn typeof input === 'object' && typeof input[INTERNALS$2] === 'object';\n}\n\nfunction isAbortSignal(signal) {\n\tconst proto = signal && typeof signal === 'object' && Object.getPrototypeOf(signal);\n\treturn !!(proto && proto.constructor.name === 'AbortSignal');\n}\n\n/**\n * Request class\n *\n * @param   Mixed   input  Url or Request instance\n * @param   Object  init   Custom options\n * @return  Void\n */\nclass Request {\n\tconstructor(input) {\n\t\tlet init = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};\n\n\t\tlet parsedURL;\n\n\t\t// normalize input\n\t\tif (!isRequest(input)) {\n\t\t\tif (input && input.href) {\n\t\t\t\t// in order to support Node.js' Url objects; though WHATWG's URL objects\n\t\t\t\t// will fall into this branch also (since their `toString()` will return\n\t\t\t\t// `href` property anyway)\n\t\t\t\tparsedURL = parseURL(input.href);\n\t\t\t} else {\n\t\t\t\t// coerce input to a string before attempting to parse\n\t\t\t\tparsedURL = parseURL(`${input}`);\n\t\t\t}\n\t\t\tinput = {};\n\t\t} else {\n\t\t\tparsedURL = parseURL(input.url);\n\t\t}\n\n\t\tlet method = init.method || input.method || 'GET';\n\t\tmethod = method.toUpperCase();\n\n\t\tif ((init.body != null || isRequest(input) && input.body !== null) && (method === 'GET' || method === 'HEAD')) {\n\t\t\tthrow new TypeError('Request with GET/HEAD method cannot have body');\n\t\t}\n\n\t\tlet inputBody = init.body != null ? init.body : isRequest(input) && input.body !== null ? clone(input) : null;\n\n\t\tBody.call(this, inputBody, {\n\t\t\ttimeout: init.timeout || input.timeout || 0,\n\t\t\tsize: init.size || input.size || 0\n\t\t});\n\n\t\tconst headers = new Headers(init.headers || input.headers || {});\n\n\t\tif (inputBody != null && !headers.has('Content-Type')) {\n\t\t\tconst contentType = extractContentType(inputBody);\n\t\t\tif (contentType) {\n\t\t\t\theaders.append('Content-Type', contentType);\n\t\t\t}\n\t\t}\n\n\t\tlet signal = isRequest(input) ? input.signal : null;\n\t\tif ('signal' in init) signal = init.signal;\n\n\t\tif (signal != null && !isAbortSignal(signal)) {\n\t\t\tthrow new TypeError('Expected signal to be an instanceof AbortSignal');\n\t\t}\n\n\t\tthis[INTERNALS$2] = {\n\t\t\tmethod,\n\t\t\tredirect: init.redirect || input.redirect || 'follow',\n\t\t\theaders,\n\t\t\tparsedURL,\n\t\t\tsignal\n\t\t};\n\n\t\t// node-fetch-only options\n\t\tthis.follow = init.follow !== undefined ? init.follow : input.follow !== undefined ? input.follow : 20;\n\t\tthis.compress = init.compress !== undefined ? init.compress : input.compress !== undefined ? input.compress : true;\n\t\tthis.counter = init.counter || input.counter || 0;\n\t\tthis.agent = init.agent || input.agent;\n\t}\n\n\tget method() {\n\t\treturn this[INTERNALS$2].method;\n\t}\n\n\tget url() {\n\t\treturn format_url(this[INTERNALS$2].parsedURL);\n\t}\n\n\tget headers() {\n\t\treturn this[INTERNALS$2].headers;\n\t}\n\n\tget redirect() {\n\t\treturn this[INTERNALS$2].redirect;\n\t}\n\n\tget signal() {\n\t\treturn this[INTERNALS$2].signal;\n\t}\n\n\t/**\n  * Clone this request\n  *\n  * @return  Request\n  */\n\tclone() {\n\t\treturn new Request(this);\n\t}\n}\n\nBody.mixIn(Request.prototype);\n\nObject.defineProperty(Request.prototype, Symbol.toStringTag, {\n\tvalue: 'Request',\n\twritable: false,\n\tenumerable: false,\n\tconfigurable: true\n});\n\nObject.defineProperties(Request.prototype, {\n\tmethod: { enumerable: true },\n\turl: { enumerable: true },\n\theaders: { enumerable: true },\n\tredirect: { enumerable: true },\n\tclone: { enumerable: true },\n\tsignal: { enumerable: true }\n});\n\n/**\n * Convert a Request to Node.js http request options.\n *\n * @param   Request  A Request instance\n * @return  Object   The options object to be passed to http.request\n */\nfunction getNodeRequestOptions(request) {\n\tconst parsedURL = request[INTERNALS$2].parsedURL;\n\tconst headers = new Headers(request[INTERNALS$2].headers);\n\n\t// fetch step 1.3\n\tif (!headers.has('Accept')) {\n\t\theaders.set('Accept', '*/*');\n\t}\n\n\t// Basic fetch\n\tif (!parsedURL.protocol || !parsedURL.hostname) {\n\t\tthrow new TypeError('Only absolute URLs are supported');\n\t}\n\n\tif (!/^https?:$/.test(parsedURL.protocol)) {\n\t\tthrow new TypeError('Only HTTP(S) protocols are supported');\n\t}\n\n\tif (request.signal && request.body instanceof Stream.Readable && !streamDestructionSupported) {\n\t\tthrow new Error('Cancellation of streamed requests with AbortSignal is not supported in node < 8');\n\t}\n\n\t// HTTP-network-or-cache fetch steps 2.4-2.7\n\tlet contentLengthValue = null;\n\tif (request.body == null && /^(POST|PUT)$/i.test(request.method)) {\n\t\tcontentLengthValue = '0';\n\t}\n\tif (request.body != null) {\n\t\tconst totalBytes = getTotalBytes(request);\n\t\tif (typeof totalBytes === 'number') {\n\t\t\tcontentLengthValue = String(totalBytes);\n\t\t}\n\t}\n\tif (contentLengthValue) {\n\t\theaders.set('Content-Length', contentLengthValue);\n\t}\n\n\t// HTTP-network-or-cache fetch step 2.11\n\tif (!headers.has('User-Agent')) {\n\t\theaders.set('User-Agent', 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)');\n\t}\n\n\t// HTTP-network-or-cache fetch step 2.15\n\tif (request.compress && !headers.has('Accept-Encoding')) {\n\t\theaders.set('Accept-Encoding', 'gzip,deflate');\n\t}\n\n\tlet agent = request.agent;\n\tif (typeof agent === 'function') {\n\t\tagent = agent(parsedURL);\n\t}\n\n\tif (!headers.has('Connection') && !agent) {\n\t\theaders.set('Connection', 'close');\n\t}\n\n\t// HTTP-network fetch step 4.2\n\t// chunked encoding is handled by Node.js\n\n\treturn Object.assign({}, parsedURL, {\n\t\tmethod: request.method,\n\t\theaders: exportNodeCompatibleHeaders(headers),\n\t\tagent\n\t});\n}\n\n/**\n * abort-error.js\n *\n * AbortError interface for cancelled requests\n */\n\n/**\n * Create AbortError instance\n *\n * @param   String      message      Error message for human\n * @return  AbortError\n */\nfunction AbortError(message) {\n  Error.call(this, message);\n\n  this.type = 'aborted';\n  this.message = message;\n\n  // hide custom error implementation details from end-users\n  Error.captureStackTrace(this, this.constructor);\n}\n\nAbortError.prototype = Object.create(Error.prototype);\nAbortError.prototype.constructor = AbortError;\nAbortError.prototype.name = 'AbortError';\n\nconst URL$1 = Url.URL || whatwgUrl.URL;\n\n// fix an issue where \"PassThrough\", \"resolve\" aren't a named export for node <10\nconst PassThrough$1 = Stream.PassThrough;\n\nconst isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {\n\tconst orig = new URL$1(original).hostname;\n\tconst dest = new URL$1(destination).hostname;\n\n\treturn orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);\n};\n\n/**\n * Fetch function\n *\n * @param   Mixed    url   Absolute url or Request instance\n * @param   Object   opts  Fetch options\n * @return  Promise\n */\nfunction fetch(url, opts) {\n\n\t// allow custom promise\n\tif (!fetch.Promise) {\n\t\tthrow new Error('native promise missing, set fetch.Promise to your favorite alternative');\n\t}\n\n\tBody.Promise = fetch.Promise;\n\n\t// wrap http.request into fetch\n\treturn new fetch.Promise(function (resolve, reject) {\n\t\t// build request object\n\t\tconst request = new Request(url, opts);\n\t\tconst options = getNodeRequestOptions(request);\n\n\t\tconst send = (options.protocol === 'https:' ? https : http).request;\n\t\tconst signal = request.signal;\n\n\t\tlet response = null;\n\n\t\tconst abort = function abort() {\n\t\t\tlet error = new AbortError('The user aborted a request.');\n\t\t\treject(error);\n\t\t\tif (request.body && request.body instanceof Stream.Readable) {\n\t\t\t\trequest.body.destroy(error);\n\t\t\t}\n\t\t\tif (!response || !response.body) return;\n\t\t\tresponse.body.emit('error', error);\n\t\t};\n\n\t\tif (signal && signal.aborted) {\n\t\t\tabort();\n\t\t\treturn;\n\t\t}\n\n\t\tconst abortAndFinalize = function abortAndFinalize() {\n\t\t\tabort();\n\t\t\tfinalize();\n\t\t};\n\n\t\t// send request\n\t\tconst req = send(options);\n\t\tlet reqTimeout;\n\n\t\tif (signal) {\n\t\t\tsignal.addEventListener('abort', abortAndFinalize);\n\t\t}\n\n\t\tfunction finalize() {\n\t\t\treq.abort();\n\t\t\tif (signal) signal.removeEventListener('abort', abortAndFinalize);\n\t\t\tclearTimeout(reqTimeout);\n\t\t}\n\n\t\tif (request.timeout) {\n\t\t\treq.once('socket', function (socket) {\n\t\t\t\treqTimeout = setTimeout(function () {\n\t\t\t\t\treject(new FetchError(`network timeout at: ${request.url}`, 'request-timeout'));\n\t\t\t\t\tfinalize();\n\t\t\t\t}, request.timeout);\n\t\t\t});\n\t\t}\n\n\t\treq.on('error', function (err) {\n\t\t\treject(new FetchError(`request to ${request.url} failed, reason: ${err.message}`, 'system', err));\n\t\t\tfinalize();\n\t\t});\n\n\t\treq.on('response', function (res) {\n\t\t\tclearTimeout(reqTimeout);\n\n\t\t\tconst headers = createHeadersLenient(res.headers);\n\n\t\t\t// HTTP fetch step 5\n\t\t\tif (fetch.isRedirect(res.statusCode)) {\n\t\t\t\t// HTTP fetch step 5.2\n\t\t\t\tconst location = headers.get('Location');\n\n\t\t\t\t// HTTP fetch step 5.3\n\t\t\t\tlet locationURL = null;\n\t\t\t\ttry {\n\t\t\t\t\tlocationURL = location === null ? null : new URL$1(location, request.url).toString();\n\t\t\t\t} catch (err) {\n\t\t\t\t\t// error here can only be invalid URL in Location: header\n\t\t\t\t\t// do not throw when options.redirect == manual\n\t\t\t\t\t// let the user extract the errorneous redirect URL\n\t\t\t\t\tif (request.redirect !== 'manual') {\n\t\t\t\t\t\treject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// HTTP fetch step 5.5\n\t\t\t\tswitch (request.redirect) {\n\t\t\t\t\tcase 'error':\n\t\t\t\t\t\treject(new FetchError(`uri requested responds with a redirect, redirect mode is set to error: ${request.url}`, 'no-redirect'));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t\tcase 'manual':\n\t\t\t\t\t\t// node-fetch-specific step: make manual redirect a bit easier to use by setting the Location header value to the resolved URL.\n\t\t\t\t\t\tif (locationURL !== null) {\n\t\t\t\t\t\t\t// handle corrupted header\n\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\theaders.set('Location', locationURL);\n\t\t\t\t\t\t\t} catch (err) {\n\t\t\t\t\t\t\t\t// istanbul ignore next: nodejs server prevent invalid response headers, we can't test this through normal request\n\t\t\t\t\t\t\t\treject(err);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 'follow':\n\t\t\t\t\t\t// HTTP-redirect fetch step 2\n\t\t\t\t\t\tif (locationURL === null) {\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 5\n\t\t\t\t\t\tif (request.counter >= request.follow) {\n\t\t\t\t\t\t\treject(new FetchError(`maximum redirect reached at: ${request.url}`, 'max-redirect'));\n\t\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 6 (counter increment)\n\t\t\t\t\t\t// Create a new Request object.\n\t\t\t\t\t\tconst requestOpts = {\n\t\t\t\t\t\t\theaders: new Headers(request.headers),\n\t\t\t\t\t\t\tfollow: request.follow,\n\t\t\t\t\t\t\tcounter: request.counter + 1,\n\t\t\t\t\t\t\tagent: request.agent,\n\t\t\t\t\t\t\tcompress: request.compress,\n\t\t\t\t\t\t\tmethod: request.method,\n\t\t\t\t\t\t\tbody: request.body,\n\t\t\t\t\t\t\tsignal: request.signal,\n\t\t\t\t\t\t\ttimeout: request.timeout,\n\t\t\t\t\t\t\tsize: request.size\n\t\t\t\t\t\t};\n\n\t\t\t\t\t\tif (!isDomainOrSubdomain(request.url, locationURL)) {\n\t\t\t\t\t\t\tfor (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {\n\t\t\t\t\t\t\t\trequestOpts.headers.delete(name);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 9\n\t\t\t\t\t\tif (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {\n\t\t\t\t\t\t\treject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));\n\t\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 11\n\t\t\t\t\t\tif (res.statusCode === 303 || (res.statusCode === 301 || res.statusCode === 302) && request.method === 'POST') {\n\t\t\t\t\t\t\trequestOpts.method = 'GET';\n\t\t\t\t\t\t\trequestOpts.body = undefined;\n\t\t\t\t\t\t\trequestOpts.headers.delete('content-length');\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t// HTTP-redirect fetch step 15\n\t\t\t\t\t\tresolve(fetch(new Request(locationURL, requestOpts)));\n\t\t\t\t\t\tfinalize();\n\t\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// prepare response\n\t\t\tres.once('end', function () {\n\t\t\t\tif (signal) signal.removeEventListener('abort', abortAndFinalize);\n\t\t\t});\n\t\t\tlet body = res.pipe(new PassThrough$1());\n\n\t\t\tconst response_options = {\n\t\t\t\turl: request.url,\n\t\t\t\tstatus: res.statusCode,\n\t\t\t\tstatusText: res.statusMessage,\n\t\t\t\theaders: headers,\n\t\t\t\tsize: request.size,\n\t\t\t\ttimeout: request.timeout,\n\t\t\t\tcounter: request.counter\n\t\t\t};\n\n\t\t\t// HTTP-network fetch step 12.1.1.3\n\t\t\tconst codings = headers.get('Content-Encoding');\n\n\t\t\t// HTTP-network fetch step 12.1.1.4: handle content codings\n\n\t\t\t// in following scenarios we ignore compression support\n\t\t\t// 1. compression support is disabled\n\t\t\t// 2. HEAD request\n\t\t\t// 3. no Content-Encoding header\n\t\t\t// 4. no content response (204)\n\t\t\t// 5. content not modified response (304)\n\t\t\tif (!request.compress || request.method === 'HEAD' || codings === null || res.statusCode === 204 || res.statusCode === 304) {\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// For Node v6+\n\t\t\t// Be less strict when decoding compressed responses, since sometimes\n\t\t\t// servers send slightly invalid responses that are still accepted\n\t\t\t// by common browsers.\n\t\t\t// Always using Z_SYNC_FLUSH is what cURL does.\n\t\t\tconst zlibOptions = {\n\t\t\t\tflush: zlib.Z_SYNC_FLUSH,\n\t\t\t\tfinishFlush: zlib.Z_SYNC_FLUSH\n\t\t\t};\n\n\t\t\t// for gzip\n\t\t\tif (codings == 'gzip' || codings == 'x-gzip') {\n\t\t\t\tbody = body.pipe(zlib.createGunzip(zlibOptions));\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// for deflate\n\t\t\tif (codings == 'deflate' || codings == 'x-deflate') {\n\t\t\t\t// handle the infamous raw deflate response from old servers\n\t\t\t\t// a hack for old IIS and Apache servers\n\t\t\t\tconst raw = res.pipe(new PassThrough$1());\n\t\t\t\traw.once('data', function (chunk) {\n\t\t\t\t\t// see http://stackoverflow.com/questions/37519828\n\t\t\t\t\tif ((chunk[0] & 0x0F) === 0x08) {\n\t\t\t\t\t\tbody = body.pipe(zlib.createInflate());\n\t\t\t\t\t} else {\n\t\t\t\t\t\tbody = body.pipe(zlib.createInflateRaw());\n\t\t\t\t\t}\n\t\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\t\tresolve(response);\n\t\t\t\t});\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// for br\n\t\t\tif (codings == 'br' && typeof zlib.createBrotliDecompress === 'function') {\n\t\t\t\tbody = body.pipe(zlib.createBrotliDecompress());\n\t\t\t\tresponse = new Response(body, response_options);\n\t\t\t\tresolve(response);\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// otherwise, use response as-is\n\t\t\tresponse = new Response(body, response_options);\n\t\t\tresolve(response);\n\t\t});\n\n\t\twriteToStream(req, request);\n\t});\n}\n/**\n * Redirect code matching\n *\n * @param   Number   code  Status code\n * @return  Boolean\n */\nfetch.isRedirect = function (code) {\n\treturn code === 301 || code === 302 || code === 303 || code === 307 || code === 308;\n};\n\n// expose Promise\nfetch.Promise = global.Promise;\n\nmodule.exports = exports = fetch;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.default = exports;\nexports.Headers = Headers;\nexports.Request = Request;\nexports.Response = Response;\nexports.FetchError = FetchError;\n","var wrappy = require('wrappy')\nmodule.exports = wrappy(once)\nmodule.exports.strict = wrappy(onceStrict)\n\nonce.proto = once(function () {\n  Object.defineProperty(Function.prototype, 'once', {\n    value: function () {\n      return once(this)\n    },\n    configurable: true\n  })\n\n  Object.defineProperty(Function.prototype, 'onceStrict', {\n    value: function () {\n      return onceStrict(this)\n    },\n    configurable: true\n  })\n})\n\nfunction once (fn) {\n  var f = function () {\n    if (f.called) return f.value\n    f.called = true\n    return f.value = fn.apply(this, arguments)\n  }\n  f.called = false\n  return f\n}\n\nfunction onceStrict (fn) {\n  var f = function () {\n    if (f.called)\n      throw new Error(f.onceError)\n    f.called = true\n    return f.value = fn.apply(this, arguments)\n  }\n  var name = fn.name || 'Function wrapped with `once`'\n  f.onceError = name + \" shouldn't be called more than once\"\n  f.called = false\n  return f\n}\n","exports = module.exports = SemVer\n\nvar debug\n/* istanbul ignore next */\nif (typeof process === 'object' &&\n    process.env &&\n    process.env.NODE_DEBUG &&\n    /\\bsemver\\b/i.test(process.env.NODE_DEBUG)) {\n  debug = function () {\n    var args = Array.prototype.slice.call(arguments, 0)\n    args.unshift('SEMVER')\n    console.log.apply(console, args)\n  }\n} else {\n  debug = function () {}\n}\n\n// Note: this is the semver.org version of the spec that it implements\n// Not necessarily the package version of this code.\nexports.SEMVER_SPEC_VERSION = '2.0.0'\n\nvar MAX_LENGTH = 256\nvar MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||\n  /* istanbul ignore next */ 9007199254740991\n\n// Max safe segment length for coercion.\nvar MAX_SAFE_COMPONENT_LENGTH = 16\n\n// The actual regexps go on exports.re\nvar re = exports.re = []\nvar src = exports.src = []\nvar t = exports.tokens = {}\nvar R = 0\n\nfunction tok (n) {\n  t[n] = R++\n}\n\n// The following Regular Expressions can be used for tokenizing,\n// validating, and parsing SemVer version strings.\n\n// ## Numeric Identifier\n// A single `0`, or a non-zero digit followed by zero or more digits.\n\ntok('NUMERICIDENTIFIER')\nsrc[t.NUMERICIDENTIFIER] = '0|[1-9]\\\\d*'\ntok('NUMERICIDENTIFIERLOOSE')\nsrc[t.NUMERICIDENTIFIERLOOSE] = '[0-9]+'\n\n// ## Non-numeric Identifier\n// Zero or more digits, followed by a letter or hyphen, and then zero or\n// more letters, digits, or hyphens.\n\ntok('NONNUMERICIDENTIFIER')\nsrc[t.NONNUMERICIDENTIFIER] = '\\\\d*[a-zA-Z-][a-zA-Z0-9-]*'\n\n// ## Main Version\n// Three dot-separated numeric identifiers.\n\ntok('MAINVERSION')\nsrc[t.MAINVERSION] = '(' + src[t.NUMERICIDENTIFIER] + ')\\\\.' +\n                   '(' + src[t.NUMERICIDENTIFIER] + ')\\\\.' +\n                   '(' + src[t.NUMERICIDENTIFIER] + ')'\n\ntok('MAINVERSIONLOOSE')\nsrc[t.MAINVERSIONLOOSE] = '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\\\.' +\n                        '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\\\.' +\n                        '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')'\n\n// ## Pre-release Version Identifier\n// A numeric identifier, or a non-numeric identifier.\n\ntok('PRERELEASEIDENTIFIER')\nsrc[t.PRERELEASEIDENTIFIER] = '(?:' + src[t.NUMERICIDENTIFIER] +\n                            '|' + src[t.NONNUMERICIDENTIFIER] + ')'\n\ntok('PRERELEASEIDENTIFIERLOOSE')\nsrc[t.PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[t.NUMERICIDENTIFIERLOOSE] +\n                                 '|' + src[t.NONNUMERICIDENTIFIER] + ')'\n\n// ## Pre-release Version\n// Hyphen, followed by one or more dot-separated pre-release version\n// identifiers.\n\ntok('PRERELEASE')\nsrc[t.PRERELEASE] = '(?:-(' + src[t.PRERELEASEIDENTIFIER] +\n                  '(?:\\\\.' + src[t.PRERELEASEIDENTIFIER] + ')*))'\n\ntok('PRERELEASELOOSE')\nsrc[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +\n                       '(?:\\\\.' + src[t.PRERELEASEIDENTIFIERLOOSE] + ')*))'\n\n// ## Build Metadata Identifier\n// Any combination of digits, letters, or hyphens.\n\ntok('BUILDIDENTIFIER')\nsrc[t.BUILDIDENTIFIER] = '[0-9A-Za-z-]+'\n\n// ## Build Metadata\n// Plus sign, followed by one or more period-separated build metadata\n// identifiers.\n\ntok('BUILD')\nsrc[t.BUILD] = '(?:\\\\+(' + src[t.BUILDIDENTIFIER] +\n             '(?:\\\\.' + src[t.BUILDIDENTIFIER] + ')*))'\n\n// ## Full Version String\n// A main version, followed optionally by a pre-release version and\n// build metadata.\n\n// Note that the only major, minor, patch, and pre-release sections of\n// the version string are capturing groups.  The build metadata is not a\n// capturing group, because it should not ever be used in version\n// comparison.\n\ntok('FULL')\ntok('FULLPLAIN')\nsrc[t.FULLPLAIN] = 'v?' + src[t.MAINVERSION] +\n                  src[t.PRERELEASE] + '?' +\n                  src[t.BUILD] + '?'\n\nsrc[t.FULL] = '^' + src[t.FULLPLAIN] + '$'\n\n// like full, but allows v1.2.3 and =1.2.3, which people do sometimes.\n// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty\n// common in the npm registry.\ntok('LOOSEPLAIN')\nsrc[t.LOOSEPLAIN] = '[v=\\\\s]*' + src[t.MAINVERSIONLOOSE] +\n                  src[t.PRERELEASELOOSE] + '?' +\n                  src[t.BUILD] + '?'\n\ntok('LOOSE')\nsrc[t.LOOSE] = '^' + src[t.LOOSEPLAIN] + '$'\n\ntok('GTLT')\nsrc[t.GTLT] = '((?:<|>)?=?)'\n\n// Something like \"2.*\" or \"1.2.x\".\n// Note that \"x.x\" is a valid xRange identifer, meaning \"any version\"\n// Only the first item is strictly required.\ntok('XRANGEIDENTIFIERLOOSE')\nsrc[t.XRANGEIDENTIFIERLOOSE] = src[t.NUMERICIDENTIFIERLOOSE] + '|x|X|\\\\*'\ntok('XRANGEIDENTIFIER')\nsrc[t.XRANGEIDENTIFIER] = src[t.NUMERICIDENTIFIER] + '|x|X|\\\\*'\n\ntok('XRANGEPLAIN')\nsrc[t.XRANGEPLAIN] = '[v=\\\\s]*(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:\\\\.(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:\\\\.(' + src[t.XRANGEIDENTIFIER] + ')' +\n                   '(?:' + src[t.PRERELEASE] + ')?' +\n                   src[t.BUILD] + '?' +\n                   ')?)?'\n\ntok('XRANGEPLAINLOOSE')\nsrc[t.XRANGEPLAINLOOSE] = '[v=\\\\s]*(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:\\\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:\\\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +\n                        '(?:' + src[t.PRERELEASELOOSE] + ')?' +\n                        src[t.BUILD] + '?' +\n                        ')?)?'\n\ntok('XRANGE')\nsrc[t.XRANGE] = '^' + src[t.GTLT] + '\\\\s*' + src[t.XRANGEPLAIN] + '$'\ntok('XRANGELOOSE')\nsrc[t.XRANGELOOSE] = '^' + src[t.GTLT] + '\\\\s*' + src[t.XRANGEPLAINLOOSE] + '$'\n\n// Coercion.\n// Extract anything that could conceivably be a part of a valid semver\ntok('COERCE')\nsrc[t.COERCE] = '(^|[^\\\\d])' +\n              '(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' +\n              '(?:\\\\.(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +\n              '(?:\\\\.(\\\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +\n              '(?:$|[^\\\\d])'\ntok('COERCERTL')\nre[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')\n\n// Tilde ranges.\n// Meaning is \"reasonably at or greater than\"\ntok('LONETILDE')\nsrc[t.LONETILDE] = '(?:~>?)'\n\ntok('TILDETRIM')\nsrc[t.TILDETRIM] = '(\\\\s*)' + src[t.LONETILDE] + '\\\\s+'\nre[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')\nvar tildeTrimReplace = '$1~'\n\ntok('TILDE')\nsrc[t.TILDE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAIN] + '$'\ntok('TILDELOOSE')\nsrc[t.TILDELOOSE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAINLOOSE] + '$'\n\n// Caret ranges.\n// Meaning is \"at least and backwards compatible with\"\ntok('LONECARET')\nsrc[t.LONECARET] = '(?:\\\\^)'\n\ntok('CARETTRIM')\nsrc[t.CARETTRIM] = '(\\\\s*)' + src[t.LONECARET] + '\\\\s+'\nre[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')\nvar caretTrimReplace = '$1^'\n\ntok('CARET')\nsrc[t.CARET] = '^' + src[t.LONECARET] + src[t.XRANGEPLAIN] + '$'\ntok('CARETLOOSE')\nsrc[t.CARETLOOSE] = '^' + src[t.LONECARET] + src[t.XRANGEPLAINLOOSE] + '$'\n\n// A simple gt/lt/eq thing, or just \"\" to indicate \"any version\"\ntok('COMPARATORLOOSE')\nsrc[t.COMPARATORLOOSE] = '^' + src[t.GTLT] + '\\\\s*(' + src[t.LOOSEPLAIN] + ')$|^$'\ntok('COMPARATOR')\nsrc[t.COMPARATOR] = '^' + src[t.GTLT] + '\\\\s*(' + src[t.FULLPLAIN] + ')$|^$'\n\n// An expression to strip any whitespace between the gtlt and the thing\n// it modifies, so that `> 1.2.3` ==> `>1.2.3`\ntok('COMPARATORTRIM')\nsrc[t.COMPARATORTRIM] = '(\\\\s*)' + src[t.GTLT] +\n                      '\\\\s*(' + src[t.LOOSEPLAIN] + '|' + src[t.XRANGEPLAIN] + ')'\n\n// this one has to use the /g flag\nre[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')\nvar comparatorTrimReplace = '$1$2$3'\n\n// Something like `1.2.3 - 1.2.4`\n// Note that these all use the loose form, because they'll be\n// checked against either the strict or loose comparator form\n// later.\ntok('HYPHENRANGE')\nsrc[t.HYPHENRANGE] = '^\\\\s*(' + src[t.XRANGEPLAIN] + ')' +\n                   '\\\\s+-\\\\s+' +\n                   '(' + src[t.XRANGEPLAIN] + ')' +\n                   '\\\\s*$'\n\ntok('HYPHENRANGELOOSE')\nsrc[t.HYPHENRANGELOOSE] = '^\\\\s*(' + src[t.XRANGEPLAINLOOSE] + ')' +\n                        '\\\\s+-\\\\s+' +\n                        '(' + src[t.XRANGEPLAINLOOSE] + ')' +\n                        '\\\\s*$'\n\n// Star ranges basically just allow anything at all.\ntok('STAR')\nsrc[t.STAR] = '(<|>)?=?\\\\s*\\\\*'\n\n// Compile to actual regexp objects.\n// All are flag-free, unless they were created above with a flag.\nfor (var i = 0; i < R; i++) {\n  debug(i, src[i])\n  if (!re[i]) {\n    re[i] = new RegExp(src[i])\n  }\n}\n\nexports.parse = parse\nfunction parse (version, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (version instanceof SemVer) {\n    return version\n  }\n\n  if (typeof version !== 'string') {\n    return null\n  }\n\n  if (version.length > MAX_LENGTH) {\n    return null\n  }\n\n  var r = options.loose ? re[t.LOOSE] : re[t.FULL]\n  if (!r.test(version)) {\n    return null\n  }\n\n  try {\n    return new SemVer(version, options)\n  } catch (er) {\n    return null\n  }\n}\n\nexports.valid = valid\nfunction valid (version, options) {\n  var v = parse(version, options)\n  return v ? v.version : null\n}\n\nexports.clean = clean\nfunction clean (version, options) {\n  var s = parse(version.trim().replace(/^[=v]+/, ''), options)\n  return s ? s.version : null\n}\n\nexports.SemVer = SemVer\n\nfunction SemVer (version, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n  if (version instanceof SemVer) {\n    if (version.loose === options.loose) {\n      return version\n    } else {\n      version = version.version\n    }\n  } else if (typeof version !== 'string') {\n    throw new TypeError('Invalid Version: ' + version)\n  }\n\n  if (version.length > MAX_LENGTH) {\n    throw new TypeError('version is longer than ' + MAX_LENGTH + ' characters')\n  }\n\n  if (!(this instanceof SemVer)) {\n    return new SemVer(version, options)\n  }\n\n  debug('SemVer', version, options)\n  this.options = options\n  this.loose = !!options.loose\n\n  var m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])\n\n  if (!m) {\n    throw new TypeError('Invalid Version: ' + version)\n  }\n\n  this.raw = version\n\n  // these are actually numbers\n  this.major = +m[1]\n  this.minor = +m[2]\n  this.patch = +m[3]\n\n  if (this.major > MAX_SAFE_INTEGER || this.major < 0) {\n    throw new TypeError('Invalid major version')\n  }\n\n  if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) {\n    throw new TypeError('Invalid minor version')\n  }\n\n  if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) {\n    throw new TypeError('Invalid patch version')\n  }\n\n  // numberify any prerelease numeric ids\n  if (!m[4]) {\n    this.prerelease = []\n  } else {\n    this.prerelease = m[4].split('.').map(function (id) {\n      if (/^[0-9]+$/.test(id)) {\n        var num = +id\n        if (num >= 0 && num < MAX_SAFE_INTEGER) {\n          return num\n        }\n      }\n      return id\n    })\n  }\n\n  this.build = m[5] ? m[5].split('.') : []\n  this.format()\n}\n\nSemVer.prototype.format = function () {\n  this.version = this.major + '.' + this.minor + '.' + this.patch\n  if (this.prerelease.length) {\n    this.version += '-' + this.prerelease.join('.')\n  }\n  return this.version\n}\n\nSemVer.prototype.toString = function () {\n  return this.version\n}\n\nSemVer.prototype.compare = function (other) {\n  debug('SemVer.compare', this.version, this.options, other)\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  return this.compareMain(other) || this.comparePre(other)\n}\n\nSemVer.prototype.compareMain = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  return compareIdentifiers(this.major, other.major) ||\n         compareIdentifiers(this.minor, other.minor) ||\n         compareIdentifiers(this.patch, other.patch)\n}\n\nSemVer.prototype.comparePre = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  // NOT having a prerelease is > having one\n  if (this.prerelease.length && !other.prerelease.length) {\n    return -1\n  } else if (!this.prerelease.length && other.prerelease.length) {\n    return 1\n  } else if (!this.prerelease.length && !other.prerelease.length) {\n    return 0\n  }\n\n  var i = 0\n  do {\n    var a = this.prerelease[i]\n    var b = other.prerelease[i]\n    debug('prerelease compare', i, a, b)\n    if (a === undefined && b === undefined) {\n      return 0\n    } else if (b === undefined) {\n      return 1\n    } else if (a === undefined) {\n      return -1\n    } else if (a === b) {\n      continue\n    } else {\n      return compareIdentifiers(a, b)\n    }\n  } while (++i)\n}\n\nSemVer.prototype.compareBuild = function (other) {\n  if (!(other instanceof SemVer)) {\n    other = new SemVer(other, this.options)\n  }\n\n  var i = 0\n  do {\n    var a = this.build[i]\n    var b = other.build[i]\n    debug('prerelease compare', i, a, b)\n    if (a === undefined && b === undefined) {\n      return 0\n    } else if (b === undefined) {\n      return 1\n    } else if (a === undefined) {\n      return -1\n    } else if (a === b) {\n      continue\n    } else {\n      return compareIdentifiers(a, b)\n    }\n  } while (++i)\n}\n\n// preminor will bump the version up to the next minor release, and immediately\n// down to pre-release. premajor and prepatch work the same way.\nSemVer.prototype.inc = function (release, identifier) {\n  switch (release) {\n    case 'premajor':\n      this.prerelease.length = 0\n      this.patch = 0\n      this.minor = 0\n      this.major++\n      this.inc('pre', identifier)\n      break\n    case 'preminor':\n      this.prerelease.length = 0\n      this.patch = 0\n      this.minor++\n      this.inc('pre', identifier)\n      break\n    case 'prepatch':\n      // If this is already a prerelease, it will bump to the next version\n      // drop any prereleases that might already exist, since they are not\n      // relevant at this point.\n      this.prerelease.length = 0\n      this.inc('patch', identifier)\n      this.inc('pre', identifier)\n      break\n    // If the input is a non-prerelease version, this acts the same as\n    // prepatch.\n    case 'prerelease':\n      if (this.prerelease.length === 0) {\n        this.inc('patch', identifier)\n      }\n      this.inc('pre', identifier)\n      break\n\n    case 'major':\n      // If this is a pre-major version, bump up to the same major version.\n      // Otherwise increment major.\n      // 1.0.0-5 bumps to 1.0.0\n      // 1.1.0 bumps to 2.0.0\n      if (this.minor !== 0 ||\n          this.patch !== 0 ||\n          this.prerelease.length === 0) {\n        this.major++\n      }\n      this.minor = 0\n      this.patch = 0\n      this.prerelease = []\n      break\n    case 'minor':\n      // If this is a pre-minor version, bump up to the same minor version.\n      // Otherwise increment minor.\n      // 1.2.0-5 bumps to 1.2.0\n      // 1.2.1 bumps to 1.3.0\n      if (this.patch !== 0 || this.prerelease.length === 0) {\n        this.minor++\n      }\n      this.patch = 0\n      this.prerelease = []\n      break\n    case 'patch':\n      // If this is not a pre-release version, it will increment the patch.\n      // If it is a pre-release it will bump up to the same patch version.\n      // 1.2.0-5 patches to 1.2.0\n      // 1.2.0 patches to 1.2.1\n      if (this.prerelease.length === 0) {\n        this.patch++\n      }\n      this.prerelease = []\n      break\n    // This probably shouldn't be used publicly.\n    // 1.0.0 \"pre\" would become 1.0.0-0 which is the wrong direction.\n    case 'pre':\n      if (this.prerelease.length === 0) {\n        this.prerelease = [0]\n      } else {\n        var i = this.prerelease.length\n        while (--i >= 0) {\n          if (typeof this.prerelease[i] === 'number') {\n            this.prerelease[i]++\n            i = -2\n          }\n        }\n        if (i === -1) {\n          // didn't increment anything\n          this.prerelease.push(0)\n        }\n      }\n      if (identifier) {\n        // 1.2.0-beta.1 bumps to 1.2.0-beta.2,\n        // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0\n        if (this.prerelease[0] === identifier) {\n          if (isNaN(this.prerelease[1])) {\n            this.prerelease = [identifier, 0]\n          }\n        } else {\n          this.prerelease = [identifier, 0]\n        }\n      }\n      break\n\n    default:\n      throw new Error('invalid increment argument: ' + release)\n  }\n  this.format()\n  this.raw = this.version\n  return this\n}\n\nexports.inc = inc\nfunction inc (version, release, loose, identifier) {\n  if (typeof (loose) === 'string') {\n    identifier = loose\n    loose = undefined\n  }\n\n  try {\n    return new SemVer(version, loose).inc(release, identifier).version\n  } catch (er) {\n    return null\n  }\n}\n\nexports.diff = diff\nfunction diff (version1, version2) {\n  if (eq(version1, version2)) {\n    return null\n  } else {\n    var v1 = parse(version1)\n    var v2 = parse(version2)\n    var prefix = ''\n    if (v1.prerelease.length || v2.prerelease.length) {\n      prefix = 'pre'\n      var defaultResult = 'prerelease'\n    }\n    for (var key in v1) {\n      if (key === 'major' || key === 'minor' || key === 'patch') {\n        if (v1[key] !== v2[key]) {\n          return prefix + key\n        }\n      }\n    }\n    return defaultResult // may be undefined\n  }\n}\n\nexports.compareIdentifiers = compareIdentifiers\n\nvar numeric = /^[0-9]+$/\nfunction compareIdentifiers (a, b) {\n  var anum = numeric.test(a)\n  var bnum = numeric.test(b)\n\n  if (anum && bnum) {\n    a = +a\n    b = +b\n  }\n\n  return a === b ? 0\n    : (anum && !bnum) ? -1\n    : (bnum && !anum) ? 1\n    : a < b ? -1\n    : 1\n}\n\nexports.rcompareIdentifiers = rcompareIdentifiers\nfunction rcompareIdentifiers (a, b) {\n  return compareIdentifiers(b, a)\n}\n\nexports.major = major\nfunction major (a, loose) {\n  return new SemVer(a, loose).major\n}\n\nexports.minor = minor\nfunction minor (a, loose) {\n  return new SemVer(a, loose).minor\n}\n\nexports.patch = patch\nfunction patch (a, loose) {\n  return new SemVer(a, loose).patch\n}\n\nexports.compare = compare\nfunction compare (a, b, loose) {\n  return new SemVer(a, loose).compare(new SemVer(b, loose))\n}\n\nexports.compareLoose = compareLoose\nfunction compareLoose (a, b) {\n  return compare(a, b, true)\n}\n\nexports.compareBuild = compareBuild\nfunction compareBuild (a, b, loose) {\n  var versionA = new SemVer(a, loose)\n  var versionB = new SemVer(b, loose)\n  return versionA.compare(versionB) || versionA.compareBuild(versionB)\n}\n\nexports.rcompare = rcompare\nfunction rcompare (a, b, loose) {\n  return compare(b, a, loose)\n}\n\nexports.sort = sort\nfunction sort (list, loose) {\n  return list.sort(function (a, b) {\n    return exports.compareBuild(a, b, loose)\n  })\n}\n\nexports.rsort = rsort\nfunction rsort (list, loose) {\n  return list.sort(function (a, b) {\n    return exports.compareBuild(b, a, loose)\n  })\n}\n\nexports.gt = gt\nfunction gt (a, b, loose) {\n  return compare(a, b, loose) > 0\n}\n\nexports.lt = lt\nfunction lt (a, b, loose) {\n  return compare(a, b, loose) < 0\n}\n\nexports.eq = eq\nfunction eq (a, b, loose) {\n  return compare(a, b, loose) === 0\n}\n\nexports.neq = neq\nfunction neq (a, b, loose) {\n  return compare(a, b, loose) !== 0\n}\n\nexports.gte = gte\nfunction gte (a, b, loose) {\n  return compare(a, b, loose) >= 0\n}\n\nexports.lte = lte\nfunction lte (a, b, loose) {\n  return compare(a, b, loose) <= 0\n}\n\nexports.cmp = cmp\nfunction cmp (a, op, b, loose) {\n  switch (op) {\n    case '===':\n      if (typeof a === 'object')\n        a = a.version\n      if (typeof b === 'object')\n        b = b.version\n      return a === b\n\n    case '!==':\n      if (typeof a === 'object')\n        a = a.version\n      if (typeof b === 'object')\n        b = b.version\n      return a !== b\n\n    case '':\n    case '=':\n    case '==':\n      return eq(a, b, loose)\n\n    case '!=':\n      return neq(a, b, loose)\n\n    case '>':\n      return gt(a, b, loose)\n\n    case '>=':\n      return gte(a, b, loose)\n\n    case '<':\n      return lt(a, b, loose)\n\n    case '<=':\n      return lte(a, b, loose)\n\n    default:\n      throw new TypeError('Invalid operator: ' + op)\n  }\n}\n\nexports.Comparator = Comparator\nfunction Comparator (comp, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (comp instanceof Comparator) {\n    if (comp.loose === !!options.loose) {\n      return comp\n    } else {\n      comp = comp.value\n    }\n  }\n\n  if (!(this instanceof Comparator)) {\n    return new Comparator(comp, options)\n  }\n\n  debug('comparator', comp, options)\n  this.options = options\n  this.loose = !!options.loose\n  this.parse(comp)\n\n  if (this.semver === ANY) {\n    this.value = ''\n  } else {\n    this.value = this.operator + this.semver.version\n  }\n\n  debug('comp', this)\n}\n\nvar ANY = {}\nComparator.prototype.parse = function (comp) {\n  var r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]\n  var m = comp.match(r)\n\n  if (!m) {\n    throw new TypeError('Invalid comparator: ' + comp)\n  }\n\n  this.operator = m[1] !== undefined ? m[1] : ''\n  if (this.operator === '=') {\n    this.operator = ''\n  }\n\n  // if it literally is just '>' or '' then allow anything.\n  if (!m[2]) {\n    this.semver = ANY\n  } else {\n    this.semver = new SemVer(m[2], this.options.loose)\n  }\n}\n\nComparator.prototype.toString = function () {\n  return this.value\n}\n\nComparator.prototype.test = function (version) {\n  debug('Comparator.test', version, this.options.loose)\n\n  if (this.semver === ANY || version === ANY) {\n    return true\n  }\n\n  if (typeof version === 'string') {\n    try {\n      version = new SemVer(version, this.options)\n    } catch (er) {\n      return false\n    }\n  }\n\n  return cmp(version, this.operator, this.semver, this.options)\n}\n\nComparator.prototype.intersects = function (comp, options) {\n  if (!(comp instanceof Comparator)) {\n    throw new TypeError('a Comparator is required')\n  }\n\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  var rangeTmp\n\n  if (this.operator === '') {\n    if (this.value === '') {\n      return true\n    }\n    rangeTmp = new Range(comp.value, options)\n    return satisfies(this.value, rangeTmp, options)\n  } else if (comp.operator === '') {\n    if (comp.value === '') {\n      return true\n    }\n    rangeTmp = new Range(this.value, options)\n    return satisfies(comp.semver, rangeTmp, options)\n  }\n\n  var sameDirectionIncreasing =\n    (this.operator === '>=' || this.operator === '>') &&\n    (comp.operator === '>=' || comp.operator === '>')\n  var sameDirectionDecreasing =\n    (this.operator === '<=' || this.operator === '<') &&\n    (comp.operator === '<=' || comp.operator === '<')\n  var sameSemVer = this.semver.version === comp.semver.version\n  var differentDirectionsInclusive =\n    (this.operator === '>=' || this.operator === '<=') &&\n    (comp.operator === '>=' || comp.operator === '<=')\n  var oppositeDirectionsLessThan =\n    cmp(this.semver, '<', comp.semver, options) &&\n    ((this.operator === '>=' || this.operator === '>') &&\n    (comp.operator === '<=' || comp.operator === '<'))\n  var oppositeDirectionsGreaterThan =\n    cmp(this.semver, '>', comp.semver, options) &&\n    ((this.operator === '<=' || this.operator === '<') &&\n    (comp.operator === '>=' || comp.operator === '>'))\n\n  return sameDirectionIncreasing || sameDirectionDecreasing ||\n    (sameSemVer && differentDirectionsInclusive) ||\n    oppositeDirectionsLessThan || oppositeDirectionsGreaterThan\n}\n\nexports.Range = Range\nfunction Range (range, options) {\n  if (!options || typeof options !== 'object') {\n    options = {\n      loose: !!options,\n      includePrerelease: false\n    }\n  }\n\n  if (range instanceof Range) {\n    if (range.loose === !!options.loose &&\n        range.includePrerelease === !!options.includePrerelease) {\n      return range\n    } else {\n      return new Range(range.raw, options)\n    }\n  }\n\n  if (range instanceof Comparator) {\n    return new Range(range.value, options)\n  }\n\n  if (!(this instanceof Range)) {\n    return new Range(range, options)\n  }\n\n  this.options = options\n  this.loose = !!options.loose\n  this.includePrerelease = !!options.includePrerelease\n\n  // First, split based on boolean or ||\n  this.raw = range\n  this.set = range.split(/\\s*\\|\\|\\s*/).map(function (range) {\n    return this.parseRange(range.trim())\n  }, this).filter(function (c) {\n    // throw out any that are not relevant for whatever reason\n    return c.length\n  })\n\n  if (!this.set.length) {\n    throw new TypeError('Invalid SemVer Range: ' + range)\n  }\n\n  this.format()\n}\n\nRange.prototype.format = function () {\n  this.range = this.set.map(function (comps) {\n    return comps.join(' ').trim()\n  }).join('||').trim()\n  return this.range\n}\n\nRange.prototype.toString = function () {\n  return this.range\n}\n\nRange.prototype.parseRange = function (range) {\n  var loose = this.options.loose\n  range = range.trim()\n  // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`\n  var hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]\n  range = range.replace(hr, hyphenReplace)\n  debug('hyphen replace', range)\n  // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`\n  range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace)\n  debug('comparator trim', range, re[t.COMPARATORTRIM])\n\n  // `~ 1.2.3` => `~1.2.3`\n  range = range.replace(re[t.TILDETRIM], tildeTrimReplace)\n\n  // `^ 1.2.3` => `^1.2.3`\n  range = range.replace(re[t.CARETTRIM], caretTrimReplace)\n\n  // normalize spaces\n  range = range.split(/\\s+/).join(' ')\n\n  // At this point, the range is completely trimmed and\n  // ready to be split into comparators.\n\n  var compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]\n  var set = range.split(' ').map(function (comp) {\n    return parseComparator(comp, this.options)\n  }, this).join(' ').split(/\\s+/)\n  if (this.options.loose) {\n    // in loose mode, throw out any that are not valid comparators\n    set = set.filter(function (comp) {\n      return !!comp.match(compRe)\n    })\n  }\n  set = set.map(function (comp) {\n    return new Comparator(comp, this.options)\n  }, this)\n\n  return set\n}\n\nRange.prototype.intersects = function (range, options) {\n  if (!(range instanceof Range)) {\n    throw new TypeError('a Range is required')\n  }\n\n  return this.set.some(function (thisComparators) {\n    return (\n      isSatisfiable(thisComparators, options) &&\n      range.set.some(function (rangeComparators) {\n        return (\n          isSatisfiable(rangeComparators, options) &&\n          thisComparators.every(function (thisComparator) {\n            return rangeComparators.every(function (rangeComparator) {\n              return thisComparator.intersects(rangeComparator, options)\n            })\n          })\n        )\n      })\n    )\n  })\n}\n\n// take a set of comparators and determine whether there\n// exists a version which can satisfy it\nfunction isSatisfiable (comparators, options) {\n  var result = true\n  var remainingComparators = comparators.slice()\n  var testComparator = remainingComparators.pop()\n\n  while (result && remainingComparators.length) {\n    result = remainingComparators.every(function (otherComparator) {\n      return testComparator.intersects(otherComparator, options)\n    })\n\n    testComparator = remainingComparators.pop()\n  }\n\n  return result\n}\n\n// Mostly just for testing and legacy API reasons\nexports.toComparators = toComparators\nfunction toComparators (range, options) {\n  return new Range(range, options).set.map(function (comp) {\n    return comp.map(function (c) {\n      return c.value\n    }).join(' ').trim().split(' ')\n  })\n}\n\n// comprised of xranges, tildes, stars, and gtlt's at this point.\n// already replaced the hyphen ranges\n// turn into a set of JUST comparators.\nfunction parseComparator (comp, options) {\n  debug('comp', comp, options)\n  comp = replaceCarets(comp, options)\n  debug('caret', comp)\n  comp = replaceTildes(comp, options)\n  debug('tildes', comp)\n  comp = replaceXRanges(comp, options)\n  debug('xrange', comp)\n  comp = replaceStars(comp, options)\n  debug('stars', comp)\n  return comp\n}\n\nfunction isX (id) {\n  return !id || id.toLowerCase() === 'x' || id === '*'\n}\n\n// ~, ~> --> * (any, kinda silly)\n// ~2, ~2.x, ~2.x.x, ~>2, ~>2.x ~>2.x.x --> >=2.0.0 <3.0.0\n// ~2.0, ~2.0.x, ~>2.0, ~>2.0.x --> >=2.0.0 <2.1.0\n// ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0\n// ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0\n// ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0\nfunction replaceTildes (comp, options) {\n  return comp.trim().split(/\\s+/).map(function (comp) {\n    return replaceTilde(comp, options)\n  }).join(' ')\n}\n\nfunction replaceTilde (comp, options) {\n  var r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]\n  return comp.replace(r, function (_, M, m, p, pr) {\n    debug('tilde', comp, _, M, m, p, pr)\n    var ret\n\n    if (isX(M)) {\n      ret = ''\n    } else if (isX(m)) {\n      ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0'\n    } else if (isX(p)) {\n      // ~1.2 == >=1.2.0 <1.3.0\n      ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0'\n    } else if (pr) {\n      debug('replaceTilde pr', pr)\n      ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n            ' <' + M + '.' + (+m + 1) + '.0'\n    } else {\n      // ~1.2.3 == >=1.2.3 <1.3.0\n      ret = '>=' + M + '.' + m + '.' + p +\n            ' <' + M + '.' + (+m + 1) + '.0'\n    }\n\n    debug('tilde return', ret)\n    return ret\n  })\n}\n\n// ^ --> * (any, kinda silly)\n// ^2, ^2.x, ^2.x.x --> >=2.0.0 <3.0.0\n// ^2.0, ^2.0.x --> >=2.0.0 <3.0.0\n// ^1.2, ^1.2.x --> >=1.2.0 <2.0.0\n// ^1.2.3 --> >=1.2.3 <2.0.0\n// ^1.2.0 --> >=1.2.0 <2.0.0\nfunction replaceCarets (comp, options) {\n  return comp.trim().split(/\\s+/).map(function (comp) {\n    return replaceCaret(comp, options)\n  }).join(' ')\n}\n\nfunction replaceCaret (comp, options) {\n  debug('caret', comp, options)\n  var r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]\n  return comp.replace(r, function (_, M, m, p, pr) {\n    debug('caret', comp, _, M, m, p, pr)\n    var ret\n\n    if (isX(M)) {\n      ret = ''\n    } else if (isX(m)) {\n      ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0'\n    } else if (isX(p)) {\n      if (M === '0') {\n        ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0'\n      } else {\n        ret = '>=' + M + '.' + m + '.0 <' + (+M + 1) + '.0.0'\n      }\n    } else if (pr) {\n      debug('replaceCaret pr', pr)\n      if (M === '0') {\n        if (m === '0') {\n          ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n                ' <' + M + '.' + m + '.' + (+p + 1)\n        } else {\n          ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n                ' <' + M + '.' + (+m + 1) + '.0'\n        }\n      } else {\n        ret = '>=' + M + '.' + m + '.' + p + '-' + pr +\n              ' <' + (+M + 1) + '.0.0'\n      }\n    } else {\n      debug('no pr')\n      if (M === '0') {\n        if (m === '0') {\n          ret = '>=' + M + '.' + m + '.' + p +\n                ' <' + M + '.' + m + '.' + (+p + 1)\n        } else {\n          ret = '>=' + M + '.' + m + '.' + p +\n                ' <' + M + '.' + (+m + 1) + '.0'\n        }\n      } else {\n        ret = '>=' + M + '.' + m + '.' + p +\n              ' <' + (+M + 1) + '.0.0'\n      }\n    }\n\n    debug('caret return', ret)\n    return ret\n  })\n}\n\nfunction replaceXRanges (comp, options) {\n  debug('replaceXRanges', comp, options)\n  return comp.split(/\\s+/).map(function (comp) {\n    return replaceXRange(comp, options)\n  }).join(' ')\n}\n\nfunction replaceXRange (comp, options) {\n  comp = comp.trim()\n  var r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]\n  return comp.replace(r, function (ret, gtlt, M, m, p, pr) {\n    debug('xRange', comp, ret, gtlt, M, m, p, pr)\n    var xM = isX(M)\n    var xm = xM || isX(m)\n    var xp = xm || isX(p)\n    var anyX = xp\n\n    if (gtlt === '=' && anyX) {\n      gtlt = ''\n    }\n\n    // if we're including prereleases in the match, then we need\n    // to fix this to -0, the lowest possible prerelease value\n    pr = options.includePrerelease ? '-0' : ''\n\n    if (xM) {\n      if (gtlt === '>' || gtlt === '<') {\n        // nothing is allowed\n        ret = '<0.0.0-0'\n      } else {\n        // nothing is forbidden\n        ret = '*'\n      }\n    } else if (gtlt && anyX) {\n      // we know patch is an x, because we have any x at all.\n      // replace X with 0\n      if (xm) {\n        m = 0\n      }\n      p = 0\n\n      if (gtlt === '>') {\n        // >1 => >=2.0.0\n        // >1.2 => >=1.3.0\n        // >1.2.3 => >= 1.2.4\n        gtlt = '>='\n        if (xm) {\n          M = +M + 1\n          m = 0\n          p = 0\n        } else {\n          m = +m + 1\n          p = 0\n        }\n      } else if (gtlt === '<=') {\n        // <=0.7.x is actually <0.8.0, since any 0.7.x should\n        // pass.  Similarly, <=7.x is actually <8.0.0, etc.\n        gtlt = '<'\n        if (xm) {\n          M = +M + 1\n        } else {\n          m = +m + 1\n        }\n      }\n\n      ret = gtlt + M + '.' + m + '.' + p + pr\n    } else if (xm) {\n      ret = '>=' + M + '.0.0' + pr + ' <' + (+M + 1) + '.0.0' + pr\n    } else if (xp) {\n      ret = '>=' + M + '.' + m + '.0' + pr +\n        ' <' + M + '.' + (+m + 1) + '.0' + pr\n    }\n\n    debug('xRange return', ret)\n\n    return ret\n  })\n}\n\n// Because * is AND-ed with everything else in the comparator,\n// and '' means \"any version\", just remove the *s entirely.\nfunction replaceStars (comp, options) {\n  debug('replaceStars', comp, options)\n  // Looseness is ignored here.  star is always as loose as it gets!\n  return comp.trim().replace(re[t.STAR], '')\n}\n\n// This function is passed to string.replace(re[t.HYPHENRANGE])\n// M, m, patch, prerelease, build\n// 1.2 - 3.4.5 => >=1.2.0 <=3.4.5\n// 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do\n// 1.2 - 3.4 => >=1.2.0 <3.5.0\nfunction hyphenReplace ($0,\n  from, fM, fm, fp, fpr, fb,\n  to, tM, tm, tp, tpr, tb) {\n  if (isX(fM)) {\n    from = ''\n  } else if (isX(fm)) {\n    from = '>=' + fM + '.0.0'\n  } else if (isX(fp)) {\n    from = '>=' + fM + '.' + fm + '.0'\n  } else {\n    from = '>=' + from\n  }\n\n  if (isX(tM)) {\n    to = ''\n  } else if (isX(tm)) {\n    to = '<' + (+tM + 1) + '.0.0'\n  } else if (isX(tp)) {\n    to = '<' + tM + '.' + (+tm + 1) + '.0'\n  } else if (tpr) {\n    to = '<=' + tM + '.' + tm + '.' + tp + '-' + tpr\n  } else {\n    to = '<=' + to\n  }\n\n  return (from + ' ' + to).trim()\n}\n\n// if ANY of the sets match ALL of its comparators, then pass\nRange.prototype.test = function (version) {\n  if (!version) {\n    return false\n  }\n\n  if (typeof version === 'string') {\n    try {\n      version = new SemVer(version, this.options)\n    } catch (er) {\n      return false\n    }\n  }\n\n  for (var i = 0; i < this.set.length; i++) {\n    if (testSet(this.set[i], version, this.options)) {\n      return true\n    }\n  }\n  return false\n}\n\nfunction testSet (set, version, options) {\n  for (var i = 0; i < set.length; i++) {\n    if (!set[i].test(version)) {\n      return false\n    }\n  }\n\n  if (version.prerelease.length && !options.includePrerelease) {\n    // Find the set of versions that are allowed to have prereleases\n    // For example, ^1.2.3-pr.1 desugars to >=1.2.3-pr.1 <2.0.0\n    // That should allow `1.2.3-pr.2` to pass.\n    // However, `1.2.4-alpha.notready` should NOT be allowed,\n    // even though it's within the range set by the comparators.\n    for (i = 0; i < set.length; i++) {\n      debug(set[i].semver)\n      if (set[i].semver === ANY) {\n        continue\n      }\n\n      if (set[i].semver.prerelease.length > 0) {\n        var allowed = set[i].semver\n        if (allowed.major === version.major &&\n            allowed.minor === version.minor &&\n            allowed.patch === version.patch) {\n          return true\n        }\n      }\n    }\n\n    // Version has a -pre, but it's not one of the ones we like.\n    return false\n  }\n\n  return true\n}\n\nexports.satisfies = satisfies\nfunction satisfies (version, range, options) {\n  try {\n    range = new Range(range, options)\n  } catch (er) {\n    return false\n  }\n  return range.test(version)\n}\n\nexports.maxSatisfying = maxSatisfying\nfunction maxSatisfying (versions, range, options) {\n  var max = null\n  var maxSV = null\n  try {\n    var rangeObj = new Range(range, options)\n  } catch (er) {\n    return null\n  }\n  versions.forEach(function (v) {\n    if (rangeObj.test(v)) {\n      // satisfies(v, range, options)\n      if (!max || maxSV.compare(v) === -1) {\n        // compare(max, v, true)\n        max = v\n        maxSV = new SemVer(max, options)\n      }\n    }\n  })\n  return max\n}\n\nexports.minSatisfying = minSatisfying\nfunction minSatisfying (versions, range, options) {\n  var min = null\n  var minSV = null\n  try {\n    var rangeObj = new Range(range, options)\n  } catch (er) {\n    return null\n  }\n  versions.forEach(function (v) {\n    if (rangeObj.test(v)) {\n      // satisfies(v, range, options)\n      if (!min || minSV.compare(v) === 1) {\n        // compare(min, v, true)\n        min = v\n        minSV = new SemVer(min, options)\n      }\n    }\n  })\n  return min\n}\n\nexports.minVersion = minVersion\nfunction minVersion (range, loose) {\n  range = new Range(range, loose)\n\n  var minver = new SemVer('0.0.0')\n  if (range.test(minver)) {\n    return minver\n  }\n\n  minver = new SemVer('0.0.0-0')\n  if (range.test(minver)) {\n    return minver\n  }\n\n  minver = null\n  for (var i = 0; i < range.set.length; ++i) {\n    var comparators = range.set[i]\n\n    comparators.forEach(function (comparator) {\n      // Clone to avoid manipulating the comparator's semver object.\n      var compver = new SemVer(comparator.semver.version)\n      switch (comparator.operator) {\n        case '>':\n          if (compver.prerelease.length === 0) {\n            compver.patch++\n          } else {\n            compver.prerelease.push(0)\n          }\n          compver.raw = compver.format()\n          /* fallthrough */\n        case '':\n        case '>=':\n          if (!minver || gt(minver, compver)) {\n            minver = compver\n          }\n          break\n        case '<':\n        case '<=':\n          /* Ignore maximum versions */\n          break\n        /* istanbul ignore next */\n        default:\n          throw new Error('Unexpected operation: ' + comparator.operator)\n      }\n    })\n  }\n\n  if (minver && range.test(minver)) {\n    return minver\n  }\n\n  return null\n}\n\nexports.validRange = validRange\nfunction validRange (range, options) {\n  try {\n    // Return '*' instead of '' so that truthiness works.\n    // This will throw if it's invalid anyway\n    return new Range(range, options).range || '*'\n  } catch (er) {\n    return null\n  }\n}\n\n// Determine if version is less than all the versions possible in the range\nexports.ltr = ltr\nfunction ltr (version, range, options) {\n  return outside(version, range, '<', options)\n}\n\n// Determine if version is greater than all the versions possible in the range.\nexports.gtr = gtr\nfunction gtr (version, range, options) {\n  return outside(version, range, '>', options)\n}\n\nexports.outside = outside\nfunction outside (version, range, hilo, options) {\n  version = new SemVer(version, options)\n  range = new Range(range, options)\n\n  var gtfn, ltefn, ltfn, comp, ecomp\n  switch (hilo) {\n    case '>':\n      gtfn = gt\n      ltefn = lte\n      ltfn = lt\n      comp = '>'\n      ecomp = '>='\n      break\n    case '<':\n      gtfn = lt\n      ltefn = gte\n      ltfn = gt\n      comp = '<'\n      ecomp = '<='\n      break\n    default:\n      throw new TypeError('Must provide a hilo val of \"<\" or \">\"')\n  }\n\n  // If it satisifes the range it is not outside\n  if (satisfies(version, range, options)) {\n    return false\n  }\n\n  // From now on, variable terms are as if we're in \"gtr\" mode.\n  // but note that everything is flipped for the \"ltr\" function.\n\n  for (var i = 0; i < range.set.length; ++i) {\n    var comparators = range.set[i]\n\n    var high = null\n    var low = null\n\n    comparators.forEach(function (comparator) {\n      if (comparator.semver === ANY) {\n        comparator = new Comparator('>=0.0.0')\n      }\n      high = high || comparator\n      low = low || comparator\n      if (gtfn(comparator.semver, high.semver, options)) {\n        high = comparator\n      } else if (ltfn(comparator.semver, low.semver, options)) {\n        low = comparator\n      }\n    })\n\n    // If the edge version comparator has a operator then our version\n    // isn't outside it\n    if (high.operator === comp || high.operator === ecomp) {\n      return false\n    }\n\n    // If the lowest version comparator has an operator and our version\n    // is less than it then it isn't higher than the range\n    if ((!low.operator || low.operator === comp) &&\n        ltefn(version, low.semver)) {\n      return false\n    } else if (low.operator === ecomp && ltfn(version, low.semver)) {\n      return false\n    }\n  }\n  return true\n}\n\nexports.prerelease = prerelease\nfunction prerelease (version, options) {\n  var parsed = parse(version, options)\n  return (parsed && parsed.prerelease.length) ? parsed.prerelease : null\n}\n\nexports.intersects = intersects\nfunction intersects (r1, r2, options) {\n  r1 = new Range(r1, options)\n  r2 = new Range(r2, options)\n  return r1.intersects(r2)\n}\n\nexports.coerce = coerce\nfunction coerce (version, options) {\n  if (version instanceof SemVer) {\n    return version\n  }\n\n  if (typeof version === 'number') {\n    version = String(version)\n  }\n\n  if (typeof version !== 'string') {\n    return null\n  }\n\n  options = options || {}\n\n  var match = null\n  if (!options.rtl) {\n    match = version.match(re[t.COERCE])\n  } else {\n    // Find the right-most coercible string that does not share\n    // a terminus with a more left-ward coercible string.\n    // Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'\n    //\n    // Walk through the string checking with a /g regexp\n    // Manually set the index so as to pick up overlapping matches.\n    // Stop when we get a match that ends at the string end, since no\n    // coercible string can be more right-ward without the same terminus.\n    var next\n    while ((next = re[t.COERCERTL].exec(version)) &&\n      (!match || match.index + match[0].length !== version.length)\n    ) {\n      if (!match ||\n          next.index + next[0].length !== match.index + match[0].length) {\n        match = next\n      }\n      re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length\n    }\n    // leave it in a clean state\n    re[t.COERCERTL].lastIndex = -1\n  }\n\n  if (match === null) {\n    return null\n  }\n\n  return parse(match[2] +\n    '.' + (match[3] || '0') +\n    '.' + (match[4] || '0'), options)\n}\n","\"use strict\";\n\nvar punycode = require(\"punycode\");\nvar mappingTable = require(\"./lib/mappingTable.json\");\n\nvar PROCESSING_OPTIONS = {\n  TRANSITIONAL: 0,\n  NONTRANSITIONAL: 1\n};\n\nfunction normalize(str) { // fix bug in v8\n  return str.split('\\u0000').map(function (s) { return s.normalize('NFC'); }).join('\\u0000');\n}\n\nfunction findStatus(val) {\n  var start = 0;\n  var end = mappingTable.length - 1;\n\n  while (start <= end) {\n    var mid = Math.floor((start + end) / 2);\n\n    var target = mappingTable[mid];\n    if (target[0][0] <= val && target[0][1] >= val) {\n      return target;\n    } else if (target[0][0] > val) {\n      end = mid - 1;\n    } else {\n      start = mid + 1;\n    }\n  }\n\n  return null;\n}\n\nvar regexAstralSymbols = /[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]/g;\n\nfunction countSymbols(string) {\n  return string\n    // replace every surrogate pair with a BMP symbol\n    .replace(regexAstralSymbols, '_')\n    // then get the length\n    .length;\n}\n\nfunction mapChars(domain_name, useSTD3, processing_option) {\n  var hasError = false;\n  var processed = \"\";\n\n  var len = countSymbols(domain_name);\n  for (var i = 0; i < len; ++i) {\n    var codePoint = domain_name.codePointAt(i);\n    var status = findStatus(codePoint);\n\n    switch (status[1]) {\n      case \"disallowed\":\n        hasError = true;\n        processed += String.fromCodePoint(codePoint);\n        break;\n      case \"ignored\":\n        break;\n      case \"mapped\":\n        processed += String.fromCodePoint.apply(String, status[2]);\n        break;\n      case \"deviation\":\n        if (processing_option === PROCESSING_OPTIONS.TRANSITIONAL) {\n          processed += String.fromCodePoint.apply(String, status[2]);\n        } else {\n          processed += String.fromCodePoint(codePoint);\n        }\n        break;\n      case \"valid\":\n        processed += String.fromCodePoint(codePoint);\n        break;\n      case \"disallowed_STD3_mapped\":\n        if (useSTD3) {\n          hasError = true;\n          processed += String.fromCodePoint(codePoint);\n        } else {\n          processed += String.fromCodePoint.apply(String, status[2]);\n        }\n        break;\n      case \"disallowed_STD3_valid\":\n        if (useSTD3) {\n          hasError = true;\n        }\n\n        processed += String.fromCodePoint(codePoint);\n        break;\n    }\n  }\n\n  return {\n    string: processed,\n    error: hasError\n  };\n}\n\nvar combiningMarksRegex = /[\\u0300-\\u036F\\u0483-\\u0489\\u0591-\\u05BD\\u05BF\\u05C1\\u05C2\\u05C4\\u05C5\\u05C7\\u0610-\\u061A\\u064B-\\u065F\\u0670\\u06D6-\\u06DC\\u06DF-\\u06E4\\u06E7\\u06E8\\u06EA-\\u06ED\\u0711\\u0730-\\u074A\\u07A6-\\u07B0\\u07EB-\\u07F3\\u0816-\\u0819\\u081B-\\u0823\\u0825-\\u0827\\u0829-\\u082D\\u0859-\\u085B\\u08E4-\\u0903\\u093A-\\u093C\\u093E-\\u094F\\u0951-\\u0957\\u0962\\u0963\\u0981-\\u0983\\u09BC\\u09BE-\\u09C4\\u09C7\\u09C8\\u09CB-\\u09CD\\u09D7\\u09E2\\u09E3\\u0A01-\\u0A03\\u0A3C\\u0A3E-\\u0A42\\u0A47\\u0A48\\u0A4B-\\u0A4D\\u0A51\\u0A70\\u0A71\\u0A75\\u0A81-\\u0A83\\u0ABC\\u0ABE-\\u0AC5\\u0AC7-\\u0AC9\\u0ACB-\\u0ACD\\u0AE2\\u0AE3\\u0B01-\\u0B03\\u0B3C\\u0B3E-\\u0B44\\u0B47\\u0B48\\u0B4B-\\u0B4D\\u0B56\\u0B57\\u0B62\\u0B63\\u0B82\\u0BBE-\\u0BC2\\u0BC6-\\u0BC8\\u0BCA-\\u0BCD\\u0BD7\\u0C00-\\u0C03\\u0C3E-\\u0C44\\u0C46-\\u0C48\\u0C4A-\\u0C4D\\u0C55\\u0C56\\u0C62\\u0C63\\u0C81-\\u0C83\\u0CBC\\u0CBE-\\u0CC4\\u0CC6-\\u0CC8\\u0CCA-\\u0CCD\\u0CD5\\u0CD6\\u0CE2\\u0CE3\\u0D01-\\u0D03\\u0D3E-\\u0D44\\u0D46-\\u0D48\\u0D4A-\\u0D4D\\u0D57\\u0D62\\u0D63\\u0D82\\u0D83\\u0DCA\\u0DCF-\\u0DD4\\u0DD6\\u0DD8-\\u0DDF\\u0DF2\\u0DF3\\u0E31\\u0E34-\\u0E3A\\u0E47-\\u0E4E\\u0EB1\\u0EB4-\\u0EB9\\u0EBB\\u0EBC\\u0EC8-\\u0ECD\\u0F18\\u0F19\\u0F35\\u0F37\\u0F39\\u0F3E\\u0F3F\\u0F71-\\u0F84\\u0F86\\u0F87\\u0F8D-\\u0F97\\u0F99-\\u0FBC\\u0FC6\\u102B-\\u103E\\u1056-\\u1059\\u105E-\\u1060\\u1062-\\u1064\\u1067-\\u106D\\u1071-\\u1074\\u1082-\\u108D\\u108F\\u109A-\\u109D\\u135D-\\u135F\\u1712-\\u1714\\u1732-\\u1734\\u1752\\u1753\\u1772\\u1773\\u17B4-\\u17D3\\u17DD\\u180B-\\u180D\\u18A9\\u1920-\\u192B\\u1930-\\u193B\\u19B0-\\u19C0\\u19C8\\u19C9\\u1A17-\\u1A1B\\u1A55-\\u1A5E\\u1A60-\\u1A7C\\u1A7F\\u1AB0-\\u1ABE\\u1B00-\\u1B04\\u1B34-\\u1B44\\u1B6B-\\u1B73\\u1B80-\\u1B82\\u1BA1-\\u1BAD\\u1BE6-\\u1BF3\\u1C24-\\u1C37\\u1CD0-\\u1CD2\\u1CD4-\\u1CE8\\u1CED\\u1CF2-\\u1CF4\\u1CF8\\u1CF9\\u1DC0-\\u1DF5\\u1DFC-\\u1DFF\\u20D0-\\u20F0\\u2CEF-\\u2CF1\\u2D7F\\u2DE0-\\u2DFF\\u302A-\\u302F\\u3099\\u309A\\uA66F-\\uA672\\uA674-\\uA67D\\uA69F\\uA6F0\\uA6F1\\uA802\\uA806\\uA80B\\uA823-\\uA827\\uA880\\uA881\\uA8B4-\\uA8C4\\uA8E0-\\uA8F1\\uA926-\\uA92D\\uA947-\\uA953\\uA980-\\uA983\\uA9B3-\\uA9C0\\uA9E5\\uAA29-\\uAA36\\uAA43\\uAA4C\\uAA4D\\uAA7B-\\uAA7D\\uAAB0\\uAAB2-\\uAAB4\\uAAB7\\uAAB8\\uAABE\\uAABF\\uAAC1\\uAAEB-\\uAAEF\\uAAF5\\uAAF6\\uABE3-\\uABEA\\uABEC\\uABED\\uFB1E\\uFE00-\\uFE0F\\uFE20-\\uFE2D]|\\uD800[\\uDDFD\\uDEE0\\uDF76-\\uDF7A]|\\uD802[\\uDE01-\\uDE03\\uDE05\\uDE06\\uDE0C-\\uDE0F\\uDE38-\\uDE3A\\uDE3F\\uDEE5\\uDEE6]|\\uD804[\\uDC00-\\uDC02\\uDC38-\\uDC46\\uDC7F-\\uDC82\\uDCB0-\\uDCBA\\uDD00-\\uDD02\\uDD27-\\uDD34\\uDD73\\uDD80-\\uDD82\\uDDB3-\\uDDC0\\uDE2C-\\uDE37\\uDEDF-\\uDEEA\\uDF01-\\uDF03\\uDF3C\\uDF3E-\\uDF44\\uDF47\\uDF48\\uDF4B-\\uDF4D\\uDF57\\uDF62\\uDF63\\uDF66-\\uDF6C\\uDF70-\\uDF74]|\\uD805[\\uDCB0-\\uDCC3\\uDDAF-\\uDDB5\\uDDB8-\\uDDC0\\uDE30-\\uDE40\\uDEAB-\\uDEB7]|\\uD81A[\\uDEF0-\\uDEF4\\uDF30-\\uDF36]|\\uD81B[\\uDF51-\\uDF7E\\uDF8F-\\uDF92]|\\uD82F[\\uDC9D\\uDC9E]|\\uD834[\\uDD65-\\uDD69\\uDD6D-\\uDD72\\uDD7B-\\uDD82\\uDD85-\\uDD8B\\uDDAA-\\uDDAD\\uDE42-\\uDE44]|\\uD83A[\\uDCD0-\\uDCD6]|\\uDB40[\\uDD00-\\uDDEF]/;\n\nfunction validateLabel(label, processing_option) {\n  if (label.substr(0, 4) === \"xn--\") {\n    label = punycode.toUnicode(label);\n    processing_option = PROCESSING_OPTIONS.NONTRANSITIONAL;\n  }\n\n  var error = false;\n\n  if (normalize(label) !== label ||\n      (label[3] === \"-\" && label[4] === \"-\") ||\n      label[0] === \"-\" || label[label.length - 1] === \"-\" ||\n      label.indexOf(\".\") !== -1 ||\n      label.search(combiningMarksRegex) === 0) {\n    error = true;\n  }\n\n  var len = countSymbols(label);\n  for (var i = 0; i < len; ++i) {\n    var status = findStatus(label.codePointAt(i));\n    if ((processing === PROCESSING_OPTIONS.TRANSITIONAL && status[1] !== \"valid\") ||\n        (processing === PROCESSING_OPTIONS.NONTRANSITIONAL &&\n         status[1] !== \"valid\" && status[1] !== \"deviation\")) {\n      error = true;\n      break;\n    }\n  }\n\n  return {\n    label: label,\n    error: error\n  };\n}\n\nfunction processing(domain_name, useSTD3, processing_option) {\n  var result = mapChars(domain_name, useSTD3, processing_option);\n  result.string = normalize(result.string);\n\n  var labels = result.string.split(\".\");\n  for (var i = 0; i < labels.length; ++i) {\n    try {\n      var validation = validateLabel(labels[i]);\n      labels[i] = validation.label;\n      result.error = result.error || validation.error;\n    } catch(e) {\n      result.error = true;\n    }\n  }\n\n  return {\n    string: labels.join(\".\"),\n    error: result.error\n  };\n}\n\nmodule.exports.toASCII = function(domain_name, useSTD3, processing_option, verifyDnsLength) {\n  var result = processing(domain_name, useSTD3, processing_option);\n  var labels = result.string.split(\".\");\n  labels = labels.map(function(l) {\n    try {\n      return punycode.toASCII(l);\n    } catch(e) {\n      result.error = true;\n      return l;\n    }\n  });\n\n  if (verifyDnsLength) {\n    var total = labels.slice(0, labels.length - 1).join(\".\").length;\n    if (total.length > 253 || total.length === 0) {\n      result.error = true;\n    }\n\n    for (var i=0; i < labels.length; ++i) {\n      if (labels.length > 63 || labels.length === 0) {\n        result.error = true;\n        break;\n      }\n    }\n  }\n\n  if (result.error) return null;\n  return labels.join(\".\");\n};\n\nmodule.exports.toUnicode = function(domain_name, useSTD3) {\n  var result = processing(domain_name, useSTD3, PROCESSING_OPTIONS.NONTRANSITIONAL);\n\n  return {\n    domain: result.string,\n    error: result.error\n  };\n};\n\nmodule.exports.PROCESSING_OPTIONS = PROCESSING_OPTIONS;\n","module.exports = require('./lib/tunnel');\n","'use strict';\n\nvar net = require('net');\nvar tls = require('tls');\nvar http = require('http');\nvar https = require('https');\nvar events = require('events');\nvar assert = require('assert');\nvar util = require('util');\n\n\nexports.httpOverHttp = httpOverHttp;\nexports.httpsOverHttp = httpsOverHttp;\nexports.httpOverHttps = httpOverHttps;\nexports.httpsOverHttps = httpsOverHttps;\n\n\nfunction httpOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  return agent;\n}\n\nfunction httpsOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\nfunction httpOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  return agent;\n}\n\nfunction httpsOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\n\nfunction TunnelingAgent(options) {\n  var self = this;\n  self.options = options || {};\n  self.proxyOptions = self.options.proxy || {};\n  self.maxSockets = self.options.maxSockets || http.Agent.defaultMaxSockets;\n  self.requests = [];\n  self.sockets = [];\n\n  self.on('free', function onFree(socket, host, port, localAddress) {\n    var options = toOptions(host, port, localAddress);\n    for (var i = 0, len = self.requests.length; i < len; ++i) {\n      var pending = self.requests[i];\n      if (pending.host === options.host && pending.port === options.port) {\n        // Detect the request to connect same origin server,\n        // reuse the connection.\n        self.requests.splice(i, 1);\n        pending.request.onSocket(socket);\n        return;\n      }\n    }\n    socket.destroy();\n    self.removeSocket(socket);\n  });\n}\nutil.inherits(TunnelingAgent, events.EventEmitter);\n\nTunnelingAgent.prototype.addRequest = function addRequest(req, host, port, localAddress) {\n  var self = this;\n  var options = mergeOptions({request: req}, self.options, toOptions(host, port, localAddress));\n\n  if (self.sockets.length >= this.maxSockets) {\n    // We are over limit so we'll add it to the queue.\n    self.requests.push(options);\n    return;\n  }\n\n  // If we are under maxSockets create a new one.\n  self.createSocket(options, function(socket) {\n    socket.on('free', onFree);\n    socket.on('close', onCloseOrRemove);\n    socket.on('agentRemove', onCloseOrRemove);\n    req.onSocket(socket);\n\n    function onFree() {\n      self.emit('free', socket, options);\n    }\n\n    function onCloseOrRemove(err) {\n      self.removeSocket(socket);\n      socket.removeListener('free', onFree);\n      socket.removeListener('close', onCloseOrRemove);\n      socket.removeListener('agentRemove', onCloseOrRemove);\n    }\n  });\n};\n\nTunnelingAgent.prototype.createSocket = function createSocket(options, cb) {\n  var self = this;\n  var placeholder = {};\n  self.sockets.push(placeholder);\n\n  var connectOptions = mergeOptions({}, self.proxyOptions, {\n    method: 'CONNECT',\n    path: options.host + ':' + options.port,\n    agent: false,\n    headers: {\n      host: options.host + ':' + options.port\n    }\n  });\n  if (options.localAddress) {\n    connectOptions.localAddress = options.localAddress;\n  }\n  if (connectOptions.proxyAuth) {\n    connectOptions.headers = connectOptions.headers || {};\n    connectOptions.headers['Proxy-Authorization'] = 'Basic ' +\n        new Buffer(connectOptions.proxyAuth).toString('base64');\n  }\n\n  debug('making CONNECT request');\n  var connectReq = self.request(connectOptions);\n  connectReq.useChunkedEncodingByDefault = false; // for v0.6\n  connectReq.once('response', onResponse); // for v0.6\n  connectReq.once('upgrade', onUpgrade);   // for v0.6\n  connectReq.once('connect', onConnect);   // for v0.7 or later\n  connectReq.once('error', onError);\n  connectReq.end();\n\n  function onResponse(res) {\n    // Very hacky. This is necessary to avoid http-parser leaks.\n    res.upgrade = true;\n  }\n\n  function onUpgrade(res, socket, head) {\n    // Hacky.\n    process.nextTick(function() {\n      onConnect(res, socket, head);\n    });\n  }\n\n  function onConnect(res, socket, head) {\n    connectReq.removeAllListeners();\n    socket.removeAllListeners();\n\n    if (res.statusCode !== 200) {\n      debug('tunneling socket could not be established, statusCode=%d',\n        res.statusCode);\n      socket.destroy();\n      var error = new Error('tunneling socket could not be established, ' +\n        'statusCode=' + res.statusCode);\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    if (head.length > 0) {\n      debug('got illegal response body from proxy');\n      socket.destroy();\n      var error = new Error('got illegal response body from proxy');\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    debug('tunneling connection has established');\n    self.sockets[self.sockets.indexOf(placeholder)] = socket;\n    return cb(socket);\n  }\n\n  function onError(cause) {\n    connectReq.removeAllListeners();\n\n    debug('tunneling socket could not be established, cause=%s\\n',\n          cause.message, cause.stack);\n    var error = new Error('tunneling socket could not be established, ' +\n                          'cause=' + cause.message);\n    error.code = 'ECONNRESET';\n    options.request.emit('error', error);\n    self.removeSocket(placeholder);\n  }\n};\n\nTunnelingAgent.prototype.removeSocket = function removeSocket(socket) {\n  var pos = this.sockets.indexOf(socket)\n  if (pos === -1) {\n    return;\n  }\n  this.sockets.splice(pos, 1);\n\n  var pending = this.requests.shift();\n  if (pending) {\n    // If we have pending requests and a socket gets closed a new one\n    // needs to be created to take over in the pool for the one that closed.\n    this.createSocket(pending, function(socket) {\n      pending.request.onSocket(socket);\n    });\n  }\n};\n\nfunction createSecureSocket(options, cb) {\n  var self = this;\n  TunnelingAgent.prototype.createSocket.call(self, options, function(socket) {\n    var hostHeader = options.request.getHeader('host');\n    var tlsOptions = mergeOptions({}, self.options, {\n      socket: socket,\n      servername: hostHeader ? hostHeader.replace(/:.*$/, '') : options.host\n    });\n\n    // 0 is dummy port for v0.6\n    var secureSocket = tls.connect(0, tlsOptions);\n    self.sockets[self.sockets.indexOf(socket)] = secureSocket;\n    cb(secureSocket);\n  });\n}\n\n\nfunction toOptions(host, port, localAddress) {\n  if (typeof host === 'string') { // since v0.10\n    return {\n      host: host,\n      port: port,\n      localAddress: localAddress\n    };\n  }\n  return host; // for v0.11 or later\n}\n\nfunction mergeOptions(target) {\n  for (var i = 1, len = arguments.length; i < len; ++i) {\n    var overrides = arguments[i];\n    if (typeof overrides === 'object') {\n      var keys = Object.keys(overrides);\n      for (var j = 0, keyLen = keys.length; j < keyLen; ++j) {\n        var k = keys[j];\n        if (overrides[k] !== undefined) {\n          target[k] = overrides[k];\n        }\n      }\n    }\n  }\n  return target;\n}\n\n\nvar debug;\nif (process.env.NODE_DEBUG && /\\btunnel\\b/.test(process.env.NODE_DEBUG)) {\n  debug = function() {\n    var args = Array.prototype.slice.call(arguments);\n    if (typeof args[0] === 'string') {\n      args[0] = 'TUNNEL: ' + args[0];\n    } else {\n      args.unshift('TUNNEL:');\n    }\n    console.error.apply(console, args);\n  }\n} else {\n  debug = function() {};\n}\nexports.debug = debug; // for test\n","'use strict';\n\nObject.defineProperty(exports, '__esModule', { value: true });\n\nfunction getUserAgent() {\n  if (typeof navigator === \"object\" && \"userAgent\" in navigator) {\n    return navigator.userAgent;\n  }\n\n  if (typeof process === \"object\" && \"version\" in process) {\n    return `Node.js/${process.version.substr(1)} (${process.platform}; ${process.arch})`;\n  }\n\n  return \"<environment undetectable>\";\n}\n\nexports.getUserAgent = getUserAgent;\n//# sourceMappingURL=index.js.map\n","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nObject.defineProperty(exports, \"v1\", {\n  enumerable: true,\n  get: function () {\n    return _v.default;\n  }\n});\nObject.defineProperty(exports, \"v3\", {\n  enumerable: true,\n  get: function () {\n    return _v2.default;\n  }\n});\nObject.defineProperty(exports, \"v4\", {\n  enumerable: true,\n  get: function () {\n    return _v3.default;\n  }\n});\nObject.defineProperty(exports, \"v5\", {\n  enumerable: true,\n  get: function () {\n    return _v4.default;\n  }\n});\nObject.defineProperty(exports, \"NIL\", {\n  enumerable: true,\n  get: function () {\n    return _nil.default;\n  }\n});\nObject.defineProperty(exports, \"version\", {\n  enumerable: true,\n  get: function () {\n    return _version.default;\n  }\n});\nObject.defineProperty(exports, \"validate\", {\n  enumerable: true,\n  get: function () {\n    return _validate.default;\n  }\n});\nObject.defineProperty(exports, \"stringify\", {\n  enumerable: true,\n  get: function () {\n    return _stringify.default;\n  }\n});\nObject.defineProperty(exports, \"parse\", {\n  enumerable: true,\n  get: function () {\n    return _parse.default;\n  }\n});\n\nvar _v = _interopRequireDefault(require(\"./v1.js\"));\n\nvar _v2 = _interopRequireDefault(require(\"./v3.js\"));\n\nvar _v3 = _interopRequireDefault(require(\"./v4.js\"));\n\nvar _v4 = _interopRequireDefault(require(\"./v5.js\"));\n\nvar _nil = _interopRequireDefault(require(\"./nil.js\"));\n\nvar _version = _interopRequireDefault(require(\"./version.js\"));\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction md5(bytes) {\n  if (Array.isArray(bytes)) {\n    bytes = Buffer.from(bytes);\n  } else if (typeof bytes === 'string') {\n    bytes = Buffer.from(bytes, 'utf8');\n  }\n\n  return _crypto.default.createHash('md5').update(bytes).digest();\n}\n\nvar _default = md5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = '00000000-0000-0000-0000-000000000000';\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction parse(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  let v;\n  const arr = new Uint8Array(16); // Parse ########-....-....-....-............\n\n  arr[0] = (v = parseInt(uuid.slice(0, 8), 16)) >>> 24;\n  arr[1] = v >>> 16 & 0xff;\n  arr[2] = v >>> 8 & 0xff;\n  arr[3] = v & 0xff; // Parse ........-####-....-....-............\n\n  arr[4] = (v = parseInt(uuid.slice(9, 13), 16)) >>> 8;\n  arr[5] = v & 0xff; // Parse ........-....-####-....-............\n\n  arr[6] = (v = parseInt(uuid.slice(14, 18), 16)) >>> 8;\n  arr[7] = v & 0xff; // Parse ........-....-....-####-............\n\n  arr[8] = (v = parseInt(uuid.slice(19, 23), 16)) >>> 8;\n  arr[9] = v & 0xff; // Parse ........-....-....-....-############\n  // (Use \"/\" to avoid 32-bit truncation when bit-shifting high-order bytes)\n\n  arr[10] = (v = parseInt(uuid.slice(24, 36), 16)) / 0x10000000000 & 0xff;\n  arr[11] = v / 0x100000000 & 0xff;\n  arr[12] = v >>> 24 & 0xff;\n  arr[13] = v >>> 16 & 0xff;\n  arr[14] = v >>> 8 & 0xff;\n  arr[15] = v & 0xff;\n  return arr;\n}\n\nvar _default = parse;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000)$/i;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = rng;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst rnds8Pool = new Uint8Array(256); // # of random values to pre-allocate\n\nlet poolPtr = rnds8Pool.length;\n\nfunction rng() {\n  if (poolPtr > rnds8Pool.length - 16) {\n    _crypto.default.randomFillSync(rnds8Pool);\n\n    poolPtr = 0;\n  }\n\n  return rnds8Pool.slice(poolPtr, poolPtr += 16);\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _crypto = _interopRequireDefault(require(\"crypto\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction sha1(bytes) {\n  if (Array.isArray(bytes)) {\n    bytes = Buffer.from(bytes);\n  } else if (typeof bytes === 'string') {\n    bytes = Buffer.from(bytes, 'utf8');\n  }\n\n  return _crypto.default.createHash('sha1').update(bytes).digest();\n}\n\nvar _default = sha1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\nconst byteToHex = [];\n\nfor (let i = 0; i < 256; ++i) {\n  byteToHex.push((i + 0x100).toString(16).substr(1));\n}\n\nfunction stringify(arr, offset = 0) {\n  // Note: Be careful editing this code!  It's been tuned for performance\n  // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434\n  const uuid = (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + '-' + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + '-' + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + '-' + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + '-' + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase(); // Consistency check for valid UUID.  If this throws, it's likely due to one\n  // of the following:\n  // - One or more input array values don't map to a hex octet (leading to\n  // \"undefined\" in the uuid)\n  // - Invalid input values for the RFC `version` or `variant` fields\n\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Stringified UUID is invalid');\n  }\n\n  return uuid;\n}\n\nvar _default = stringify;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n// **`v1()` - Generate time-based UUID**\n//\n// Inspired by https://github.com/LiosK/UUID.js\n// and http://docs.python.org/library/uuid.html\nlet _nodeId;\n\nlet _clockseq; // Previous uuid creation time\n\n\nlet _lastMSecs = 0;\nlet _lastNSecs = 0; // See https://github.com/uuidjs/uuid for API details\n\nfunction v1(options, buf, offset) {\n  let i = buf && offset || 0;\n  const b = buf || new Array(16);\n  options = options || {};\n  let node = options.node || _nodeId;\n  let clockseq = options.clockseq !== undefined ? options.clockseq : _clockseq; // node and clockseq need to be initialized to random values if they're not\n  // specified.  We do this lazily to minimize issues related to insufficient\n  // system entropy.  See #189\n\n  if (node == null || clockseq == null) {\n    const seedBytes = options.random || (options.rng || _rng.default)();\n\n    if (node == null) {\n      // Per 4.5, create and 48-bit node id, (47 random bits + multicast bit = 1)\n      node = _nodeId = [seedBytes[0] | 0x01, seedBytes[1], seedBytes[2], seedBytes[3], seedBytes[4], seedBytes[5]];\n    }\n\n    if (clockseq == null) {\n      // Per 4.2.2, randomize (14 bit) clockseq\n      clockseq = _clockseq = (seedBytes[6] << 8 | seedBytes[7]) & 0x3fff;\n    }\n  } // UUID timestamps are 100 nano-second units since the Gregorian epoch,\n  // (1582-10-15 00:00).  JSNumbers aren't precise enough for this, so\n  // time is handled internally as 'msecs' (integer milliseconds) and 'nsecs'\n  // (100-nanoseconds offset from msecs) since unix epoch, 1970-01-01 00:00.\n\n\n  let msecs = options.msecs !== undefined ? options.msecs : Date.now(); // Per 4.2.1.2, use count of uuid's generated during the current clock\n  // cycle to simulate higher resolution clock\n\n  let nsecs = options.nsecs !== undefined ? options.nsecs : _lastNSecs + 1; // Time since last uuid creation (in msecs)\n\n  const dt = msecs - _lastMSecs + (nsecs - _lastNSecs) / 10000; // Per 4.2.1.2, Bump clockseq on clock regression\n\n  if (dt < 0 && options.clockseq === undefined) {\n    clockseq = clockseq + 1 & 0x3fff;\n  } // Reset nsecs if clock regresses (new clockseq) or we've moved onto a new\n  // time interval\n\n\n  if ((dt < 0 || msecs > _lastMSecs) && options.nsecs === undefined) {\n    nsecs = 0;\n  } // Per 4.2.1.2 Throw error if too many uuids are requested\n\n\n  if (nsecs >= 10000) {\n    throw new Error(\"uuid.v1(): Can't create more than 10M uuids/sec\");\n  }\n\n  _lastMSecs = msecs;\n  _lastNSecs = nsecs;\n  _clockseq = clockseq; // Per 4.1.4 - Convert from unix epoch to Gregorian epoch\n\n  msecs += 12219292800000; // `time_low`\n\n  const tl = ((msecs & 0xfffffff) * 10000 + nsecs) % 0x100000000;\n  b[i++] = tl >>> 24 & 0xff;\n  b[i++] = tl >>> 16 & 0xff;\n  b[i++] = tl >>> 8 & 0xff;\n  b[i++] = tl & 0xff; // `time_mid`\n\n  const tmh = msecs / 0x100000000 * 10000 & 0xfffffff;\n  b[i++] = tmh >>> 8 & 0xff;\n  b[i++] = tmh & 0xff; // `time_high_and_version`\n\n  b[i++] = tmh >>> 24 & 0xf | 0x10; // include version\n\n  b[i++] = tmh >>> 16 & 0xff; // `clock_seq_hi_and_reserved` (Per 4.2.2 - include variant)\n\n  b[i++] = clockseq >>> 8 | 0x80; // `clock_seq_low`\n\n  b[i++] = clockseq & 0xff; // `node`\n\n  for (let n = 0; n < 6; ++n) {\n    b[i + n] = node[n];\n  }\n\n  return buf || (0, _stringify.default)(b);\n}\n\nvar _default = v1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _md = _interopRequireDefault(require(\"./md5.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v3 = (0, _v.default)('v3', 0x30, _md.default);\nvar _default = v3;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = _default;\nexports.URL = exports.DNS = void 0;\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction stringToBytes(str) {\n  str = unescape(encodeURIComponent(str)); // UTF8 escape\n\n  const bytes = [];\n\n  for (let i = 0; i < str.length; ++i) {\n    bytes.push(str.charCodeAt(i));\n  }\n\n  return bytes;\n}\n\nconst DNS = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nexports.DNS = DNS;\nconst URL = '6ba7b811-9dad-11d1-80b4-00c04fd430c8';\nexports.URL = URL;\n\nfunction _default(name, version, hashfunc) {\n  function generateUUID(value, namespace, buf, offset) {\n    if (typeof value === 'string') {\n      value = stringToBytes(value);\n    }\n\n    if (typeof namespace === 'string') {\n      namespace = (0, _parse.default)(namespace);\n    }\n\n    if (namespace.length !== 16) {\n      throw TypeError('Namespace must be array-like (16 iterable integer values, 0-255)');\n    } // Compute hash of namespace and value, Per 4.3\n    // Future: Use spread syntax when supported on all platforms, e.g. `bytes =\n    // hashfunc([...namespace, ... value])`\n\n\n    let bytes = new Uint8Array(16 + value.length);\n    bytes.set(namespace);\n    bytes.set(value, namespace.length);\n    bytes = hashfunc(bytes);\n    bytes[6] = bytes[6] & 0x0f | version;\n    bytes[8] = bytes[8] & 0x3f | 0x80;\n\n    if (buf) {\n      offset = offset || 0;\n\n      for (let i = 0; i < 16; ++i) {\n        buf[offset + i] = bytes[i];\n      }\n\n      return buf;\n    }\n\n    return (0, _stringify.default)(bytes);\n  } // Function#name is not settable on some platforms (#270)\n\n\n  try {\n    generateUUID.name = name; // eslint-disable-next-line no-empty\n  } catch (err) {} // For CommonJS default export support\n\n\n  generateUUID.DNS = DNS;\n  generateUUID.URL = URL;\n  return generateUUID;\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction v4(options, buf, offset) {\n  options = options || {};\n\n  const rnds = options.random || (options.rng || _rng.default)(); // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n\n\n  rnds[6] = rnds[6] & 0x0f | 0x40;\n  rnds[8] = rnds[8] & 0x3f | 0x80; // Copy bytes to buffer, if provided\n\n  if (buf) {\n    offset = offset || 0;\n\n    for (let i = 0; i < 16; ++i) {\n      buf[offset + i] = rnds[i];\n    }\n\n    return buf;\n  }\n\n  return (0, _stringify.default)(rnds);\n}\n\nvar _default = v4;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _sha = _interopRequireDefault(require(\"./sha1.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v5 = (0, _v.default)('v5', 0x50, _sha.default);\nvar _default = v5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _regex = _interopRequireDefault(require(\"./regex.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction validate(uuid) {\n  return typeof uuid === 'string' && _regex.default.test(uuid);\n}\n\nvar _default = validate;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction version(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  return parseInt(uuid.substr(14, 1), 16);\n}\n\nvar _default = version;\nexports.default = _default;","\"use strict\";\n\nvar conversions = {};\nmodule.exports = conversions;\n\nfunction sign(x) {\n    return x < 0 ? -1 : 1;\n}\n\nfunction evenRound(x) {\n    // Round x to the nearest integer, choosing the even integer if it lies halfway between two.\n    if ((x % 1) === 0.5 && (x & 1) === 0) { // [even number].5; round down (i.e. floor)\n        return Math.floor(x);\n    } else {\n        return Math.round(x);\n    }\n}\n\nfunction createNumberConversion(bitLength, typeOpts) {\n    if (!typeOpts.unsigned) {\n        --bitLength;\n    }\n    const lowerBound = typeOpts.unsigned ? 0 : -Math.pow(2, bitLength);\n    const upperBound = Math.pow(2, bitLength) - 1;\n\n    const moduloVal = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength) : Math.pow(2, bitLength);\n    const moduloBound = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength - 1) : Math.pow(2, bitLength - 1);\n\n    return function(V, opts) {\n        if (!opts) opts = {};\n\n        let x = +V;\n\n        if (opts.enforceRange) {\n            if (!Number.isFinite(x)) {\n                throw new TypeError(\"Argument is not a finite number\");\n            }\n\n            x = sign(x) * Math.floor(Math.abs(x));\n            if (x < lowerBound || x > upperBound) {\n                throw new TypeError(\"Argument is not in byte range\");\n            }\n\n            return x;\n        }\n\n        if (!isNaN(x) && opts.clamp) {\n            x = evenRound(x);\n\n            if (x < lowerBound) x = lowerBound;\n            if (x > upperBound) x = upperBound;\n            return x;\n        }\n\n        if (!Number.isFinite(x) || x === 0) {\n            return 0;\n        }\n\n        x = sign(x) * Math.floor(Math.abs(x));\n        x = x % moduloVal;\n\n        if (!typeOpts.unsigned && x >= moduloBound) {\n            return x - moduloVal;\n        } else if (typeOpts.unsigned) {\n            if (x < 0) {\n              x += moduloVal;\n            } else if (x === -0) { // don't return negative zero\n              return 0;\n            }\n        }\n\n        return x;\n    }\n}\n\nconversions[\"void\"] = function () {\n    return undefined;\n};\n\nconversions[\"boolean\"] = function (val) {\n    return !!val;\n};\n\nconversions[\"byte\"] = createNumberConversion(8, { unsigned: false });\nconversions[\"octet\"] = createNumberConversion(8, { unsigned: true });\n\nconversions[\"short\"] = createNumberConversion(16, { unsigned: false });\nconversions[\"unsigned short\"] = createNumberConversion(16, { unsigned: true });\n\nconversions[\"long\"] = createNumberConversion(32, { unsigned: false });\nconversions[\"unsigned long\"] = createNumberConversion(32, { unsigned: true });\n\nconversions[\"long long\"] = createNumberConversion(32, { unsigned: false, moduloBitLength: 64 });\nconversions[\"unsigned long long\"] = createNumberConversion(32, { unsigned: true, moduloBitLength: 64 });\n\nconversions[\"double\"] = function (V) {\n    const x = +V;\n\n    if (!Number.isFinite(x)) {\n        throw new TypeError(\"Argument is not a finite floating-point value\");\n    }\n\n    return x;\n};\n\nconversions[\"unrestricted double\"] = function (V) {\n    const x = +V;\n\n    if (isNaN(x)) {\n        throw new TypeError(\"Argument is NaN\");\n    }\n\n    return x;\n};\n\n// not quite valid, but good enough for JS\nconversions[\"float\"] = conversions[\"double\"];\nconversions[\"unrestricted float\"] = conversions[\"unrestricted double\"];\n\nconversions[\"DOMString\"] = function (V, opts) {\n    if (!opts) opts = {};\n\n    if (opts.treatNullAsEmptyString && V === null) {\n        return \"\";\n    }\n\n    return String(V);\n};\n\nconversions[\"ByteString\"] = function (V, opts) {\n    const x = String(V);\n    let c = undefined;\n    for (let i = 0; (c = x.codePointAt(i)) !== undefined; ++i) {\n        if (c > 255) {\n            throw new TypeError(\"Argument is not a valid bytestring\");\n        }\n    }\n\n    return x;\n};\n\nconversions[\"USVString\"] = function (V) {\n    const S = String(V);\n    const n = S.length;\n    const U = [];\n    for (let i = 0; i < n; ++i) {\n        const c = S.charCodeAt(i);\n        if (c < 0xD800 || c > 0xDFFF) {\n            U.push(String.fromCodePoint(c));\n        } else if (0xDC00 <= c && c <= 0xDFFF) {\n            U.push(String.fromCodePoint(0xFFFD));\n        } else {\n            if (i === n - 1) {\n                U.push(String.fromCodePoint(0xFFFD));\n            } else {\n                const d = S.charCodeAt(i + 1);\n                if (0xDC00 <= d && d <= 0xDFFF) {\n                    const a = c & 0x3FF;\n                    const b = d & 0x3FF;\n                    U.push(String.fromCodePoint((2 << 15) + (2 << 9) * a + b));\n                    ++i;\n                } else {\n                    U.push(String.fromCodePoint(0xFFFD));\n                }\n            }\n        }\n    }\n\n    return U.join('');\n};\n\nconversions[\"Date\"] = function (V, opts) {\n    if (!(V instanceof Date)) {\n        throw new TypeError(\"Argument is not a Date object\");\n    }\n    if (isNaN(V)) {\n        return undefined;\n    }\n\n    return V;\n};\n\nconversions[\"RegExp\"] = function (V, opts) {\n    if (!(V instanceof RegExp)) {\n        V = new RegExp(V);\n    }\n\n    return V;\n};\n","\"use strict\";\nconst usm = require(\"./url-state-machine\");\n\nexports.implementation = class URLImpl {\n  constructor(constructorArgs) {\n    const url = constructorArgs[0];\n    const base = constructorArgs[1];\n\n    let parsedBase = null;\n    if (base !== undefined) {\n      parsedBase = usm.basicURLParse(base);\n      if (parsedBase === \"failure\") {\n        throw new TypeError(\"Invalid base URL\");\n      }\n    }\n\n    const parsedURL = usm.basicURLParse(url, { baseURL: parsedBase });\n    if (parsedURL === \"failure\") {\n      throw new TypeError(\"Invalid URL\");\n    }\n\n    this._url = parsedURL;\n\n    // TODO: query stuff\n  }\n\n  get href() {\n    return usm.serializeURL(this._url);\n  }\n\n  set href(v) {\n    const parsedURL = usm.basicURLParse(v);\n    if (parsedURL === \"failure\") {\n      throw new TypeError(\"Invalid URL\");\n    }\n\n    this._url = parsedURL;\n  }\n\n  get origin() {\n    return usm.serializeURLOrigin(this._url);\n  }\n\n  get protocol() {\n    return this._url.scheme + \":\";\n  }\n\n  set protocol(v) {\n    usm.basicURLParse(v + \":\", { url: this._url, stateOverride: \"scheme start\" });\n  }\n\n  get username() {\n    return this._url.username;\n  }\n\n  set username(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    usm.setTheUsername(this._url, v);\n  }\n\n  get password() {\n    return this._url.password;\n  }\n\n  set password(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    usm.setThePassword(this._url, v);\n  }\n\n  get host() {\n    const url = this._url;\n\n    if (url.host === null) {\n      return \"\";\n    }\n\n    if (url.port === null) {\n      return usm.serializeHost(url.host);\n    }\n\n    return usm.serializeHost(url.host) + \":\" + usm.serializeInteger(url.port);\n  }\n\n  set host(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"host\" });\n  }\n\n  get hostname() {\n    if (this._url.host === null) {\n      return \"\";\n    }\n\n    return usm.serializeHost(this._url.host);\n  }\n\n  set hostname(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"hostname\" });\n  }\n\n  get port() {\n    if (this._url.port === null) {\n      return \"\";\n    }\n\n    return usm.serializeInteger(this._url.port);\n  }\n\n  set port(v) {\n    if (usm.cannotHaveAUsernamePasswordPort(this._url)) {\n      return;\n    }\n\n    if (v === \"\") {\n      this._url.port = null;\n    } else {\n      usm.basicURLParse(v, { url: this._url, stateOverride: \"port\" });\n    }\n  }\n\n  get pathname() {\n    if (this._url.cannotBeABaseURL) {\n      return this._url.path[0];\n    }\n\n    if (this._url.path.length === 0) {\n      return \"\";\n    }\n\n    return \"/\" + this._url.path.join(\"/\");\n  }\n\n  set pathname(v) {\n    if (this._url.cannotBeABaseURL) {\n      return;\n    }\n\n    this._url.path = [];\n    usm.basicURLParse(v, { url: this._url, stateOverride: \"path start\" });\n  }\n\n  get search() {\n    if (this._url.query === null || this._url.query === \"\") {\n      return \"\";\n    }\n\n    return \"?\" + this._url.query;\n  }\n\n  set search(v) {\n    // TODO: query stuff\n\n    const url = this._url;\n\n    if (v === \"\") {\n      url.query = null;\n      return;\n    }\n\n    const input = v[0] === \"?\" ? v.substring(1) : v;\n    url.query = \"\";\n    usm.basicURLParse(input, { url, stateOverride: \"query\" });\n  }\n\n  get hash() {\n    if (this._url.fragment === null || this._url.fragment === \"\") {\n      return \"\";\n    }\n\n    return \"#\" + this._url.fragment;\n  }\n\n  set hash(v) {\n    if (v === \"\") {\n      this._url.fragment = null;\n      return;\n    }\n\n    const input = v[0] === \"#\" ? v.substring(1) : v;\n    this._url.fragment = \"\";\n    usm.basicURLParse(input, { url: this._url, stateOverride: \"fragment\" });\n  }\n\n  toJSON() {\n    return this.href;\n  }\n};\n","\"use strict\";\n\nconst conversions = require(\"webidl-conversions\");\nconst utils = require(\"./utils.js\");\nconst Impl = require(\".//URL-impl.js\");\n\nconst impl = utils.implSymbol;\n\nfunction URL(url) {\n  if (!this || this[impl] || !(this instanceof URL)) {\n    throw new TypeError(\"Failed to construct 'URL': Please use the 'new' operator, this DOM object constructor cannot be called as a function.\");\n  }\n  if (arguments.length < 1) {\n    throw new TypeError(\"Failed to construct 'URL': 1 argument required, but only \" + arguments.length + \" present.\");\n  }\n  const args = [];\n  for (let i = 0; i < arguments.length && i < 2; ++i) {\n    args[i] = arguments[i];\n  }\n  args[0] = conversions[\"USVString\"](args[0]);\n  if (args[1] !== undefined) {\n  args[1] = conversions[\"USVString\"](args[1]);\n  }\n\n  module.exports.setup(this, args);\n}\n\nURL.prototype.toJSON = function toJSON() {\n  if (!this || !module.exports.is(this)) {\n    throw new TypeError(\"Illegal invocation\");\n  }\n  const args = [];\n  for (let i = 0; i < arguments.length && i < 0; ++i) {\n    args[i] = arguments[i];\n  }\n  return this[impl].toJSON.apply(this[impl], args);\n};\nObject.defineProperty(URL.prototype, \"href\", {\n  get() {\n    return this[impl].href;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].href = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nURL.prototype.toString = function () {\n  if (!this || !module.exports.is(this)) {\n    throw new TypeError(\"Illegal invocation\");\n  }\n  return this.href;\n};\n\nObject.defineProperty(URL.prototype, \"origin\", {\n  get() {\n    return this[impl].origin;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"protocol\", {\n  get() {\n    return this[impl].protocol;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].protocol = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"username\", {\n  get() {\n    return this[impl].username;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].username = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"password\", {\n  get() {\n    return this[impl].password;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].password = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"host\", {\n  get() {\n    return this[impl].host;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].host = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"hostname\", {\n  get() {\n    return this[impl].hostname;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].hostname = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"port\", {\n  get() {\n    return this[impl].port;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].port = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"pathname\", {\n  get() {\n    return this[impl].pathname;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].pathname = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"search\", {\n  get() {\n    return this[impl].search;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].search = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\nObject.defineProperty(URL.prototype, \"hash\", {\n  get() {\n    return this[impl].hash;\n  },\n  set(V) {\n    V = conversions[\"USVString\"](V);\n    this[impl].hash = V;\n  },\n  enumerable: true,\n  configurable: true\n});\n\n\nmodule.exports = {\n  is(obj) {\n    return !!obj && obj[impl] instanceof Impl.implementation;\n  },\n  create(constructorArgs, privateData) {\n    let obj = Object.create(URL.prototype);\n    this.setup(obj, constructorArgs, privateData);\n    return obj;\n  },\n  setup(obj, constructorArgs, privateData) {\n    if (!privateData) privateData = {};\n    privateData.wrapper = obj;\n\n    obj[impl] = new Impl.implementation(constructorArgs, privateData);\n    obj[impl][utils.wrapperSymbol] = obj;\n  },\n  interface: URL,\n  expose: {\n    Window: { URL: URL },\n    Worker: { URL: URL }\n  }\n};\n\n","\"use strict\";\n\nexports.URL = require(\"./URL\").interface;\nexports.serializeURL = require(\"./url-state-machine\").serializeURL;\nexports.serializeURLOrigin = require(\"./url-state-machine\").serializeURLOrigin;\nexports.basicURLParse = require(\"./url-state-machine\").basicURLParse;\nexports.setTheUsername = require(\"./url-state-machine\").setTheUsername;\nexports.setThePassword = require(\"./url-state-machine\").setThePassword;\nexports.serializeHost = require(\"./url-state-machine\").serializeHost;\nexports.serializeInteger = require(\"./url-state-machine\").serializeInteger;\nexports.parseURL = require(\"./url-state-machine\").parseURL;\n","\"use strict\";\r\nconst punycode = require(\"punycode\");\r\nconst tr46 = require(\"tr46\");\r\n\r\nconst specialSchemes = {\r\n  ftp: 21,\r\n  file: null,\r\n  gopher: 70,\r\n  http: 80,\r\n  https: 443,\r\n  ws: 80,\r\n  wss: 443\r\n};\r\n\r\nconst failure = Symbol(\"failure\");\r\n\r\nfunction countSymbols(str) {\r\n  return punycode.ucs2.decode(str).length;\r\n}\r\n\r\nfunction at(input, idx) {\r\n  const c = input[idx];\r\n  return isNaN(c) ? undefined : String.fromCodePoint(c);\r\n}\r\n\r\nfunction isASCIIDigit(c) {\r\n  return c >= 0x30 && c <= 0x39;\r\n}\r\n\r\nfunction isASCIIAlpha(c) {\r\n  return (c >= 0x41 && c <= 0x5A) || (c >= 0x61 && c <= 0x7A);\r\n}\r\n\r\nfunction isASCIIAlphanumeric(c) {\r\n  return isASCIIAlpha(c) || isASCIIDigit(c);\r\n}\r\n\r\nfunction isASCIIHex(c) {\r\n  return isASCIIDigit(c) || (c >= 0x41 && c <= 0x46) || (c >= 0x61 && c <= 0x66);\r\n}\r\n\r\nfunction isSingleDot(buffer) {\r\n  return buffer === \".\" || buffer.toLowerCase() === \"%2e\";\r\n}\r\n\r\nfunction isDoubleDot(buffer) {\r\n  buffer = buffer.toLowerCase();\r\n  return buffer === \"..\" || buffer === \"%2e.\" || buffer === \".%2e\" || buffer === \"%2e%2e\";\r\n}\r\n\r\nfunction isWindowsDriveLetterCodePoints(cp1, cp2) {\r\n  return isASCIIAlpha(cp1) && (cp2 === 58 || cp2 === 124);\r\n}\r\n\r\nfunction isWindowsDriveLetterString(string) {\r\n  return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && (string[1] === \":\" || string[1] === \"|\");\r\n}\r\n\r\nfunction isNormalizedWindowsDriveLetterString(string) {\r\n  return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && string[1] === \":\";\r\n}\r\n\r\nfunction containsForbiddenHostCodePoint(string) {\r\n  return string.search(/\\u0000|\\u0009|\\u000A|\\u000D|\\u0020|#|%|\\/|:|\\?|@|\\[|\\\\|\\]/) !== -1;\r\n}\r\n\r\nfunction containsForbiddenHostCodePointExcludingPercent(string) {\r\n  return string.search(/\\u0000|\\u0009|\\u000A|\\u000D|\\u0020|#|\\/|:|\\?|@|\\[|\\\\|\\]/) !== -1;\r\n}\r\n\r\nfunction isSpecialScheme(scheme) {\r\n  return specialSchemes[scheme] !== undefined;\r\n}\r\n\r\nfunction isSpecial(url) {\r\n  return isSpecialScheme(url.scheme);\r\n}\r\n\r\nfunction defaultPort(scheme) {\r\n  return specialSchemes[scheme];\r\n}\r\n\r\nfunction percentEncode(c) {\r\n  let hex = c.toString(16).toUpperCase();\r\n  if (hex.length === 1) {\r\n    hex = \"0\" + hex;\r\n  }\r\n\r\n  return \"%\" + hex;\r\n}\r\n\r\nfunction utf8PercentEncode(c) {\r\n  const buf = new Buffer(c);\r\n\r\n  let str = \"\";\r\n\r\n  for (let i = 0; i < buf.length; ++i) {\r\n    str += percentEncode(buf[i]);\r\n  }\r\n\r\n  return str;\r\n}\r\n\r\nfunction utf8PercentDecode(str) {\r\n  const input = new Buffer(str);\r\n  const output = [];\r\n  for (let i = 0; i < input.length; ++i) {\r\n    if (input[i] !== 37) {\r\n      output.push(input[i]);\r\n    } else if (input[i] === 37 && isASCIIHex(input[i + 1]) && isASCIIHex(input[i + 2])) {\r\n      output.push(parseInt(input.slice(i + 1, i + 3).toString(), 16));\r\n      i += 2;\r\n    } else {\r\n      output.push(input[i]);\r\n    }\r\n  }\r\n  return new Buffer(output).toString();\r\n}\r\n\r\nfunction isC0ControlPercentEncode(c) {\r\n  return c <= 0x1F || c > 0x7E;\r\n}\r\n\r\nconst extraPathPercentEncodeSet = new Set([32, 34, 35, 60, 62, 63, 96, 123, 125]);\r\nfunction isPathPercentEncode(c) {\r\n  return isC0ControlPercentEncode(c) || extraPathPercentEncodeSet.has(c);\r\n}\r\n\r\nconst extraUserinfoPercentEncodeSet =\r\n  new Set([47, 58, 59, 61, 64, 91, 92, 93, 94, 124]);\r\nfunction isUserinfoPercentEncode(c) {\r\n  return isPathPercentEncode(c) || extraUserinfoPercentEncodeSet.has(c);\r\n}\r\n\r\nfunction percentEncodeChar(c, encodeSetPredicate) {\r\n  const cStr = String.fromCodePoint(c);\r\n\r\n  if (encodeSetPredicate(c)) {\r\n    return utf8PercentEncode(cStr);\r\n  }\r\n\r\n  return cStr;\r\n}\r\n\r\nfunction parseIPv4Number(input) {\r\n  let R = 10;\r\n\r\n  if (input.length >= 2 && input.charAt(0) === \"0\" && input.charAt(1).toLowerCase() === \"x\") {\r\n    input = input.substring(2);\r\n    R = 16;\r\n  } else if (input.length >= 2 && input.charAt(0) === \"0\") {\r\n    input = input.substring(1);\r\n    R = 8;\r\n  }\r\n\r\n  if (input === \"\") {\r\n    return 0;\r\n  }\r\n\r\n  const regex = R === 10 ? /[^0-9]/ : (R === 16 ? /[^0-9A-Fa-f]/ : /[^0-7]/);\r\n  if (regex.test(input)) {\r\n    return failure;\r\n  }\r\n\r\n  return parseInt(input, R);\r\n}\r\n\r\nfunction parseIPv4(input) {\r\n  const parts = input.split(\".\");\r\n  if (parts[parts.length - 1] === \"\") {\r\n    if (parts.length > 1) {\r\n      parts.pop();\r\n    }\r\n  }\r\n\r\n  if (parts.length > 4) {\r\n    return input;\r\n  }\r\n\r\n  const numbers = [];\r\n  for (const part of parts) {\r\n    if (part === \"\") {\r\n      return input;\r\n    }\r\n    const n = parseIPv4Number(part);\r\n    if (n === failure) {\r\n      return input;\r\n    }\r\n\r\n    numbers.push(n);\r\n  }\r\n\r\n  for (let i = 0; i < numbers.length - 1; ++i) {\r\n    if (numbers[i] > 255) {\r\n      return failure;\r\n    }\r\n  }\r\n  if (numbers[numbers.length - 1] >= Math.pow(256, 5 - numbers.length)) {\r\n    return failure;\r\n  }\r\n\r\n  let ipv4 = numbers.pop();\r\n  let counter = 0;\r\n\r\n  for (const n of numbers) {\r\n    ipv4 += n * Math.pow(256, 3 - counter);\r\n    ++counter;\r\n  }\r\n\r\n  return ipv4;\r\n}\r\n\r\nfunction serializeIPv4(address) {\r\n  let output = \"\";\r\n  let n = address;\r\n\r\n  for (let i = 1; i <= 4; ++i) {\r\n    output = String(n % 256) + output;\r\n    if (i !== 4) {\r\n      output = \".\" + output;\r\n    }\r\n    n = Math.floor(n / 256);\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction parseIPv6(input) {\r\n  const address = [0, 0, 0, 0, 0, 0, 0, 0];\r\n  let pieceIndex = 0;\r\n  let compress = null;\r\n  let pointer = 0;\r\n\r\n  input = punycode.ucs2.decode(input);\r\n\r\n  if (input[pointer] === 58) {\r\n    if (input[pointer + 1] !== 58) {\r\n      return failure;\r\n    }\r\n\r\n    pointer += 2;\r\n    ++pieceIndex;\r\n    compress = pieceIndex;\r\n  }\r\n\r\n  while (pointer < input.length) {\r\n    if (pieceIndex === 8) {\r\n      return failure;\r\n    }\r\n\r\n    if (input[pointer] === 58) {\r\n      if (compress !== null) {\r\n        return failure;\r\n      }\r\n      ++pointer;\r\n      ++pieceIndex;\r\n      compress = pieceIndex;\r\n      continue;\r\n    }\r\n\r\n    let value = 0;\r\n    let length = 0;\r\n\r\n    while (length < 4 && isASCIIHex(input[pointer])) {\r\n      value = value * 0x10 + parseInt(at(input, pointer), 16);\r\n      ++pointer;\r\n      ++length;\r\n    }\r\n\r\n    if (input[pointer] === 46) {\r\n      if (length === 0) {\r\n        return failure;\r\n      }\r\n\r\n      pointer -= length;\r\n\r\n      if (pieceIndex > 6) {\r\n        return failure;\r\n      }\r\n\r\n      let numbersSeen = 0;\r\n\r\n      while (input[pointer] !== undefined) {\r\n        let ipv4Piece = null;\r\n\r\n        if (numbersSeen > 0) {\r\n          if (input[pointer] === 46 && numbersSeen < 4) {\r\n            ++pointer;\r\n          } else {\r\n            return failure;\r\n          }\r\n        }\r\n\r\n        if (!isASCIIDigit(input[pointer])) {\r\n          return failure;\r\n        }\r\n\r\n        while (isASCIIDigit(input[pointer])) {\r\n          const number = parseInt(at(input, pointer));\r\n          if (ipv4Piece === null) {\r\n            ipv4Piece = number;\r\n          } else if (ipv4Piece === 0) {\r\n            return failure;\r\n          } else {\r\n            ipv4Piece = ipv4Piece * 10 + number;\r\n          }\r\n          if (ipv4Piece > 255) {\r\n            return failure;\r\n          }\r\n          ++pointer;\r\n        }\r\n\r\n        address[pieceIndex] = address[pieceIndex] * 0x100 + ipv4Piece;\r\n\r\n        ++numbersSeen;\r\n\r\n        if (numbersSeen === 2 || numbersSeen === 4) {\r\n          ++pieceIndex;\r\n        }\r\n      }\r\n\r\n      if (numbersSeen !== 4) {\r\n        return failure;\r\n      }\r\n\r\n      break;\r\n    } else if (input[pointer] === 58) {\r\n      ++pointer;\r\n      if (input[pointer] === undefined) {\r\n        return failure;\r\n      }\r\n    } else if (input[pointer] !== undefined) {\r\n      return failure;\r\n    }\r\n\r\n    address[pieceIndex] = value;\r\n    ++pieceIndex;\r\n  }\r\n\r\n  if (compress !== null) {\r\n    let swaps = pieceIndex - compress;\r\n    pieceIndex = 7;\r\n    while (pieceIndex !== 0 && swaps > 0) {\r\n      const temp = address[compress + swaps - 1];\r\n      address[compress + swaps - 1] = address[pieceIndex];\r\n      address[pieceIndex] = temp;\r\n      --pieceIndex;\r\n      --swaps;\r\n    }\r\n  } else if (compress === null && pieceIndex !== 8) {\r\n    return failure;\r\n  }\r\n\r\n  return address;\r\n}\r\n\r\nfunction serializeIPv6(address) {\r\n  let output = \"\";\r\n  const seqResult = findLongestZeroSequence(address);\r\n  const compress = seqResult.idx;\r\n  let ignore0 = false;\r\n\r\n  for (let pieceIndex = 0; pieceIndex <= 7; ++pieceIndex) {\r\n    if (ignore0 && address[pieceIndex] === 0) {\r\n      continue;\r\n    } else if (ignore0) {\r\n      ignore0 = false;\r\n    }\r\n\r\n    if (compress === pieceIndex) {\r\n      const separator = pieceIndex === 0 ? \"::\" : \":\";\r\n      output += separator;\r\n      ignore0 = true;\r\n      continue;\r\n    }\r\n\r\n    output += address[pieceIndex].toString(16);\r\n\r\n    if (pieceIndex !== 7) {\r\n      output += \":\";\r\n    }\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction parseHost(input, isSpecialArg) {\r\n  if (input[0] === \"[\") {\r\n    if (input[input.length - 1] !== \"]\") {\r\n      return failure;\r\n    }\r\n\r\n    return parseIPv6(input.substring(1, input.length - 1));\r\n  }\r\n\r\n  if (!isSpecialArg) {\r\n    return parseOpaqueHost(input);\r\n  }\r\n\r\n  const domain = utf8PercentDecode(input);\r\n  const asciiDomain = tr46.toASCII(domain, false, tr46.PROCESSING_OPTIONS.NONTRANSITIONAL, false);\r\n  if (asciiDomain === null) {\r\n    return failure;\r\n  }\r\n\r\n  if (containsForbiddenHostCodePoint(asciiDomain)) {\r\n    return failure;\r\n  }\r\n\r\n  const ipv4Host = parseIPv4(asciiDomain);\r\n  if (typeof ipv4Host === \"number\" || ipv4Host === failure) {\r\n    return ipv4Host;\r\n  }\r\n\r\n  return asciiDomain;\r\n}\r\n\r\nfunction parseOpaqueHost(input) {\r\n  if (containsForbiddenHostCodePointExcludingPercent(input)) {\r\n    return failure;\r\n  }\r\n\r\n  let output = \"\";\r\n  const decoded = punycode.ucs2.decode(input);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    output += percentEncodeChar(decoded[i], isC0ControlPercentEncode);\r\n  }\r\n  return output;\r\n}\r\n\r\nfunction findLongestZeroSequence(arr) {\r\n  let maxIdx = null;\r\n  let maxLen = 1; // only find elements > 1\r\n  let currStart = null;\r\n  let currLen = 0;\r\n\r\n  for (let i = 0; i < arr.length; ++i) {\r\n    if (arr[i] !== 0) {\r\n      if (currLen > maxLen) {\r\n        maxIdx = currStart;\r\n        maxLen = currLen;\r\n      }\r\n\r\n      currStart = null;\r\n      currLen = 0;\r\n    } else {\r\n      if (currStart === null) {\r\n        currStart = i;\r\n      }\r\n      ++currLen;\r\n    }\r\n  }\r\n\r\n  // if trailing zeros\r\n  if (currLen > maxLen) {\r\n    maxIdx = currStart;\r\n    maxLen = currLen;\r\n  }\r\n\r\n  return {\r\n    idx: maxIdx,\r\n    len: maxLen\r\n  };\r\n}\r\n\r\nfunction serializeHost(host) {\r\n  if (typeof host === \"number\") {\r\n    return serializeIPv4(host);\r\n  }\r\n\r\n  // IPv6 serializer\r\n  if (host instanceof Array) {\r\n    return \"[\" + serializeIPv6(host) + \"]\";\r\n  }\r\n\r\n  return host;\r\n}\r\n\r\nfunction trimControlChars(url) {\r\n  return url.replace(/^[\\u0000-\\u001F\\u0020]+|[\\u0000-\\u001F\\u0020]+$/g, \"\");\r\n}\r\n\r\nfunction trimTabAndNewline(url) {\r\n  return url.replace(/\\u0009|\\u000A|\\u000D/g, \"\");\r\n}\r\n\r\nfunction shortenPath(url) {\r\n  const path = url.path;\r\n  if (path.length === 0) {\r\n    return;\r\n  }\r\n  if (url.scheme === \"file\" && path.length === 1 && isNormalizedWindowsDriveLetter(path[0])) {\r\n    return;\r\n  }\r\n\r\n  path.pop();\r\n}\r\n\r\nfunction includesCredentials(url) {\r\n  return url.username !== \"\" || url.password !== \"\";\r\n}\r\n\r\nfunction cannotHaveAUsernamePasswordPort(url) {\r\n  return url.host === null || url.host === \"\" || url.cannotBeABaseURL || url.scheme === \"file\";\r\n}\r\n\r\nfunction isNormalizedWindowsDriveLetter(string) {\r\n  return /^[A-Za-z]:$/.test(string);\r\n}\r\n\r\nfunction URLStateMachine(input, base, encodingOverride, url, stateOverride) {\r\n  this.pointer = 0;\r\n  this.input = input;\r\n  this.base = base || null;\r\n  this.encodingOverride = encodingOverride || \"utf-8\";\r\n  this.stateOverride = stateOverride;\r\n  this.url = url;\r\n  this.failure = false;\r\n  this.parseError = false;\r\n\r\n  if (!this.url) {\r\n    this.url = {\r\n      scheme: \"\",\r\n      username: \"\",\r\n      password: \"\",\r\n      host: null,\r\n      port: null,\r\n      path: [],\r\n      query: null,\r\n      fragment: null,\r\n\r\n      cannotBeABaseURL: false\r\n    };\r\n\r\n    const res = trimControlChars(this.input);\r\n    if (res !== this.input) {\r\n      this.parseError = true;\r\n    }\r\n    this.input = res;\r\n  }\r\n\r\n  const res = trimTabAndNewline(this.input);\r\n  if (res !== this.input) {\r\n    this.parseError = true;\r\n  }\r\n  this.input = res;\r\n\r\n  this.state = stateOverride || \"scheme start\";\r\n\r\n  this.buffer = \"\";\r\n  this.atFlag = false;\r\n  this.arrFlag = false;\r\n  this.passwordTokenSeenFlag = false;\r\n\r\n  this.input = punycode.ucs2.decode(this.input);\r\n\r\n  for (; this.pointer <= this.input.length; ++this.pointer) {\r\n    const c = this.input[this.pointer];\r\n    const cStr = isNaN(c) ? undefined : String.fromCodePoint(c);\r\n\r\n    // exec state machine\r\n    const ret = this[\"parse \" + this.state](c, cStr);\r\n    if (!ret) {\r\n      break; // terminate algorithm\r\n    } else if (ret === failure) {\r\n      this.failure = true;\r\n      break;\r\n    }\r\n  }\r\n}\r\n\r\nURLStateMachine.prototype[\"parse scheme start\"] = function parseSchemeStart(c, cStr) {\r\n  if (isASCIIAlpha(c)) {\r\n    this.buffer += cStr.toLowerCase();\r\n    this.state = \"scheme\";\r\n  } else if (!this.stateOverride) {\r\n    this.state = \"no scheme\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse scheme\"] = function parseScheme(c, cStr) {\r\n  if (isASCIIAlphanumeric(c) || c === 43 || c === 45 || c === 46) {\r\n    this.buffer += cStr.toLowerCase();\r\n  } else if (c === 58) {\r\n    if (this.stateOverride) {\r\n      if (isSpecial(this.url) && !isSpecialScheme(this.buffer)) {\r\n        return false;\r\n      }\r\n\r\n      if (!isSpecial(this.url) && isSpecialScheme(this.buffer)) {\r\n        return false;\r\n      }\r\n\r\n      if ((includesCredentials(this.url) || this.url.port !== null) && this.buffer === \"file\") {\r\n        return false;\r\n      }\r\n\r\n      if (this.url.scheme === \"file\" && (this.url.host === \"\" || this.url.host === null)) {\r\n        return false;\r\n      }\r\n    }\r\n    this.url.scheme = this.buffer;\r\n    this.buffer = \"\";\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n    if (this.url.scheme === \"file\") {\r\n      if (this.input[this.pointer + 1] !== 47 || this.input[this.pointer + 2] !== 47) {\r\n        this.parseError = true;\r\n      }\r\n      this.state = \"file\";\r\n    } else if (isSpecial(this.url) && this.base !== null && this.base.scheme === this.url.scheme) {\r\n      this.state = \"special relative or authority\";\r\n    } else if (isSpecial(this.url)) {\r\n      this.state = \"special authority slashes\";\r\n    } else if (this.input[this.pointer + 1] === 47) {\r\n      this.state = \"path or authority\";\r\n      ++this.pointer;\r\n    } else {\r\n      this.url.cannotBeABaseURL = true;\r\n      this.url.path.push(\"\");\r\n      this.state = \"cannot-be-a-base-URL path\";\r\n    }\r\n  } else if (!this.stateOverride) {\r\n    this.buffer = \"\";\r\n    this.state = \"no scheme\";\r\n    this.pointer = -1;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse no scheme\"] = function parseNoScheme(c) {\r\n  if (this.base === null || (this.base.cannotBeABaseURL && c !== 35)) {\r\n    return failure;\r\n  } else if (this.base.cannotBeABaseURL && c === 35) {\r\n    this.url.scheme = this.base.scheme;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n    this.url.fragment = \"\";\r\n    this.url.cannotBeABaseURL = true;\r\n    this.state = \"fragment\";\r\n  } else if (this.base.scheme === \"file\") {\r\n    this.state = \"file\";\r\n    --this.pointer;\r\n  } else {\r\n    this.state = \"relative\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special relative or authority\"] = function parseSpecialRelativeOrAuthority(c) {\r\n  if (c === 47 && this.input[this.pointer + 1] === 47) {\r\n    this.state = \"special authority ignore slashes\";\r\n    ++this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    this.state = \"relative\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path or authority\"] = function parsePathOrAuthority(c) {\r\n  if (c === 47) {\r\n    this.state = \"authority\";\r\n  } else {\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse relative\"] = function parseRelative(c) {\r\n  this.url.scheme = this.base.scheme;\r\n  if (isNaN(c)) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n  } else if (c === 47) {\r\n    this.state = \"relative slash\";\r\n  } else if (c === 63) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (c === 35) {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice();\r\n    this.url.query = this.base.query;\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else if (isSpecial(this.url) && c === 92) {\r\n    this.parseError = true;\r\n    this.state = \"relative slash\";\r\n  } else {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.url.path = this.base.path.slice(0, this.base.path.length - 1);\r\n\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse relative slash\"] = function parseRelativeSlash(c) {\r\n  if (isSpecial(this.url) && (c === 47 || c === 92)) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"special authority ignore slashes\";\r\n  } else if (c === 47) {\r\n    this.state = \"authority\";\r\n  } else {\r\n    this.url.username = this.base.username;\r\n    this.url.password = this.base.password;\r\n    this.url.host = this.base.host;\r\n    this.url.port = this.base.port;\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special authority slashes\"] = function parseSpecialAuthoritySlashes(c) {\r\n  if (c === 47 && this.input[this.pointer + 1] === 47) {\r\n    this.state = \"special authority ignore slashes\";\r\n    ++this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    this.state = \"special authority ignore slashes\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse special authority ignore slashes\"] = function parseSpecialAuthorityIgnoreSlashes(c) {\r\n  if (c !== 47 && c !== 92) {\r\n    this.state = \"authority\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse authority\"] = function parseAuthority(c, cStr) {\r\n  if (c === 64) {\r\n    this.parseError = true;\r\n    if (this.atFlag) {\r\n      this.buffer = \"%40\" + this.buffer;\r\n    }\r\n    this.atFlag = true;\r\n\r\n    // careful, this is based on buffer and has its own pointer (this.pointer != pointer) and inner chars\r\n    const len = countSymbols(this.buffer);\r\n    for (let pointer = 0; pointer < len; ++pointer) {\r\n      const codePoint = this.buffer.codePointAt(pointer);\r\n\r\n      if (codePoint === 58 && !this.passwordTokenSeenFlag) {\r\n        this.passwordTokenSeenFlag = true;\r\n        continue;\r\n      }\r\n      const encodedCodePoints = percentEncodeChar(codePoint, isUserinfoPercentEncode);\r\n      if (this.passwordTokenSeenFlag) {\r\n        this.url.password += encodedCodePoints;\r\n      } else {\r\n        this.url.username += encodedCodePoints;\r\n      }\r\n    }\r\n    this.buffer = \"\";\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92)) {\r\n    if (this.atFlag && this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    }\r\n    this.pointer -= countSymbols(this.buffer) + 1;\r\n    this.buffer = \"\";\r\n    this.state = \"host\";\r\n  } else {\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse hostname\"] =\r\nURLStateMachine.prototype[\"parse host\"] = function parseHostName(c, cStr) {\r\n  if (this.stateOverride && this.url.scheme === \"file\") {\r\n    --this.pointer;\r\n    this.state = \"file host\";\r\n  } else if (c === 58 && !this.arrFlag) {\r\n    if (this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    }\r\n\r\n    const host = parseHost(this.buffer, isSpecial(this.url));\r\n    if (host === failure) {\r\n      return failure;\r\n    }\r\n\r\n    this.url.host = host;\r\n    this.buffer = \"\";\r\n    this.state = \"port\";\r\n    if (this.stateOverride === \"hostname\") {\r\n      return false;\r\n    }\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92)) {\r\n    --this.pointer;\r\n    if (isSpecial(this.url) && this.buffer === \"\") {\r\n      this.parseError = true;\r\n      return failure;\r\n    } else if (this.stateOverride && this.buffer === \"\" &&\r\n               (includesCredentials(this.url) || this.url.port !== null)) {\r\n      this.parseError = true;\r\n      return false;\r\n    }\r\n\r\n    const host = parseHost(this.buffer, isSpecial(this.url));\r\n    if (host === failure) {\r\n      return failure;\r\n    }\r\n\r\n    this.url.host = host;\r\n    this.buffer = \"\";\r\n    this.state = \"path start\";\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n  } else {\r\n    if (c === 91) {\r\n      this.arrFlag = true;\r\n    } else if (c === 93) {\r\n      this.arrFlag = false;\r\n    }\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse port\"] = function parsePort(c, cStr) {\r\n  if (isASCIIDigit(c)) {\r\n    this.buffer += cStr;\r\n  } else if (isNaN(c) || c === 47 || c === 63 || c === 35 ||\r\n             (isSpecial(this.url) && c === 92) ||\r\n             this.stateOverride) {\r\n    if (this.buffer !== \"\") {\r\n      const port = parseInt(this.buffer);\r\n      if (port > Math.pow(2, 16) - 1) {\r\n        this.parseError = true;\r\n        return failure;\r\n      }\r\n      this.url.port = port === defaultPort(this.url.scheme) ? null : port;\r\n      this.buffer = \"\";\r\n    }\r\n    if (this.stateOverride) {\r\n      return false;\r\n    }\r\n    this.state = \"path start\";\r\n    --this.pointer;\r\n  } else {\r\n    this.parseError = true;\r\n    return failure;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nconst fileOtherwiseCodePoints = new Set([47, 92, 63, 35]);\r\n\r\nURLStateMachine.prototype[\"parse file\"] = function parseFile(c) {\r\n  this.url.scheme = \"file\";\r\n\r\n  if (c === 47 || c === 92) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"file slash\";\r\n  } else if (this.base !== null && this.base.scheme === \"file\") {\r\n    if (isNaN(c)) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = this.base.query;\r\n    } else if (c === 63) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = \"\";\r\n      this.state = \"query\";\r\n    } else if (c === 35) {\r\n      this.url.host = this.base.host;\r\n      this.url.path = this.base.path.slice();\r\n      this.url.query = this.base.query;\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    } else {\r\n      if (this.input.length - this.pointer - 1 === 0 || // remaining consists of 0 code points\r\n          !isWindowsDriveLetterCodePoints(c, this.input[this.pointer + 1]) ||\r\n          (this.input.length - this.pointer - 1 >= 2 && // remaining has at least 2 code points\r\n           !fileOtherwiseCodePoints.has(this.input[this.pointer + 2]))) {\r\n        this.url.host = this.base.host;\r\n        this.url.path = this.base.path.slice();\r\n        shortenPath(this.url);\r\n      } else {\r\n        this.parseError = true;\r\n      }\r\n\r\n      this.state = \"path\";\r\n      --this.pointer;\r\n    }\r\n  } else {\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse file slash\"] = function parseFileSlash(c) {\r\n  if (c === 47 || c === 92) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"file host\";\r\n  } else {\r\n    if (this.base !== null && this.base.scheme === \"file\") {\r\n      if (isNormalizedWindowsDriveLetterString(this.base.path[0])) {\r\n        this.url.path.push(this.base.path[0]);\r\n      } else {\r\n        this.url.host = this.base.host;\r\n      }\r\n    }\r\n    this.state = \"path\";\r\n    --this.pointer;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse file host\"] = function parseFileHost(c, cStr) {\r\n  if (isNaN(c) || c === 47 || c === 92 || c === 63 || c === 35) {\r\n    --this.pointer;\r\n    if (!this.stateOverride && isWindowsDriveLetterString(this.buffer)) {\r\n      this.parseError = true;\r\n      this.state = \"path\";\r\n    } else if (this.buffer === \"\") {\r\n      this.url.host = \"\";\r\n      if (this.stateOverride) {\r\n        return false;\r\n      }\r\n      this.state = \"path start\";\r\n    } else {\r\n      let host = parseHost(this.buffer, isSpecial(this.url));\r\n      if (host === failure) {\r\n        return failure;\r\n      }\r\n      if (host === \"localhost\") {\r\n        host = \"\";\r\n      }\r\n      this.url.host = host;\r\n\r\n      if (this.stateOverride) {\r\n        return false;\r\n      }\r\n\r\n      this.buffer = \"\";\r\n      this.state = \"path start\";\r\n    }\r\n  } else {\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path start\"] = function parsePathStart(c) {\r\n  if (isSpecial(this.url)) {\r\n    if (c === 92) {\r\n      this.parseError = true;\r\n    }\r\n    this.state = \"path\";\r\n\r\n    if (c !== 47 && c !== 92) {\r\n      --this.pointer;\r\n    }\r\n  } else if (!this.stateOverride && c === 63) {\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (!this.stateOverride && c === 35) {\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else if (c !== undefined) {\r\n    this.state = \"path\";\r\n    if (c !== 47) {\r\n      --this.pointer;\r\n    }\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse path\"] = function parsePath(c) {\r\n  if (isNaN(c) || c === 47 || (isSpecial(this.url) && c === 92) ||\r\n      (!this.stateOverride && (c === 63 || c === 35))) {\r\n    if (isSpecial(this.url) && c === 92) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (isDoubleDot(this.buffer)) {\r\n      shortenPath(this.url);\r\n      if (c !== 47 && !(isSpecial(this.url) && c === 92)) {\r\n        this.url.path.push(\"\");\r\n      }\r\n    } else if (isSingleDot(this.buffer) && c !== 47 &&\r\n               !(isSpecial(this.url) && c === 92)) {\r\n      this.url.path.push(\"\");\r\n    } else if (!isSingleDot(this.buffer)) {\r\n      if (this.url.scheme === \"file\" && this.url.path.length === 0 && isWindowsDriveLetterString(this.buffer)) {\r\n        if (this.url.host !== \"\" && this.url.host !== null) {\r\n          this.parseError = true;\r\n          this.url.host = \"\";\r\n        }\r\n        this.buffer = this.buffer[0] + \":\";\r\n      }\r\n      this.url.path.push(this.buffer);\r\n    }\r\n    this.buffer = \"\";\r\n    if (this.url.scheme === \"file\" && (c === undefined || c === 63 || c === 35)) {\r\n      while (this.url.path.length > 1 && this.url.path[0] === \"\") {\r\n        this.parseError = true;\r\n        this.url.path.shift();\r\n      }\r\n    }\r\n    if (c === 63) {\r\n      this.url.query = \"\";\r\n      this.state = \"query\";\r\n    }\r\n    if (c === 35) {\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    }\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.buffer += percentEncodeChar(c, isPathPercentEncode);\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse cannot-be-a-base-URL path\"] = function parseCannotBeABaseURLPath(c) {\r\n  if (c === 63) {\r\n    this.url.query = \"\";\r\n    this.state = \"query\";\r\n  } else if (c === 35) {\r\n    this.url.fragment = \"\";\r\n    this.state = \"fragment\";\r\n  } else {\r\n    // TODO: Add: not a URL code point\r\n    if (!isNaN(c) && c !== 37) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (c === 37 &&\r\n        (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n         !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    if (!isNaN(c)) {\r\n      this.url.path[0] = this.url.path[0] + percentEncodeChar(c, isC0ControlPercentEncode);\r\n    }\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse query\"] = function parseQuery(c, cStr) {\r\n  if (isNaN(c) || (!this.stateOverride && c === 35)) {\r\n    if (!isSpecial(this.url) || this.url.scheme === \"ws\" || this.url.scheme === \"wss\") {\r\n      this.encodingOverride = \"utf-8\";\r\n    }\r\n\r\n    const buffer = new Buffer(this.buffer); // TODO: Use encoding override instead\r\n    for (let i = 0; i < buffer.length; ++i) {\r\n      if (buffer[i] < 0x21 || buffer[i] > 0x7E || buffer[i] === 0x22 || buffer[i] === 0x23 ||\r\n          buffer[i] === 0x3C || buffer[i] === 0x3E) {\r\n        this.url.query += percentEncode(buffer[i]);\r\n      } else {\r\n        this.url.query += String.fromCodePoint(buffer[i]);\r\n      }\r\n    }\r\n\r\n    this.buffer = \"\";\r\n    if (c === 35) {\r\n      this.url.fragment = \"\";\r\n      this.state = \"fragment\";\r\n    }\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.buffer += cStr;\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nURLStateMachine.prototype[\"parse fragment\"] = function parseFragment(c) {\r\n  if (isNaN(c)) { // do nothing\r\n  } else if (c === 0x0) {\r\n    this.parseError = true;\r\n  } else {\r\n    // TODO: If c is not a URL code point and not \"%\", parse error.\r\n    if (c === 37 &&\r\n      (!isASCIIHex(this.input[this.pointer + 1]) ||\r\n        !isASCIIHex(this.input[this.pointer + 2]))) {\r\n      this.parseError = true;\r\n    }\r\n\r\n    this.url.fragment += percentEncodeChar(c, isC0ControlPercentEncode);\r\n  }\r\n\r\n  return true;\r\n};\r\n\r\nfunction serializeURL(url, excludeFragment) {\r\n  let output = url.scheme + \":\";\r\n  if (url.host !== null) {\r\n    output += \"//\";\r\n\r\n    if (url.username !== \"\" || url.password !== \"\") {\r\n      output += url.username;\r\n      if (url.password !== \"\") {\r\n        output += \":\" + url.password;\r\n      }\r\n      output += \"@\";\r\n    }\r\n\r\n    output += serializeHost(url.host);\r\n\r\n    if (url.port !== null) {\r\n      output += \":\" + url.port;\r\n    }\r\n  } else if (url.host === null && url.scheme === \"file\") {\r\n    output += \"//\";\r\n  }\r\n\r\n  if (url.cannotBeABaseURL) {\r\n    output += url.path[0];\r\n  } else {\r\n    for (const string of url.path) {\r\n      output += \"/\" + string;\r\n    }\r\n  }\r\n\r\n  if (url.query !== null) {\r\n    output += \"?\" + url.query;\r\n  }\r\n\r\n  if (!excludeFragment && url.fragment !== null) {\r\n    output += \"#\" + url.fragment;\r\n  }\r\n\r\n  return output;\r\n}\r\n\r\nfunction serializeOrigin(tuple) {\r\n  let result = tuple.scheme + \"://\";\r\n  result += serializeHost(tuple.host);\r\n\r\n  if (tuple.port !== null) {\r\n    result += \":\" + tuple.port;\r\n  }\r\n\r\n  return result;\r\n}\r\n\r\nmodule.exports.serializeURL = serializeURL;\r\n\r\nmodule.exports.serializeURLOrigin = function (url) {\r\n  // https://url.spec.whatwg.org/#concept-url-origin\r\n  switch (url.scheme) {\r\n    case \"blob\":\r\n      try {\r\n        return module.exports.serializeURLOrigin(module.exports.parseURL(url.path[0]));\r\n      } catch (e) {\r\n        // serializing an opaque origin returns \"null\"\r\n        return \"null\";\r\n      }\r\n    case \"ftp\":\r\n    case \"gopher\":\r\n    case \"http\":\r\n    case \"https\":\r\n    case \"ws\":\r\n    case \"wss\":\r\n      return serializeOrigin({\r\n        scheme: url.scheme,\r\n        host: url.host,\r\n        port: url.port\r\n      });\r\n    case \"file\":\r\n      // spec says \"exercise to the reader\", chrome says \"file://\"\r\n      return \"file://\";\r\n    default:\r\n      // serializing an opaque origin returns \"null\"\r\n      return \"null\";\r\n  }\r\n};\r\n\r\nmodule.exports.basicURLParse = function (input, options) {\r\n  if (options === undefined) {\r\n    options = {};\r\n  }\r\n\r\n  const usm = new URLStateMachine(input, options.baseURL, options.encodingOverride, options.url, options.stateOverride);\r\n  if (usm.failure) {\r\n    return \"failure\";\r\n  }\r\n\r\n  return usm.url;\r\n};\r\n\r\nmodule.exports.setTheUsername = function (url, username) {\r\n  url.username = \"\";\r\n  const decoded = punycode.ucs2.decode(username);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    url.username += percentEncodeChar(decoded[i], isUserinfoPercentEncode);\r\n  }\r\n};\r\n\r\nmodule.exports.setThePassword = function (url, password) {\r\n  url.password = \"\";\r\n  const decoded = punycode.ucs2.decode(password);\r\n  for (let i = 0; i < decoded.length; ++i) {\r\n    url.password += percentEncodeChar(decoded[i], isUserinfoPercentEncode);\r\n  }\r\n};\r\n\r\nmodule.exports.serializeHost = serializeHost;\r\n\r\nmodule.exports.cannotHaveAUsernamePasswordPort = cannotHaveAUsernamePasswordPort;\r\n\r\nmodule.exports.serializeInteger = function (integer) {\r\n  return String(integer);\r\n};\r\n\r\nmodule.exports.parseURL = function (input, options) {\r\n  if (options === undefined) {\r\n    options = {};\r\n  }\r\n\r\n  // We don't handle blobs, so this just delegates:\r\n  return module.exports.basicURLParse(input, { baseURL: options.baseURL, encodingOverride: options.encodingOverride });\r\n};\r\n","\"use strict\";\n\nmodule.exports.mixin = function mixin(target, source) {\n  const keys = Object.getOwnPropertyNames(source);\n  for (let i = 0; i < keys.length; ++i) {\n    Object.defineProperty(target, keys[i], Object.getOwnPropertyDescriptor(source, keys[i]));\n  }\n};\n\nmodule.exports.wrapperSymbol = Symbol(\"wrapper\");\nmodule.exports.implSymbol = Symbol(\"impl\");\n\nmodule.exports.wrapperForImpl = function (impl) {\n  return impl[module.exports.wrapperSymbol];\n};\n\nmodule.exports.implForWrapper = function (wrapper) {\n  return wrapper[module.exports.implSymbol];\n};\n\n","// Returns a wrapper function that returns a wrapped callback\n// The wrapper function should do some stuff, and return a\n// presumably different callback function.\n// This makes sure that own properties are retained, so that\n// decorations and such are not lost along the way.\nmodule.exports = wrappy\nfunction wrappy (fn, cb) {\n  if (fn && cb) return wrappy(fn)(cb)\n\n  if (typeof fn !== 'function')\n    throw new TypeError('need wrapper function')\n\n  Object.keys(fn).forEach(function (k) {\n    wrapper[k] = fn[k]\n  })\n\n  return wrapper\n\n  function wrapper() {\n    var args = new Array(arguments.length)\n    for (var i = 0; i < args.length; i++) {\n      args[i] = arguments[i]\n    }\n    var ret = fn.apply(this, args)\n    var cb = args[args.length-1]\n    if (typeof ret === 'function' && ret !== cb) {\n      Object.keys(cb).forEach(function (k) {\n        ret[k] = cb[k]\n      })\n    }\n    return ret\n  }\n}\n",null,"module.exports = require(\"assert\");","module.exports = require(\"child_process\");","module.exports = require(\"crypto\");","module.exports = require(\"events\");","module.exports = require(\"fs\");","module.exports = require(\"http\");","module.exports = require(\"https\");","module.exports = require(\"net\");","module.exports = require(\"os\");","module.exports = require(\"path\");","module.exports = require(\"punycode\");","module.exports = require(\"stream\");","module.exports = require(\"string_decoder\");","module.exports = require(\"timers\");","module.exports = require(\"tls\");","module.exports = require(\"url\");","module.exports = require(\"util\");","module.exports = require(\"zlib\");","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\tvar threw = true;\n\ttry {\n\t\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\t\tthrew = false;\n\t} finally {\n\t\tif(threw) delete __webpack_module_cache__[moduleId];\n\t}\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","\nif (typeof __webpack_require__ !== 'undefined') __webpack_require__.ab = __dirname + \"/\";","","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(4822);\n",""],"names":[],"sourceRoot":""}
\ No newline at end of file
diff --git a/actions/installer/package-lock.json b/actions/installer/package-lock.json
index a90477fd4..f3fd49ccc 100644
--- a/actions/installer/package-lock.json
+++ b/actions/installer/package-lock.json
@@ -17,19 +17,19 @@
       },
       "devDependencies": {
         "@types/jasmine": "4.3.1",
-        "@types/node": "18.14.2",
+        "@types/node": "18.15.11",
         "@vercel/ncc": "0.36.1",
-        "eslint": "8.35.0",
-        "eslint-plugin-github": "4.6.1",
-        "jasmine": "4.5.0",
-        "prettier": "2.8.4",
-        "typescript": "4.9.5"
+        "eslint": "8.38.0",
+        "eslint-plugin-github": "4.7.0",
+        "jasmine": "4.6.0",
+        "prettier": "2.8.7",
+        "typescript": "5.0.4"
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
-      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
       "dependencies": {
         "@actions/http-client": "^2.0.1",
         "uuid": "^8.3.2"
@@ -44,9 +44,9 @@
       }
     },
     "node_modules/@actions/github": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.3.tgz",
-      "integrity": "sha512-myjA/pdLQfhUGLtRZC/J4L1RXOG4o6aYdiEq+zr5wVVKljzbFld+xv10k1FX6IkIJtNxbAq44BdwSNpQ015P0A==",
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
+      "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
       "dependencies": {
         "@actions/http-client": "^2.0.1",
         "@octokit/core": "^3.6.0",
@@ -63,9 +63,9 @@
       }
     },
     "node_modules/@actions/io": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.2.tgz",
-      "integrity": "sha512-d+RwPlMp+2qmBfeLYPLXuSRykDIFEwdTA0MMxzS9kh4kvP1ftrc/9fzy6pX6qAjthdXruHQ6/6kjT/DNo5ALuw=="
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
     },
     "node_modules/@actions/tool-cache": {
       "version": "2.0.1",
@@ -101,15 +101,39 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@eslint-community/eslint-utils": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.2.0.tgz",
+      "integrity": "sha512-gB8T4H4DEfX2IV9zGDJPOBgP1e/DbfCPDTtEqUMckpvzS1OYtva8JdFYBqMwYk7xAQ429WGF/UPqn8uQ//h2vQ==",
+      "dev": true,
+      "dependencies": {
+        "eslint-visitor-keys": "^3.3.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
+      }
+    },
+    "node_modules/@eslint-community/regexpp": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.4.0.tgz",
+      "integrity": "sha512-A9983Q0LnDGdLPjxyXQ00sbV+K+O+ko2Dr+CZigbHWtX9pNfxlaBkMR8X1CztI73zuEyEBXTVjx7CE+/VSwDiQ==",
+      "dev": true,
+      "engines": {
+        "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
+      }
+    },
     "node_modules/@eslint/eslintrc": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.0.tgz",
-      "integrity": "sha512-fluIaaV+GyV24CCu/ggiHdV+j4RNh85yQnAYS/G2mZODZgGmmlrgCydjUcV3YvxCm9x8nMAfThsqTni4KiXT4A==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.2.tgz",
+      "integrity": "sha512-3W4f5tDUra+pA+FzgugqL2pRimUTDJWKr7BINqOpkZrC0uYI0NIc0/JFgBROCU07HR6GieA5m3/rsPIhDmCXTQ==",
       "dev": true,
       "dependencies": {
         "ajv": "^6.12.4",
         "debug": "^4.3.2",
-        "espree": "^9.4.0",
+        "espree": "^9.5.1",
         "globals": "^13.19.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
@@ -125,9 +149,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.35.0.tgz",
-      "integrity": "sha512-JXdzbRiWclLVoD8sNUjR443VVlYqiYmDVT6rGUEIEHU5YJW0gaVZwV2xgM7D4arkvASqD0IlLUVjHiFuxaftRw==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz",
+      "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -327,9 +351,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "18.14.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.14.2.tgz",
-      "integrity": "sha512-1uEQxww3DaghA0RxqHx0O0ppVlo43pJhepY51OxuQIKHpjbnYLA7vcdwioNPzIqmC2u3I/dmylcqjlh0e7AyUA==",
+      "version": "18.15.11",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.15.11.tgz",
+      "integrity": "sha512-E5Kwq2n4SbMzQOn6wnmBjuK9ouqlURrcZDVfbo9ftDDTFt3nk7ZKK4GMOzoYgnpQJKcxwQw+lGaBvvlMo0qN/Q==",
       "dev": true
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
@@ -579,9 +603,9 @@
       }
     },
     "node_modules/acorn": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
+      "version": "8.8.2",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
+      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
       "dev": true,
       "bin": {
         "acorn": "bin/acorn"
@@ -1150,13 +1174,15 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.35.0.tgz",
-      "integrity": "sha512-BxAf1fVL7w+JLRQhWl2pzGeSiGqbWumV4WNvc9Rhp6tiCtm4oHnyPBSEtMGZwrQgudFQ+otqzWoPB7x+hxoWsw==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz",
+      "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==",
       "dev": true,
       "dependencies": {
-        "@eslint/eslintrc": "^2.0.0",
-        "@eslint/js": "8.35.0",
+        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/regexpp": "^4.4.0",
+        "@eslint/eslintrc": "^2.0.2",
+        "@eslint/js": "8.38.0",
         "@humanwhocodes/config-array": "^0.11.8",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -1167,9 +1193,8 @@
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
         "eslint-scope": "^7.1.1",
-        "eslint-utils": "^3.0.0",
-        "eslint-visitor-keys": "^3.3.0",
-        "espree": "^9.4.0",
+        "eslint-visitor-keys": "^3.4.0",
+        "espree": "^9.5.1",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
         "fast-deep-equal": "^3.1.3",
@@ -1191,7 +1216,6 @@
         "minimatch": "^3.1.2",
         "natural-compare": "^1.4.0",
         "optionator": "^0.9.1",
-        "regexpp": "^3.2.0",
         "strip-ansi": "^6.0.1",
         "strip-json-comments": "^3.1.0",
         "text-table": "^0.2.0"
@@ -1319,9 +1343,9 @@
       }
     },
     "node_modules/eslint-plugin-github": {
-      "version": "4.6.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.6.1.tgz",
-      "integrity": "sha512-AjCxE+2JmT+ppq3AVNra3iJ0BTAj6rYmtHJtkEcIEtrBHVi9xmCl5ZdIYLh7U/YKGT2cttdcYvbe59HEYW67KA==",
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.7.0.tgz",
+      "integrity": "sha512-SIFSy6IXtN3aGQ6YyFWg/oxRUyAcYwg5G0wh+ov1HQCvmp+Pzs1GzeVjU8QcIQSSJfverQzuxWrJCAln/d2PuQ==",
       "dev": true,
       "dependencies": {
         "@github/browserslist-config": "^1.0.0",
@@ -1522,23 +1546,26 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
-      "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.0.tgz",
+      "integrity": "sha512-HPpKPUBQcAsZOsHAFwTtIKcYlCje62XB7SEAcxjtmW6TD1WVpkS6i6/hOVtTZIl4zGj/mBqpFVGvaDneik+VoQ==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
       }
     },
     "node_modules/espree": {
-      "version": "9.4.0",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-9.4.0.tgz",
-      "integrity": "sha512-DQmnRpLj7f6TgN/NYb0MTzJXL+vJF9h3pHy4JhCIs3zwcgez8xmGg3sXHcEO97BrmO2OSvCwMdfdlyl+E9KjOw==",
+      "version": "9.5.1",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.1.tgz",
+      "integrity": "sha512-5yxtHSZXRSW5pvv3hAlXM5+/Oswi1AUFqBmbibKb5s6bp3rGIDkyXU6xCoyuuLhijr4SFwPrXRoZjz0AZDN9tg==",
       "dev": true,
       "dependencies": {
         "acorn": "^8.8.0",
         "acorn-jsx": "^5.3.2",
-        "eslint-visitor-keys": "^3.3.0"
+        "eslint-visitor-keys": "^3.4.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -2351,22 +2378,22 @@
       "dev": true
     },
     "node_modules/jasmine": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/jasmine/-/jasmine-4.5.0.tgz",
-      "integrity": "sha512-9olGRvNZyADIwYL9XBNBst5BTU/YaePzuddK+YRslc7rI9MdTIE4r3xaBKbv2GEmzYYUfMOdTR8/i6JfLZaxSQ==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/jasmine/-/jasmine-4.6.0.tgz",
+      "integrity": "sha512-iq7HQ5M8ydNUspjd9vbFW9Lu+6lQ1QLDIqjl0WysEllF5EJZy8XaUyNlhCJVwOx2YFzqTtARWbS56F/f0PzRFw==",
       "dev": true,
       "dependencies": {
         "glob": "^7.1.6",
-        "jasmine-core": "^4.5.0"
+        "jasmine-core": "^4.6.0"
       },
       "bin": {
         "jasmine": "bin/jasmine.js"
       }
     },
     "node_modules/jasmine-core": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/jasmine-core/-/jasmine-core-4.5.0.tgz",
-      "integrity": "sha512-9PMzyvhtocxb3aXJVOPqBDswdgyAeSB81QnLop4npOpbqnheaTEwPc9ZloQeVswugPManznQBjD8kWDTjlnHuw==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/jasmine-core/-/jasmine-core-4.6.0.tgz",
+      "integrity": "sha512-O236+gd0ZXS8YAjFx8xKaJ94/erqUliEkJTDedyE7iHvv4ZVqi+q+8acJxu05/WJDKm512EUNn809In37nWlAQ==",
       "dev": true
     },
     "node_modules/js-sdsl": {
@@ -2828,9 +2855,9 @@
       }
     },
     "node_modules/prettier": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.4.tgz",
-      "integrity": "sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==",
+      "version": "2.8.7",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz",
+      "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==",
       "dev": true,
       "bin": {
         "prettier": "bin-prettier.js"
@@ -3268,16 +3295,16 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.9.5",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz",
-      "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.4.tgz",
+      "integrity": "sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
       },
       "engines": {
-        "node": ">=4.2.0"
+        "node": ">=12.20"
       }
     },
     "node_modules/unbox-primitive": {
@@ -3458,9 +3485,9 @@
   },
   "dependencies": {
     "@actions/core": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
-      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
       "requires": {
         "@actions/http-client": "^2.0.1",
         "uuid": "^8.3.2"
@@ -3475,9 +3502,9 @@
       }
     },
     "@actions/github": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.3.tgz",
-      "integrity": "sha512-myjA/pdLQfhUGLtRZC/J4L1RXOG4o6aYdiEq+zr5wVVKljzbFld+xv10k1FX6IkIJtNxbAq44BdwSNpQ015P0A==",
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
+      "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
       "requires": {
         "@actions/http-client": "^2.0.1",
         "@octokit/core": "^3.6.0",
@@ -3494,9 +3521,9 @@
       }
     },
     "@actions/io": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.2.tgz",
-      "integrity": "sha512-d+RwPlMp+2qmBfeLYPLXuSRykDIFEwdTA0MMxzS9kh4kvP1ftrc/9fzy6pX6qAjthdXruHQ6/6kjT/DNo5ALuw=="
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
     },
     "@actions/tool-cache": {
       "version": "2.0.1",
@@ -3527,15 +3554,30 @@
         "regenerator-runtime": "^0.13.11"
       }
     },
+    "@eslint-community/eslint-utils": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.2.0.tgz",
+      "integrity": "sha512-gB8T4H4DEfX2IV9zGDJPOBgP1e/DbfCPDTtEqUMckpvzS1OYtva8JdFYBqMwYk7xAQ429WGF/UPqn8uQ//h2vQ==",
+      "dev": true,
+      "requires": {
+        "eslint-visitor-keys": "^3.3.0"
+      }
+    },
+    "@eslint-community/regexpp": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.4.0.tgz",
+      "integrity": "sha512-A9983Q0LnDGdLPjxyXQ00sbV+K+O+ko2Dr+CZigbHWtX9pNfxlaBkMR8X1CztI73zuEyEBXTVjx7CE+/VSwDiQ==",
+      "dev": true
+    },
     "@eslint/eslintrc": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.0.tgz",
-      "integrity": "sha512-fluIaaV+GyV24CCu/ggiHdV+j4RNh85yQnAYS/G2mZODZgGmmlrgCydjUcV3YvxCm9x8nMAfThsqTni4KiXT4A==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.2.tgz",
+      "integrity": "sha512-3W4f5tDUra+pA+FzgugqL2pRimUTDJWKr7BINqOpkZrC0uYI0NIc0/JFgBROCU07HR6GieA5m3/rsPIhDmCXTQ==",
       "dev": true,
       "requires": {
         "ajv": "^6.12.4",
         "debug": "^4.3.2",
-        "espree": "^9.4.0",
+        "espree": "^9.5.1",
         "globals": "^13.19.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
@@ -3545,9 +3587,9 @@
       }
     },
     "@eslint/js": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.35.0.tgz",
-      "integrity": "sha512-JXdzbRiWclLVoD8sNUjR443VVlYqiYmDVT6rGUEIEHU5YJW0gaVZwV2xgM7D4arkvASqD0IlLUVjHiFuxaftRw==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz",
+      "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==",
       "dev": true
     },
     "@github/browserslist-config": {
@@ -3719,9 +3761,9 @@
       "dev": true
     },
     "@types/node": {
-      "version": "18.14.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.14.2.tgz",
-      "integrity": "sha512-1uEQxww3DaghA0RxqHx0O0ppVlo43pJhepY51OxuQIKHpjbnYLA7vcdwioNPzIqmC2u3I/dmylcqjlh0e7AyUA==",
+      "version": "18.15.11",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.15.11.tgz",
+      "integrity": "sha512-E5Kwq2n4SbMzQOn6wnmBjuK9ouqlURrcZDVfbo9ftDDTFt3nk7ZKK4GMOzoYgnpQJKcxwQw+lGaBvvlMo0qN/Q==",
       "dev": true
     },
     "@typescript-eslint/eslint-plugin": {
@@ -3867,9 +3909,9 @@
       "dev": true
     },
     "acorn": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
-      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
+      "version": "8.8.2",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
+      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
       "dev": true
     },
     "acorn-jsx": {
@@ -4290,13 +4332,15 @@
       "dev": true
     },
     "eslint": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.35.0.tgz",
-      "integrity": "sha512-BxAf1fVL7w+JLRQhWl2pzGeSiGqbWumV4WNvc9Rhp6tiCtm4oHnyPBSEtMGZwrQgudFQ+otqzWoPB7x+hxoWsw==",
+      "version": "8.38.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz",
+      "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==",
       "dev": true,
       "requires": {
-        "@eslint/eslintrc": "^2.0.0",
-        "@eslint/js": "8.35.0",
+        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/regexpp": "^4.4.0",
+        "@eslint/eslintrc": "^2.0.2",
+        "@eslint/js": "8.38.0",
         "@humanwhocodes/config-array": "^0.11.8",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -4307,9 +4351,8 @@
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
         "eslint-scope": "^7.1.1",
-        "eslint-utils": "^3.0.0",
-        "eslint-visitor-keys": "^3.3.0",
-        "espree": "^9.4.0",
+        "eslint-visitor-keys": "^3.4.0",
+        "espree": "^9.5.1",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
         "fast-deep-equal": "^3.1.3",
@@ -4331,7 +4374,6 @@
         "minimatch": "^3.1.2",
         "natural-compare": "^1.4.0",
         "optionator": "^0.9.1",
-        "regexpp": "^3.2.0",
         "strip-ansi": "^6.0.1",
         "strip-json-comments": "^3.1.0",
         "text-table": "^0.2.0"
@@ -4425,9 +4467,9 @@
       }
     },
     "eslint-plugin-github": {
-      "version": "4.6.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.6.1.tgz",
-      "integrity": "sha512-AjCxE+2JmT+ppq3AVNra3iJ0BTAj6rYmtHJtkEcIEtrBHVi9xmCl5ZdIYLh7U/YKGT2cttdcYvbe59HEYW67KA==",
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.7.0.tgz",
+      "integrity": "sha512-SIFSy6IXtN3aGQ6YyFWg/oxRUyAcYwg5G0wh+ov1HQCvmp+Pzs1GzeVjU8QcIQSSJfverQzuxWrJCAln/d2PuQ==",
       "dev": true,
       "requires": {
         "@github/browserslist-config": "^1.0.0",
@@ -4576,20 +4618,20 @@
       }
     },
     "eslint-visitor-keys": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
-      "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.0.tgz",
+      "integrity": "sha512-HPpKPUBQcAsZOsHAFwTtIKcYlCje62XB7SEAcxjtmW6TD1WVpkS6i6/hOVtTZIl4zGj/mBqpFVGvaDneik+VoQ==",
       "dev": true
     },
     "espree": {
-      "version": "9.4.0",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-9.4.0.tgz",
-      "integrity": "sha512-DQmnRpLj7f6TgN/NYb0MTzJXL+vJF9h3pHy4JhCIs3zwcgez8xmGg3sXHcEO97BrmO2OSvCwMdfdlyl+E9KjOw==",
+      "version": "9.5.1",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.1.tgz",
+      "integrity": "sha512-5yxtHSZXRSW5pvv3hAlXM5+/Oswi1AUFqBmbibKb5s6bp3rGIDkyXU6xCoyuuLhijr4SFwPrXRoZjz0AZDN9tg==",
       "dev": true,
       "requires": {
         "acorn": "^8.8.0",
         "acorn-jsx": "^5.3.2",
-        "eslint-visitor-keys": "^3.3.0"
+        "eslint-visitor-keys": "^3.4.0"
       }
     },
     "esquery": {
@@ -5170,19 +5212,19 @@
       "dev": true
     },
     "jasmine": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/jasmine/-/jasmine-4.5.0.tgz",
-      "integrity": "sha512-9olGRvNZyADIwYL9XBNBst5BTU/YaePzuddK+YRslc7rI9MdTIE4r3xaBKbv2GEmzYYUfMOdTR8/i6JfLZaxSQ==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/jasmine/-/jasmine-4.6.0.tgz",
+      "integrity": "sha512-iq7HQ5M8ydNUspjd9vbFW9Lu+6lQ1QLDIqjl0WysEllF5EJZy8XaUyNlhCJVwOx2YFzqTtARWbS56F/f0PzRFw==",
       "dev": true,
       "requires": {
         "glob": "^7.1.6",
-        "jasmine-core": "^4.5.0"
+        "jasmine-core": "^4.6.0"
       }
     },
     "jasmine-core": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/jasmine-core/-/jasmine-core-4.5.0.tgz",
-      "integrity": "sha512-9PMzyvhtocxb3aXJVOPqBDswdgyAeSB81QnLop4npOpbqnheaTEwPc9ZloQeVswugPManznQBjD8kWDTjlnHuw==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/jasmine-core/-/jasmine-core-4.6.0.tgz",
+      "integrity": "sha512-O236+gd0ZXS8YAjFx8xKaJ94/erqUliEkJTDedyE7iHvv4ZVqi+q+8acJxu05/WJDKm512EUNn809In37nWlAQ==",
       "dev": true
     },
     "js-sdsl": {
@@ -5531,9 +5573,9 @@
       "dev": true
     },
     "prettier": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.4.tgz",
-      "integrity": "sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==",
+      "version": "2.8.7",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz",
+      "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==",
       "dev": true
     },
     "prettier-linter-helpers": {
@@ -5821,9 +5863,9 @@
       }
     },
     "typescript": {
-      "version": "4.9.5",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz",
-      "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.4.tgz",
+      "integrity": "sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==",
       "dev": true
     },
     "unbox-primitive": {
diff --git a/actions/installer/package.json b/actions/installer/package.json
index 42e83e828..56f3505db 100644
--- a/actions/installer/package.json
+++ b/actions/installer/package.json
@@ -24,12 +24,12 @@
   },
   "devDependencies": {
     "@types/jasmine": "4.3.1",
-    "@types/node": "18.14.2",
+    "@types/node": "18.15.11",
     "@vercel/ncc": "0.36.1",
-    "eslint": "8.35.0",
-    "eslint-plugin-github": "4.6.1",
-    "jasmine": "4.5.0",
-    "prettier": "2.8.4",
-    "typescript": "4.9.5"
+    "eslint": "8.38.0",
+    "eslint-plugin-github": "4.7.0",
+    "jasmine": "4.6.0",
+    "prettier": "2.8.7",
+    "typescript": "5.0.4"
   }
 }
diff --git a/cli/experimental/service/Dockerfile b/cli/experimental/service/Dockerfile
index 9c9b33bc9..64ddc6481 100644
--- a/cli/experimental/service/Dockerfile
+++ b/cli/experimental/service/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.19@sha256:7ce31d15a3a4dbf20446cccffa4020d3a2974ad2287d96123f55caf22c7adb71 AS base
+FROM golang:1.19@sha256:9f2dd04486e84eec72d945b077d568976981d9afed8b4e2aeb08f7ab739292b3 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY . ./
diff --git a/cli/slsa-verifier/main.go b/cli/slsa-verifier/main.go
index 41dcfa810..fefd9f372 100644
--- a/cli/slsa-verifier/main.go
+++ b/cli/slsa-verifier/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/slsa-framework/slsa-verifier/v2/options"
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/release-utils/version"
 )
@@ -16,6 +17,12 @@ func check(err error) {
 	}
 }
 
+func envWarnings() {
+	if options.TestingEnabled() {
+		fmt.Fprintf(os.Stderr, "WARNING: Insecure SLSA_VERIFIER_TESTING is enabled.\n")
+	}
+}
+
 func rootCmd() *cobra.Command {
 	c := &cobra.Command{
 		Use:   "slsa-verifier",
@@ -29,11 +36,13 @@ For more information on SLSA, visit https://slsa.dev`,
 	c.AddCommand(version.Version())
 	c.AddCommand(verifyArtifactCmd())
 	c.AddCommand(verifyImageCmd())
+	c.AddCommand(verifyNpmPackageCmd())
 	// We print our own errors and usage in the check function.
 	c.SilenceErrors = true
 	return c
 }
 
 func main() {
+	envWarnings()
 	check(rootCmd().Execute())
 }
diff --git a/cli/slsa-verifier/main_regression_test.go b/cli/slsa-verifier/main_regression_test.go
index b4a05dc18..d62c205f3 100644
--- a/cli/slsa-verifier/main_regression_test.go
+++ b/cli/slsa-verifier/main_regression_test.go
@@ -18,10 +18,8 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/oci"
-	"github.com/sigstore/cosign/pkg/oci/layout"
 
 	"github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier/verify"
 	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
@@ -673,44 +671,13 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) {
 	container.RunCosignImageVerification = func(ctx context.Context,
 		image string, co *cosign.CheckOpts,
 	) ([]oci.Signature, bool, error) {
-		return cosign.VerifyLocalImageAttestations(ctx, image, co)
-	}
-
-	// TODO: Is there a more uniform way of handling getting image digest for both
-	// remote and local images?
-	localDigestComputeFn := func(image string) (string, error) {
-		// This is copied from cosign's VerifyLocalImageAttestation code:
-		// https://github.com/sigstore/cosign/blob/fdceee4825dc5d56b130f3f431aab93137359e79/pkg/cosign/verify.go#L654
-		se, err := layout.SignedImageIndex(image)
-		if err != nil {
-			return "", err
-		}
-
-		var h v1.Hash
-		// Verify either an image index or image.
-		ii, err := se.SignedImageIndex(v1.Hash{})
-		if err != nil {
-			return "", err
+		key := "@sha256:"
+		i := strings.Index(image, key)
+		if i < 0 {
+			return nil, false, fmt.Errorf("cannot find '%v' in '%v'", key, image)
 		}
-		i, err := se.SignedImage(v1.Hash{})
-		if err != nil {
-			return "", err
-		}
-		switch {
-		case ii != nil:
-			h, err = ii.Digest()
-			if err != nil {
-				return "", err
-			}
-		case i != nil:
-			h, err = i.Digest()
-			if err != nil {
-				return "", err
-			}
-		default:
-			return "", errors.New("must verify either an image index or image")
-		}
-		return strings.TrimPrefix(h.String(), "sha256:"), nil
+		image = image[:i]
+		return cosign.VerifyLocalImageAttestations(ctx, image, co)
 	}
 
 	builder := "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml"
@@ -820,6 +787,13 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) {
 					builderIDs = []*string{tt.pBuilderID}
 				}
 
+				// Compute the digest and append it to the image so that's it 'immutable'.
+				digest, err := localDigestCompute(image)
+				if err != nil {
+					panic(fmt.Sprintf("digest computation %v", err))
+				}
+				image = fmt.Sprintf("%v@sha256:%v", image, digest)
+
 				for _, bid := range builderIDs {
 					cmd := verify.VerifyImageCommand{
 						SourceURI:        tt.source,
@@ -827,7 +801,6 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) {
 						BuilderID:        bid,
 						SourceTag:        tt.ptag,
 						SourceVersionTag: tt.pversiontag,
-						DigestFn:         localDigestComputeFn,
 					}
 
 					outBuilderID, err := cmd.Exec(context.Background(), []string{image})
@@ -863,35 +836,28 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) {
 	}
 }
 
-func Test_runVerifyGCBArtifactImage(t *testing.T) {
-	t.Parallel()
-
-	// TODO: Is there a more uniform way of handling getting image digest for both
-	// remote and local images?
-	localDigestComputeFn := func(image string) (string, error) {
-		// This is copied from cosign's VerifyLocalImageAttestation code:
-		// https://github.com/sigstore/cosign/blob/fdceee4825dc5d56b130f3f431aab93137359e79/pkg/cosign/verify.go#L654
-		se, err := layout.SignedImageIndex(image)
-		if err != nil {
-			return "", err
-		}
-
-		h, err := se.Digest()
-		if err != nil {
-			return "", err
-		}
-
-		return strings.TrimPrefix(h.String(), "sha256:"), nil
+func localDigestCompute(image string) (string, error) {
+	filename := image + ".digest"
+	digest, err := os.ReadFile(filename)
+	if err != nil {
+		return "", fmt.Errorf("ReadFile fail: %w", err)
 	}
+	return strings.TrimPrefix(string(digest), "sha256:"), nil
+}
 
+func Test_runVerifyGCBArtifactImage(t *testing.T) {
+	t.Parallel()
 	builder := "https://cloudbuild.googleapis.com/GoogleHostedWorker"
 	tests := []struct {
 		name           string
 		artifact       string
 		artifactDigest map[string]string
+		noDigest       bool
 		remote         bool
 		provenance     string
 		source         string
+		ptag           *string
+		pversiontag    *string
 		pBuilderID     *string
 		outBuilderID   string
 		err            error
@@ -1091,6 +1057,92 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 			source:     "github.com/laurentsimon/gcb-tests",
 			err:        serrors.ErrorNoValidSignature,
 		},
+		{
+			name:       "tag match",
+			artifact:   "gcloud-container-github-tag",
+			provenance: "gcloud-container-github-tag.json",
+			source:     "github.com/slsa-framework/example-package",
+			ptag:       pString("v33.0.4"),
+			minversion: "v0.3",
+		},
+		{
+			name:       "tag mismatch major",
+			artifact:   "gcloud-container-github-tag",
+			provenance: "gcloud-container-github-tag.json",
+			source:     "github.com/slsa-framework/example-package",
+			ptag:       pString("v34.0.4"),
+			minversion: "v0.3",
+			err:        serrors.ErrorMismatchTag,
+		},
+		{
+			name:       "tag mismatch minor",
+			artifact:   "gcloud-container-github-tag",
+			provenance: "gcloud-container-github-tag.json",
+			source:     "github.com/slsa-framework/example-package",
+			ptag:       pString("v33.1.4"),
+			minversion: "v0.3",
+			err:        serrors.ErrorMismatchTag,
+		},
+		{
+			name:       "tag mismatch patch",
+			artifact:   "gcloud-container-github-tag",
+			provenance: "gcloud-container-github-tag.json",
+			source:     "github.com/slsa-framework/example-package",
+			ptag:       pString("v33.0.5"),
+			minversion: "v0.3",
+			err:        serrors.ErrorMismatchTag,
+		},
+		{
+			name:        "versioned tag match major",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v33"),
+			minversion:  "v0.3",
+		},
+		{
+			name:        "versioned tag match minor",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v33.0"),
+			minversion:  "v0.3",
+		},
+		{
+			name:        "versioned tag match patch",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v33.0.4"),
+			minversion:  "v0.3",
+		},
+		{
+			name:        "versioned tag mismatch patch",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v33.0.5"),
+			minversion:  "v0.3",
+			err:         serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name:        "versioned tag mismatch minor",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v33.1"),
+			minversion:  "v0.3",
+			err:         serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name:        "versioned tag mismatch major",
+			artifact:    "gcloud-container-github-tag",
+			provenance:  "gcloud-container-github-tag.json",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v35"),
+			minversion:  "v0.3",
+			err:         serrors.ErrorMismatchVersionedTag,
+		},
 		// TODO(388): verify the correct provenance is returned.
 		// This should also be done for all other entries in this test.
 		{
@@ -1146,6 +1198,7 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 			artifact:   "index.docker.io/laurentsimon/scorecard",
 			noversion:  true,
 			remote:     true,
+			noDigest:   true,
 			source:     "github.com/laurentsimon/gcb-tests",
 			provenance: "gcloud-container-github.json",
 			pBuilderID: pString(builder + "@v0.2"),
@@ -1170,7 +1223,7 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 				builderIDs := []string{builder + "@" + semver, builder}
 				provenance := filepath.Clean(filepath.Join(TEST_DIR, v, tt.provenance))
 				image := tt.artifact
-				var fn verify.ComputeDigestFn
+				digestFn := container.GetImageDigest
 
 				// If builder ID is set, use it.
 				if tt.pBuilderID != nil {
@@ -1189,10 +1242,20 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 					}
 					image = fmt.Sprintf("%s@sha256:%s", image, digest)
 				}
+
 				// If it is a local image, change the digest computation.
 				if !tt.remote {
 					image = filepath.Clean(filepath.Join(TEST_DIR, v, image))
-					fn = localDigestComputeFn
+					digestFn = localDigestCompute
+				}
+
+				if len(tt.artifactDigest) == 0 && !tt.noDigest {
+					// Compute the digest and append it to the image so that's it 'immutable'.
+					digest, err := digestFn(image)
+					if err != nil {
+						panic(fmt.Sprintf("digest computation %v", err))
+					}
+					image = fmt.Sprintf("%v@sha256:%v", image, digest)
 				}
 
 				// We run the test for each builderID, in order to test
@@ -1203,9 +1266,8 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 						SourceURI:        tt.source,
 						SourceBranch:     nil,
 						BuilderID:        &bid,
-						SourceTag:        nil,
-						SourceVersionTag: nil,
-						DigestFn:         fn,
+						SourceTag:        tt.ptag,
+						SourceVersionTag: tt.pversiontag,
 						ProvenancePath:   &provenance,
 					}
 
@@ -1241,6 +1303,7 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 func Test_runVerifyGHADockerBased(t *testing.T) {
 	// We cannot use t.Setenv due to parallelized tests.
 	os.Setenv("SLSA_VERIFIER_EXPERIMENTAL", "1")
+	os.Setenv("SLSA_VERIFIER_TESTING", "1")
 
 	t.Parallel()
 
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github.digest b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github.digest
new file mode 100644
index 000000000..85c169d0b
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github.digest
@@ -0,0 +1 @@
+sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github/index.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github/index.json
deleted file mode 100755
index e85660c4b..000000000
--- a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-github/index.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-   "schemaVersion": 2,
-   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
-   "config": {
-      "mediaType": "application/vnd.docker.container.image.v1+json",
-      "size": 2036,
-      "digest": "sha256:be95520025220bd36778e8c3b7504255439b59dd9c4d08350abce45836276854"
-   },
-   "layers": [
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 22486039,
-         "digest": "sha256:f17d81b4b692f7e0d6c1176c86b81d9f2cb5ac5349703adca51c61debcfe413c"
-      },
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 159,
-         "digest": "sha256:fa4c836f1a66ac8d2ebe72a28e7036dddfa2f26c9abf195adc6ec880945b701b"
-      },
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 159,
-         "digest": "sha256:fa4c836f1a66ac8d2ebe72a28e7036dddfa2f26c9abf195adc6ec880945b701b"
-      }
-   ]
-}
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs.digest b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs.digest
new file mode 100644
index 000000000..0854d4199
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs.digest
@@ -0,0 +1 @@
+sha256:71efcbb3f03f5914dcde87e38d3813f63982b475f76887babf25f76fff760d3c
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs/index.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs/index.json
deleted file mode 100644
index ecad9c134..000000000
--- a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-gcs/index.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-   "schemaVersion": 2,
-   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
-   "config": {
-      "mediaType": "application/vnd.docker.container.image.v1+json",
-      "size": 1748,
-      "digest": "sha256:40391da7d19c1900fc744f227bdcb229f9a14ce6390c1e76337361e2b7c7cc60"
-   },
-   "layers": [
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 804101,
-         "digest": "sha256:b9f88661235d25835ef747dab426861d51c4e9923b92623d422d7ac58eb123e9"
-      },
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 608694,
-         "digest": "sha256:753a0c6a100dcd1b6ad628933020e3a9d388d7c05aa3f2dd8795196dd40f2a2e"
-      }
-   ]
-}
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.digest b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.digest
new file mode 100644
index 000000000..1ceed114e
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.digest
@@ -0,0 +1 @@
+sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.json
new file mode 100644
index 000000000..aecfaac31
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github-tag.json
@@ -0,0 +1,123 @@
+{
+  "image_summary": {
+    "digest": "sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+    "fully_qualified_digest": "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+    "registry": "us-west2-docker.pkg.dev",
+    "repository": "example-package-repo"
+  },
+  "provenance_summary": {
+    "provenance": [
+      {
+        "build": {
+          "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+              "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+              },
+              "materials": [
+                {
+                  "digest": {
+                    "sha1": "c750fd73a1669b095df7c74da9f1ff2032f926c9"
+                  },
+                  "uri": "git+https://github.com/slsa-framework/example-package"
+                }
+              ],
+              "metadata": {
+                "buildFinishedOn": "2023-03-15T03:14:35.163724Z",
+                "buildInvocationId": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                "buildStartedOn": "2023-03-15T03:14:09.188170704Z"
+              },
+              "recipe": {
+                "arguments": {
+                  "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                  "id": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                  "name": "projects/819720953812/locations/us-west2/builds/40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                  "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "CLOUD_LOGGING_ONLY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "sourceProvenanceHash": [
+                      "SHA256"
+                    ],
+                    "substitutionOption": "ALLOW_LOOSE"
+                  },
+                  "sourceProvenance": {},
+                  "steps": [
+                    {
+                      "args": [
+                        "build",
+                        "-t",
+                        "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3",
+                        "."
+                      ],
+                      "name": "gcr.io/cloud-builders/docker",
+                      "pullTiming": {
+                        "endTime": "2023-03-15T03:14:13.395259677Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                      },
+                      "status": "SUCCESS",
+                      "timing": {
+                        "endTime": "2023-03-15T03:14:33.194195471Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                      }
+                    }
+                  ],
+                  "substitutions": {
+                    "COMMIT_SHA": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "REF_NAME": "v33.0.4",
+                    "REPO_NAME": "example-package",
+                    "REVISION_ID": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "SHORT_SHA": "c750fd7",
+                    "TAG_NAME": "v33.0.4",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "push-tag",
+                    "_IMAGE_NAME": "slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                  }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+              }
+            },
+            "subject": [
+              {
+                "digest": {
+                  "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+              },
+              {
+                "digest": {
+                  "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3:latest"
+              }
+            ]
+          }
+        },
+        "createTime": "2023-03-15T03:14:37.761441Z",
+        "envelope": {
+          "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5In0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAzLTE1VDAzOjE0OjM1LjE2MzcyNFoiLCJidWlsZEludm9jYXRpb25JZCI6IjQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMy0xNVQwMzoxNDowOS4xODgxNzA3MDRaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLCJuYW1lIjoicHJvamVjdHMvODE5NzIwOTUzODEyL2xvY2F0aW9ucy91cy13ZXN0Mi9idWlsZHMvNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkNMT1VEX0xPR0dJTkdfT05MWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInNvdXJjZVByb3ZlbmFuY2VIYXNoIjpbIlNIQTI1NiJdLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5NTI1OTY3N1oiLCJzdGFydFRpbWUiOiIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMy0xNVQwMzoxNDozMy4xOTQxOTU0NzFaIiwic3RhcnRUaW1lIjoiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTIzNjAyMTVaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsIlJFRl9OQU1FIjoidjMzLjAuNCIsIlJFUE9fTkFNRSI6ImV4YW1wbGUtcGFja2FnZSIsIlJFVklTSU9OX0lEIjoiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsIlNIT1JUX1NIQSI6ImM3NTBmZDciLCJUQUdfTkFNRSI6InYzMy4wLjQiLCJUUklHR0VSX0JVSUxEX0NPTkZJR19QQVRIIjoiY2xvdWRidWlsZC55YW1sIiwiVFJJR0dFUl9OQU1FIjoicHVzaC10YWciLCJfSU1BR0VfTkFNRSI6InNsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyJ9LCJtYXRlcmlhbHMiOlt7ImRpZ2VzdCI6eyJzaGExIjoiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSJ9LCJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSJ9XSwibWV0YWRhdGEiOnsiYnVpbGRGaW5pc2hlZE9uIjoiMjAyMy0wMy0xNVQwMzoxNDozNS4xNjM3MjRaIiwiYnVpbGRJbnZvY2F0aW9uSWQiOiI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLCJidWlsZFN0YXJ0ZWRPbiI6IjIwMjMtMDMtMTVUMDM6MTQ6MDkuMTg4MTcwNzA0WiJ9LCJyZWNpcGUiOnsiYXJndW1lbnRzIjp7IkB0eXBlIjoidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsImlkIjoiNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwibmFtZSI6InByb2plY3RzLzgxOTcyMDk1MzgxMi9sb2NhdGlvbnMvdXMtd2VzdDIvYnVpbGRzLzQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJDTE9VRF9MT0dHSU5HX09OTFkiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzb3VyY2VQcm92ZW5hbmNlSGFzaCI6WyJTSEEyNTYiXSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTMiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTUyNTk2NzdaIiwic3RhcnRUaW1lIjoiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTIzNjAyMTVaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDMtMTVUMDM6MTQ6MzMuMTk0MTk1NDcxWiIsInN0YXJ0VGltZSI6IjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzkyMzYwMjE1WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6ImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiLCJSRUZfTkFNRSI6InYzMy4wLjQiLCJSRVBPX05BTUUiOiJleGFtcGxlLXBhY2thZ2UiLCJSRVZJU0lPTl9JRCI6ImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiLCJTSE9SVF9TSEEiOiJjNzUwZmQ3IiwiVEFHX05BTUUiOiJ2MzMuMC40IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6InB1c2gtdGFnIiwiX0lNQUdFX05BTUUiOiJzbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTMifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiI4N2RiNmQ1MjI2NDQwZTcyZjcxMzRiNzExNjNkZjQ1MjgyMTI3YTNmN2IwNjAwYzk0NjY4M2NiMmY0M2E3MGE5In0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyJ9LHsiZGlnZXN0Ijp7InNoYTI1NiI6Ijg3ZGI2ZDUyMjY0NDBlNzJmNzEzNGI3MTE2M2RmNDUyODIxMjdhM2Y3YjA2MDBjOTQ2NjgzY2IyZjQzYTcwYTkifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvc2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzOmxhdGVzdCJ9XX0=",
+          "payloadType": "application/vnd.in-toto+json",
+          "signatures": [
+            {
+              "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+              "sig": "MEUCIQCyUACW1iuJZWG-c_-THrjMEpqRh7Er--e3Dl5tI47ckgIgEpHlnlARXZ67EA8xsqAaGIdlybe4afJKoGy3kCnzFRU="
+            },
+            {
+              "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+              "sig": "MEQCICN-XUNR1jLfImkwX0GVZQIJkr7LilQB_J_dc6QwQ57uAiBfgDokQLaYaeyDQn6uNzRvW9bt-AAW1PsuE-OmY3vqgA=="
+            }
+          ]
+        },
+        "kind": "BUILD",
+        "name": "projects/slsa-tooling/occurrences/63a00a0f-46f3-44e0-8997-2e9efa439b95",
+        "noteName": "projects/verified-builder/notes/intoto_40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+        "resourceUri": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "updateTime": "2023-03-15T03:14:37.761441Z"
+      }
+    ]
+  }
+}
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github.digest b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github.digest
new file mode 100644
index 000000000..2280caf09
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github.digest
@@ -0,0 +1 @@
+sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github/index.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github/index.json
deleted file mode 100755
index 624d5262b..000000000
--- a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-github/index.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-   "schemaVersion": 2,
-   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
-   "config": {
-      "mediaType": "application/vnd.docker.container.image.v1+json",
-      "size": 2034,
-      "digest": "sha256:738fc12a4294f732405a61e2416e1f383023da550b56536ecd73addd962a0eb7"
-   },
-   "layers": [
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 22486039,
-         "digest": "sha256:f17d81b4b692f7e0d6c1176c86b81d9f2cb5ac5349703adca51c61debcfe413c"
-      },
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 159,
-         "digest": "sha256:dc321114710ef96093295ef8b489c8c3ba5be1ecf1e92ae1e229ed23df91e37f"
-      },
-      {
-         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
-         "size": 159,
-         "digest": "sha256:dc321114710ef96093295ef8b489c8c3ba5be1ecf1e92ae1e229ed23df91e37f"
-      }
-   ]
-}
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.4.0/container_workflow_dispatch.digest b/cli/slsa-verifier/testdata/gha_generic_container/v1.4.0/container_workflow_dispatch.digest
new file mode 100644
index 000000000..382765759
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.4.0/container_workflow_dispatch.digest
@@ -0,0 +1 @@
+sha256:a74d89d8dd863ca5dae4a29e0feede81ddf59197849a80784af5a02ab7786925
\ No newline at end of file
diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.5.0/container_workflow_dispatch.digest b/cli/slsa-verifier/testdata/gha_generic_container/v1.5.0/container_workflow_dispatch.digest
new file mode 100644
index 000000000..4a5f77424
--- /dev/null
+++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.5.0/container_workflow_dispatch.digest
@@ -0,0 +1 @@
+sha256:6091ab417517982aa341b64ca57bf9e15e2ffe0428b0b0931508458aeaf43b88
\ No newline at end of file
diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go
index c9d6ce04c..7d5a95be5 100644
--- a/cli/slsa-verifier/verify.go
+++ b/cli/slsa-verifier/verify.go
@@ -121,3 +121,63 @@ func verifyImageCmd() *cobra.Command {
 	o.AddFlags(cmd)
 	return cmd
 }
+
+func verifyNpmPackageCmd() *cobra.Command {
+	o := &verify.VerifyNpmOptions{}
+
+	cmd := &cobra.Command{
+		Use: "verify-npm-package [flags] tarball",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return errors.New("expects a single path to an image")
+			}
+			return nil
+		},
+		Short: "Verifies SLSA provenance for an npm package tarball [experimental]",
+		Run: func(cmd *cobra.Command, args []string) {
+			v := verify.VerifyNpmPackageCommand{
+				SourceURI:           o.SourceURI,
+				PrintProvenance:     o.PrintProvenance,
+				BuildWorkflowInputs: o.BuildWorkflowInputs.AsMap(),
+			}
+			if cmd.Flags().Changed("attestations-path") {
+				v.AttestationsPath = o.AttestationsPath
+			}
+			if cmd.Flags().Changed("package-name") {
+				v.PackageName = &o.PackageName
+			}
+			if cmd.Flags().Changed("package-version") {
+				v.PackageVersion = &o.PackageVersion
+			}
+			if cmd.Flags().Changed("source-branch") {
+				fmt.Fprintf(os.Stderr, "%s: --source-branch not supported\n", FAILURE)
+				os.Exit(1)
+			}
+			if cmd.Flags().Changed("source-tag") {
+				fmt.Fprintf(os.Stderr, "%s: --source-tag not supported\n", FAILURE)
+				os.Exit(1)
+			}
+			if cmd.Flags().Changed("source-versioned-tag") {
+				fmt.Fprintf(os.Stderr, "%s: --source-versioned-tag not supported\n", FAILURE)
+				os.Exit(1)
+			}
+			if cmd.Flags().Changed("print-provenance") {
+				fmt.Fprintf(os.Stderr, "%s: --print-provenance not supported\n", FAILURE)
+				os.Exit(1)
+			}
+			if cmd.Flags().Changed("builder-id") {
+				v.BuilderID = &o.BuilderID
+			}
+
+			if _, err := v.Exec(cmd.Context(), args); err != nil {
+				fmt.Fprintf(os.Stderr, "%s: %v\n", FAILURE, err)
+				os.Exit(1)
+			} else {
+				fmt.Fprintf(os.Stderr, "%s\n", SUCCESS)
+			}
+		},
+	}
+
+	o.AddFlags(cmd)
+	return cmd
+}
diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go
index f860cb16e..faf06a865 100644
--- a/cli/slsa-verifier/verify/options.go
+++ b/cli/slsa-verifier/verify/options.go
@@ -74,6 +74,52 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) {
 	cmd.MarkFlagsMutuallyExclusive("source-versioned-tag", "source-tag")
 }
 
+// VerifyNpmOptions is the top-level options for the `verifyNpmPackage` command.
+type VerifyNpmOptions struct {
+	VerifyOptions
+	/* Other */
+	AttestationsPath string
+	PackageName      string
+	PackageVersion   string
+}
+
+var _ Interface = (*VerifyNpmOptions)(nil)
+
+// AddFlags implements Interface.
+func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) {
+	/* Builder options */
+	cmd.Flags().Var(&o.BuildWorkflowInputs, "build-workflow-input",
+		"[optional] a workflow input provided by a user at trigger time in the format 'key=value'. (Only for 'workflow_dispatch' events on GitHub Actions).")
+
+	cmd.Flags().StringVar(&o.BuilderID, "builder-id", "", "[optional] the unique builder ID who created the provenance")
+
+	/* Source options */
+	cmd.Flags().StringVar(&o.SourceURI, "source-uri", "",
+		"expected source repository that should have produced the binary, e.g. github.com/some/repo")
+
+	cmd.Flags().StringVar(&o.SourceBranch, "source-branch", "", "[optional] expected branch the binary was compiled from")
+
+	cmd.Flags().StringVar(&o.SourceTag, "source-tag", "", "[optional] expected tag the binary was compiled from")
+
+	cmd.Flags().StringVar(&o.SourceVersionTag, "source-versioned-tag", "",
+		"[optional] expected version the binary was compiled from. Uses semantic version to match the tag")
+
+	cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "",
+		"path to a file containing the attestations")
+
+	cmd.Flags().StringVar(&o.PackageName, "package-name", "",
+		"[optional] the package name")
+
+	cmd.Flags().StringVar(&o.PackageVersion, "package-version", "",
+		"[optional] the package version")
+
+	cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false,
+		"[optional] print the verified provenance to stdout")
+
+	cmd.MarkFlagRequired("source-uri")
+	cmd.MarkFlagsMutuallyExclusive("source-versioned-tag", "source-tag")
+}
+
 type workflowInputs struct {
 	kv map[string]string
 }
diff --git a/cli/slsa-verifier/verify/utils.go b/cli/slsa-verifier/verify/utils.go
new file mode 100644
index 000000000..065e924d8
--- /dev/null
+++ b/cli/slsa-verifier/verify/utils.go
@@ -0,0 +1,35 @@
+// Copyright 2023 SLSA Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package verify
+
+import (
+	"encoding/hex"
+	"hash"
+	"io"
+	"os"
+)
+
+func computeFileHash(filePath string, h hash.Hash) (string, error) {
+	f, err := os.Open(filePath)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	if _, err := io.Copy(h, f); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(h.Sum(nil)), nil
+}
diff --git a/cli/slsa-verifier/verify/verify_artifact.go b/cli/slsa-verifier/verify/verify_artifact.go
index 0a3e854e1..d6fb4ec0f 100644
--- a/cli/slsa-verifier/verify/verify_artifact.go
+++ b/cli/slsa-verifier/verify/verify_artifact.go
@@ -17,9 +17,7 @@ package verify
 import (
 	"context"
 	"crypto/sha256"
-	"encoding/hex"
 	"fmt"
-	"io"
 	"os"
 
 	"github.com/slsa-framework/slsa-verifier/v2/options"
@@ -43,7 +41,7 @@ func (c *VerifyArtifactCommand) Exec(ctx context.Context, artifacts []string) (*
 	var builderID *utils.TrustedBuilderID
 
 	for _, artifact := range artifacts {
-		artifactHash, err := getArtifactHash(artifact)
+		artifactHash, err := computeFileHash(artifact, sha256.New())
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Verifying artifact %s: FAILED: %v\n\n", artifact, err)
 			return nil, err
@@ -90,16 +88,3 @@ func (c *VerifyArtifactCommand) Exec(ctx context.Context, artifacts []string) (*
 
 	return builderID, nil
 }
-
-func getArtifactHash(artifactPath string) (string, error) {
-	f, err := os.Open(artifactPath)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-	h := sha256.New()
-	if _, err := io.Copy(h, f); err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(h.Sum(nil)), nil
-}
diff --git a/cli/slsa-verifier/verify/verify_image.go b/cli/slsa-verifier/verify/verify_image.go
index 3dfe14e4d..9bf8c50e3 100644
--- a/cli/slsa-verifier/verify/verify_image.go
+++ b/cli/slsa-verifier/verify/verify_image.go
@@ -38,22 +38,14 @@ type VerifyImageCommand struct {
 	SourceVersionTag    *string
 	BuildWorkflowInputs map[string]string
 	PrintProvenance     bool
-	DigestFn            ComputeDigestFn
 }
 
 func (c *VerifyImageCommand) Exec(ctx context.Context, artifacts []string) (*utils.TrustedBuilderID, error) {
 	artifactImage := artifacts[0]
-	// Retrieve the image digest.
-	if c.DigestFn == nil {
-		c.DigestFn = container.GetImageDigest
-	}
-	digest, err := c.DigestFn(artifactImage)
-	if err != nil {
-		return nil, err
-	}
 
 	// Verify that the reference is immutable.
-	if err := container.ValidateArtifactReference(artifactImage, digest); err != nil {
+	digest, err := container.GetDigestFromImmutableReference(artifactImage)
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/cli/slsa-verifier/verify/verify_npm_package.go b/cli/slsa-verifier/verify/verify_npm_package.go
new file mode 100644
index 000000000..666fb01bc
--- /dev/null
+++ b/cli/slsa-verifier/verify/verify_npm_package.go
@@ -0,0 +1,96 @@
+// Copyright 2022 SLSA Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package verify
+
+import (
+	"context"
+	"crypto/sha512"
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/slsa-framework/slsa-verifier/v2/options"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
+)
+
+type VerifyNpmPackageCommand struct {
+	AttestationsPath    string
+	BuilderID           *string
+	SourceURI           string
+	SourceBranch        *string
+	SourceTag           *string
+	SourceVersionTag    *string
+	PackageName         *string
+	PackageVersion      *string
+	BuildWorkflowInputs map[string]string
+	PrintProvenance     bool
+}
+
+func (c *VerifyNpmPackageCommand) Exec(ctx context.Context, tarballs []string) (*utils.TrustedBuilderID, error) {
+	var builderID *utils.TrustedBuilderID
+	if !options.ExperimentalEnabled() {
+		err := errors.New("feature support is only provided in SLSA_VERIFIER_EXPERIMENTAL mode")
+		fmt.Fprintf(os.Stderr, "Verifying npm package: FAILED: %v\n\n", err)
+		return nil, err
+	}
+	for _, tarball := range tarballs {
+		tarballHash, err := computeFileHash(tarball, sha512.New())
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Verifying npm package %s: FAILED: %v\n\n", tarball, err)
+			return nil, err
+		}
+
+		if c.AttestationsPath == "" {
+			fmt.Fprintf(os.Stderr, "Verifying npm package %s: FAILED: %v\n\n", tarball, err)
+			return nil, err
+		}
+		provenanceOpts := &options.ProvenanceOpts{
+			ExpectedSourceURI:      c.SourceURI,
+			ExpectedBranch:         c.SourceBranch,
+			ExpectedDigest:         tarballHash,
+			ExpectedVersionedTag:   c.SourceVersionTag,
+			ExpectedTag:            c.SourceTag,
+			ExpectedWorkflowInputs: c.BuildWorkflowInputs,
+			ExpectedPackageName:    c.PackageName,
+			ExpectedPackageVersion: c.PackageVersion,
+		}
+
+		builderOpts := &options.BuilderOpts{
+			ExpectedID: c.BuilderID,
+		}
+
+		attestations, err := os.ReadFile(c.AttestationsPath)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Verifying npm package %s: FAILED: %v\n\n", tarball, err)
+			return nil, err
+		}
+
+		verifiedProvenance, outBuilderID, err := verifiers.VerifyNpmPackage(ctx, attestations, tarballHash, provenanceOpts, builderOpts)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Verifying npm package %s: FAILED: %v\n\n", tarball, err)
+			return nil, err
+		}
+
+		if c.PrintProvenance {
+			fmt.Fprintf(os.Stdout, "%s\n", string(verifiedProvenance))
+		}
+
+		builderID = outBuilderID
+		fmt.Fprintf(os.Stderr, "Verifying npm package %s: PASSED\n\n", tarball)
+	}
+
+	return builderID, nil
+}
diff --git a/errors/errors.go b/errors/errors.go
index eb4b644c1..403004a8c 100644
--- a/errors/errors.go
+++ b/errors/errors.go
@@ -5,6 +5,8 @@ import "errors"
 var (
 	ErrorInvalidDssePayload        = errors.New("invalid DSSE envelope payload")
 	ErrorMismatchBranch            = errors.New("branch used to generate the binary does not match provenance")
+	ErrorMismatchPackageVersion    = errors.New("package version does not match provenance")
+	ErrorMismatchPackageName       = errors.New("package name does not match provenance")
 	ErrorMismatchBuilderID         = errors.New("builderID does not match provenance")
 	ErrorInvalidBuilderID          = errors.New("builderID is invalid")
 	ErrorMismatchSource            = errors.New("source used to generate the binary does not match provenance")
@@ -33,4 +35,6 @@ var (
 	ErrorInternal                  = errors.New("internal error")
 	ErrorInvalidRekorEntry         = errors.New("invalid Rekor entry")
 	ErrorRekorPubKey               = errors.New("error retrieving Rekor public keys")
+	ErrorInvalidPackageName        = errors.New("invalid package name")
+	ErrorInvalidSubject            = errors.New("invalid subject")
 )
diff --git a/go.mod b/go.mod
index 76395b211..1a9513d83 100644
--- a/go.mod
+++ b/go.mod
@@ -145,7 +145,7 @@ require (
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/sigstore/fulcio v1.0.0 // indirect
-	github.com/sigstore/protobuf-specs v0.1.1-0.20230221191911-44103a52d43e
+	github.com/sigstore/protobuf-specs v0.1.1-0.20230403130340-4dbf10bc287d
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
diff --git a/go.sum b/go.sum
index a66f15de4..31466dc05 100644
--- a/go.sum
+++ b/go.sum
@@ -744,8 +744,8 @@ github.com/sigstore/cosign/v2 v2.0.0-rc.2 h1:LDSSQYzThg7uKHJqFBp03kaObTDuWfifJqB
 github.com/sigstore/cosign/v2 v2.0.0-rc.2/go.mod h1:oKIsv9cCwtfakSd64Rzief3Izk/cPSkougoWU/F3OBI=
 github.com/sigstore/fulcio v1.0.0 h1:hBZW6qg9GXTtCX8jOg1hmyjYLrmsEKZGeMwAbW3XNEg=
 github.com/sigstore/fulcio v1.0.0/go.mod h1:j4MzLxX/Be0rHYh3JF2dgMorkWGzEMHBqIHwFU8I/Rw=
-github.com/sigstore/protobuf-specs v0.1.1-0.20230221191911-44103a52d43e h1:epMcE4KGg+CNU7fIr8geRrJ60Aiz6KxzzUa99VhrwLI=
-github.com/sigstore/protobuf-specs v0.1.1-0.20230221191911-44103a52d43e/go.mod h1:5shUCxf82hGnjUEFVWiktcxwzdtn6EfeeJssxZ5Q5HE=
+github.com/sigstore/protobuf-specs v0.1.1-0.20230403130340-4dbf10bc287d h1:rtnPsoFTvJJni31iFyDnZt1gHSPc4FrAw1Uw+5O1z+4=
+github.com/sigstore/protobuf-specs v0.1.1-0.20230403130340-4dbf10bc287d/go.mod h1:5shUCxf82hGnjUEFVWiktcxwzdtn6EfeeJssxZ5Q5HE=
 github.com/sigstore/rekor v1.0.1 h1:rcESXSNkAPRWFYZel9rarspdvneET60F2ngNkadi89c=
 github.com/sigstore/rekor v1.0.1/go.mod h1:ecTKdZWGWqE1pl3U1m1JebQJLU/hSjD9vYHOmHQ7w4g=
 github.com/sigstore/sigstore v1.5.1 h1:iUou0QJW8eQKMUkTXbFyof9ZOblDtfaW2Sn2+QI8Tcs=
diff --git a/options/env.go b/options/env.go
index 5b5278724..ef22d63bf 100644
--- a/options/env.go
+++ b/options/env.go
@@ -1,7 +1,24 @@
 package options
 
-import "os"
+import (
+	"os"
+	"strconv"
+)
 
+// ExperimentalEnabled returns true if experimental features are currently
+// enabled.
 func ExperimentalEnabled() bool {
-	return os.Getenv("SLSA_VERIFIER_EXPERIMENTAL") == "1"
+	if b, err := strconv.ParseBool(os.Getenv("SLSA_VERIFIER_EXPERIMENTAL")); err == nil {
+		return b
+	}
+	return false
+}
+
+// TestingEnabled returns true if the SLSA_VERIFIER_TESTING environment
+// variable is set.
+func TestingEnabled() bool {
+	if b, err := strconv.ParseBool(os.Getenv("SLSA_VERIFIER_TESTING")); err == nil {
+		return b
+	}
+	return false
 }
diff --git a/options/options.go b/options/options.go
index f5cd59129..7bc9c46de 100644
--- a/options/options.go
+++ b/options/options.go
@@ -23,6 +23,10 @@ type ProvenanceOpts struct {
 
 	// ExpectedWorkflowInputs is a map of key=value inputs.
 	ExpectedWorkflowInputs map[string]string
+
+	ExpectedPackageName *string
+
+	ExpectedPackageVersion *string
 }
 
 // BuildOpts are the options for checking the builder.
diff --git a/register/register.go b/register/register.go
index d3eb53a49..787bb1f3c 100644
--- a/register/register.go
+++ b/register/register.go
@@ -28,6 +28,12 @@ type SLSAVerifier interface {
 		provenanceOpts *options.ProvenanceOpts,
 		builderOpts *options.BuilderOpts,
 	) ([]byte, *utils.TrustedBuilderID, error)
+
+	VerifyNpmPackage(ctx context.Context,
+		attestations []byte, tarballHash string,
+		provenanceOpts *options.ProvenanceOpts,
+		builderOpts *options.BuilderOpts,
+	) ([]byte, *utils.TrustedBuilderID, error)
 }
 
 func RegisterVerifier(name string, verifier SLSAVerifier) {
diff --git a/verifiers/internal/gcb/keys/keys.go b/verifiers/internal/gcb/keys/keys.go
index 31d94351e..6792d57e1 100644
--- a/verifiers/internal/gcb/keys/keys.go
+++ b/verifiers/internal/gcb/keys/keys.go
@@ -1,7 +1,9 @@
 package keys
 
 import (
+	"crypto"
 	"crypto/ecdsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"embed"
 	"encoding/pem"
@@ -9,12 +11,16 @@ import (
 	"io/fs"
 	"path"
 
+	dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse"
 	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
 )
 
 //go:embed materials/*
 var publicKeys embed.FS
 
+const GlobalPAEKeyID = "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1"
+const GlobalPAEPublicKeyName = "global-pae"
+
 type PublicKey struct {
 	value  []byte
 	pubKey *ecdsa.PublicKey
@@ -22,7 +28,7 @@ type PublicKey struct {
 	// TODO: key type and size
 }
 
-func PublicKeyNew(region string) (*PublicKey, error) {
+func NewPublicKey(region string) (*PublicKey, error) {
 	content, err := fs.ReadFile(publicKeys, path.Join("materials", region+".key"))
 	if err != nil {
 		return nil, fmt.Errorf("%w: cannot read key materials", err)
@@ -61,3 +67,46 @@ func (p *PublicKey) VerifySignature(digest [32]byte, sig []byte) error {
 
 	return nil
 }
+
+type GlobalPAEKey struct {
+	publicKey *PublicKey
+	Verifier  *dsselib.EnvelopeVerifier
+}
+
+func NewGlobalPAEKey() (*GlobalPAEKey, error) {
+	publicKey, err := NewPublicKey(GlobalPAEPublicKeyName)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create public key for Global PAE key: %w", err)
+	}
+
+	globalPaeKey := &GlobalPAEKey{publicKey: publicKey}
+	envVerifier, err := dsselib.NewEnvelopeVerifier(globalPaeKey)
+	if err != nil {
+		return nil, err
+	}
+	globalPaeKey.Verifier = envVerifier
+	return globalPaeKey, nil
+}
+
+func (v *GlobalPAEKey) VerifyPAESignature(envelope *dsselib.Envelope) error {
+	_, err := v.Verifier.Verify(envelope)
+	return err
+}
+
+// Verify implements dsse.Verifier.Verify. It verifies
+// a signature formatted in DSSE-conformant PAE.
+func (v *GlobalPAEKey) Verify(data, sig []byte) error {
+	// Verify the signature.
+	digest := sha256.Sum256(data)
+	return v.publicKey.VerifySignature(digest, sig)
+}
+
+// KeyID implements dsse.Verifier.KeyID.
+func (v *GlobalPAEKey) KeyID() (string, error) {
+	return GlobalPAEKeyID, nil
+}
+
+// Public implements dsse.Verifier.Public.
+func (v *GlobalPAEKey) Public() crypto.PublicKey {
+	return v.publicKey
+}
diff --git a/verifiers/internal/gcb/keys/materials/global-pae.key b/verifiers/internal/gcb/keys/materials/global-pae.key
new file mode 100644
index 000000000..764c45abe
--- /dev/null
+++ b/verifiers/internal/gcb/keys/materials/global-pae.key
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdMcJUyKbmarf6dydhfmAjgmK6c42
+oCCNRR1se3Bi3VO65KcGk6qyci6/bsu2s4u+dLKWrsUQomEw4v3FtVctoA==
+-----END PUBLIC KEY-----
diff --git a/verifiers/internal/gcb/provenance.go b/verifiers/internal/gcb/provenance.go
index 308fef875..07937f86e 100644
--- a/verifiers/internal/gcb/provenance.go
+++ b/verifiers/internal/gcb/provenance.go
@@ -2,8 +2,8 @@ package gcb
 
 import (
 	"crypto/sha256"
-	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"reflect"
@@ -26,6 +26,10 @@ var GCBBuilderIDs = []string{
 	"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3",
 }
 
+var regionalKeyRegex = regexp.MustCompile(`^projects\/verified-builder\/locations\/(.*)\/keyRings\/attestor\/cryptoKeys\/builtByGCB\/cryptoKeyVersions\/1$`)
+
+var errorSubstitutionError = errors.New("GCB substitution variable error")
+
 type v01IntotoStatement struct {
 	intoto.StatementHeader
 	Predicate ProvenancePredicate `json:"predicate"`
@@ -79,17 +83,6 @@ func ProvenanceFromBytes(payload []byte) (*Provenance, error) {
 	}, nil
 }
 
-func payloadFromEnvelope(env *dsselib.Envelope) ([]byte, error) {
-	payload, err := base64.StdEncoding.DecodeString(env.Payload)
-	if err != nil {
-		return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
-	}
-	if payload == nil {
-		return nil, fmt.Errorf("%w: empty payload", serrors.ErrorInvalidFormat)
-	}
-	return payload, nil
-}
-
 func (p *Provenance) isVerified() error {
 	// Check that the signature is verified.
 	if p.verifiedIntotoStatement == nil ||
@@ -359,6 +352,10 @@ func (p *Provenance) VerifySourceURI(expectedSourceURI string, builderID utils.T
 		return fmt.Errorf("%w: no materials", serrors.ErrorInvalidDssePayload)
 	}
 	uri := materials[0].URI
+	// NOTE: the material URI did not contain 'git+' for GCB versions <= v0.3.
+	// A change occurred sometimes in v0.3 witout version bump.
+	// Versions >= 0.3 contain the prefix (https://github.com/slsa-framework/slsa-verifier/pull/519).
+	uri = strings.TrimPrefix(uri, "git+")
 
 	// It is possible that GCS builds at level 2 use GCS sources, prefixed by gs://.
 	if strings.HasPrefix(uri, "https://") && !strings.HasPrefix(expectedSourceURI, "https://") {
@@ -405,37 +402,70 @@ func (p *Provenance) VerifyBranch(branch string) error {
 	return fmt.Errorf("%w: GCB branch verification", serrors.ErrorNotSupported)
 }
 
-func (p *Provenance) VerifyTag(tag string) error {
-	return fmt.Errorf("%w: GCB tag verification", serrors.ErrorNotSupported)
+func (p *Provenance) VerifyTag(expectedTag string) error {
+	provenanceTag, err := p.getTag()
+	if err != nil {
+		return fmt.Errorf("%w: %v", serrors.ErrorMismatchTag, err.Error())
+	}
+
+	if provenanceTag != expectedTag {
+		return fmt.Errorf("%w: expected '%s', got '%s'",
+			serrors.ErrorMismatchTag, expectedTag, provenanceTag)
+	}
+	return nil
 }
 
-func (p *Provenance) VerifyVersionedTag(tag string) error {
-	return fmt.Errorf("%w: GCB versioned-tag verification", serrors.ErrorNotSupported)
+func (p *Provenance) VerifyVersionedTag(expectedTag string) error {
+	provenanceTag, err := p.getTag()
+	if err != nil {
+		return fmt.Errorf("%w: %v", serrors.ErrorMismatchVersionedTag, err.Error())
+	}
+	return utils.VerifyVersionedTag(provenanceTag, expectedTag)
 }
 
-func decodeSignature(s string) ([]byte, error) {
-	var errs []error
-	// First try the std decoding.
-	rsig, err := base64.StdEncoding.DecodeString(s)
-	if err == nil {
-		// No error, return the value.
-		return rsig, nil
-	}
-	errs = append(errs, err)
-
-	// If std decoding failed, try URL decoding.
-	// We try both because we encountered decoding failures
-	// during our tests. The DSSE documentation does not prescribe
-	// which encoding to use: `Either standard or URL-safe encoding is allowed`.
-	// https://github.com/secure-systems-lab/dsse/blob/27ce241dec575998dee8967c3c76d4edd5d6ee73/envelope.md#standard-json-envelope.
-	rsig, err = base64.URLEncoding.DecodeString(s)
-	if err == nil {
-		// No error, return the value.
-		return rsig, nil
-	}
-	errs = append(errs, err)
-
-	return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidEncoding, errs)
+func (p *Provenance) getTag() (string, error) {
+	if err := p.isVerified(); err != nil {
+		return "", err
+	}
+
+	statement := p.verifiedIntotoStatement
+	provenanceTag, err := getSubstitutionsField(statement, "TAG_NAME")
+	if err != nil {
+		return "", err
+	}
+
+	return provenanceTag, nil
+}
+
+func getSubstitutionsField(statement *v01IntotoStatement, name string) (string, error) {
+	arguments := statement.Predicate.Recipe.Arguments
+
+	argsMap, ok := arguments.(map[string]interface{})
+	if !ok {
+		return "", fmt.Errorf("%w: cannot cast arguments as map", errorSubstitutionError)
+	}
+
+	substitutions, ok := argsMap["substitutions"]
+	if !ok {
+		return "", fmt.Errorf("%w: no 'substitutions' field", errorSubstitutionError)
+	}
+
+	m, ok := substitutions.(map[string]interface{})
+	if !ok {
+		return "", fmt.Errorf("%w: cannot convert substitutions to a map", errorSubstitutionError)
+	}
+
+	value, ok := m[name]
+	if !ok {
+		return "", fmt.Errorf("%w: no entry '%v' in substitution map", errorSubstitutionError, name)
+	}
+
+	valueStr, ok := value.(string)
+	if !ok {
+		return "", fmt.Errorf("%w: value '%v' is not a string", errorSubstitutionError, value)
+	}
+
+	return valueStr, nil
 }
 
 // verifySignatures iterates over all the signatures in the DSSE and verifies them.
@@ -447,33 +477,48 @@ func (p *Provenance) verifySignatures(prov *provenance) error {
 			serrors.ErrorInvalidDssePayload, intoto.PayloadType, prov.Envelope.PayloadType)
 	}
 
-	payload, err := payloadFromEnvelope(&prov.Envelope)
+	payload, err := utils.PayloadFromEnvelope(&prov.Envelope)
 	if err != nil {
 		return err
 	}
 
 	payloadHash := sha256.Sum256(payload)
-
 	// Verify the signatures.
 	if len(prov.Envelope.Signatures) == 0 {
 		return fmt.Errorf("%w: no signatures found in envelope", serrors.ErrorNoValidSignature)
 	}
 
 	var errs []error
-	regex := regexp.MustCompile(`^projects\/verified-builder\/locations\/(.*)\/keyRings\/attestor\/cryptoKeys\/builtByGCB\/cryptoKeyVersions\/1$`)
+
 	for _, sig := range prov.Envelope.Signatures {
-		match := regex.FindStringSubmatch(sig.KeyID)
-		if len(match) == 2 {
-			// Create a public key instance for this region.
-			region := match[1]
-			pubKey, err := keys.PublicKeyNew(region)
+		var region string
+		if sig.KeyID == keys.GlobalPAEKeyID {
+			// If the signature is signed with the global PAE key, use a DSSE verifier
+			// to verify the DSSE/PAE-encoded signature.
+			region = keys.GlobalPAEPublicKeyName
+			globalPaeKey, err := keys.NewGlobalPAEKey()
+			if err != nil {
+				errs = append(errs, err)
+				continue
+			}
+
+			err = globalPaeKey.VerifyPAESignature(&prov.Envelope)
+			if err != nil {
+				errs = append(errs, err)
+				continue
+			}
+		} else if match := regionalKeyRegex.FindStringSubmatch(sig.KeyID); len(match) == 2 {
+			// If the signature is signed with a regional key, verify the legacy
+			// signing which is over the envelope (not PAE-encoded).
+			region = match[1]
+			pubKey, err := keys.NewPublicKey(region)
 			if err != nil {
 				errs = append(errs, err)
 				continue
 			}
 
 			// Decode the signature.
-			rsig, err := decodeSignature(sig.Sig)
+			rsig, err := utils.DecodeSignature(sig.Sig)
 			if err != nil {
 				errs = append(errs, err)
 				continue
@@ -485,16 +530,18 @@ func (p *Provenance) verifySignatures(prov *provenance) error {
 				errs = append(errs, err)
 				continue
 			}
+		} else {
+			continue
+		}
 
-			var statement v01IntotoStatement
-			if err := json.Unmarshal(payload, &statement); err != nil {
-				return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
-			}
-			p.verifiedIntotoStatement = &statement
-			p.verifiedProvenance = prov
-			fmt.Fprintf(os.Stderr, "Verification succeeded with region key '%s'\n", region)
-			return nil
+		var statement v01IntotoStatement
+		if err := json.Unmarshal(payload, &statement); err != nil {
+			return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
 		}
+		p.verifiedIntotoStatement = &statement
+		p.verifiedProvenance = prov
+		fmt.Fprintf(os.Stderr, "Verification succeeded with region key '%s'\n", region)
+		return nil
 	}
 
 	return fmt.Errorf("%w: %v", serrors.ErrorNoValidSignature, errs)
diff --git a/verifiers/internal/gcb/provenance_test.go b/verifiers/internal/gcb/provenance_test.go
index e156d7688..dd92f67a1 100644
--- a/verifiers/internal/gcb/provenance_test.go
+++ b/verifiers/internal/gcb/provenance_test.go
@@ -15,13 +15,13 @@ import (
 	"github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
 )
 
-// This function sets the statement of the proveannce, as if
+// This function sets the statement of the provenance, as if
 // it had been verified. This is necessary because individual functions
 // expect this statement to be populated; and this is done only
 // after the signature is verified.
 func setStatement(gcb *Provenance) error {
 	var statement v01IntotoStatement
-	payload, err := payloadFromEnvelope(&gcb.gcloudProv.ProvenanceSummary.Provenance[0].Envelope)
+	payload, err := utils.PayloadFromEnvelope(&gcb.gcloudProv.ProvenanceSummary.Provenance[0].Envelope)
 	if err != nil {
 		return fmt.Errorf("payloadFromEnvelope: %w", err)
 	}
@@ -311,51 +311,6 @@ func Test_validateRecipeType(t *testing.T) {
 	}
 }
 
-func Test_decodeSignature(t *testing.T) {
-	t.Parallel()
-	tests := []struct {
-		name     string
-		encoded  string
-		decoded  string
-		expected error
-	}{
-		{
-			name:    "std encoding",
-			encoded: "YWJjMTIzIT8kKiYoKSctPUB+",
-			decoded: "abc123!?$*&()'-=@~",
-		},
-		{
-			name:    "URL encoding",
-			encoded: "YWJjMTIzIT8kKiYoKSctPUB-",
-			decoded: "abc123!?$*&()'-=@~",
-		},
-		{
-			name:     "invalid",
-			encoded:  "invalid encoding",
-			expected: serrors.ErrorInvalidEncoding,
-		},
-	}
-
-	for _, tt := range tests {
-		tt := tt // Re-initializing variable so it is not changed while executing the closure below
-		t.Run(tt.name, func(t *testing.T) {
-			t.Parallel()
-
-			c, err := decodeSignature(tt.encoded)
-			if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) {
-				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
-			}
-			if err != nil {
-				return
-			}
-			cs := string(c)
-			if cs != tt.decoded {
-				t.Errorf(cmp.Diff(cs, tt.decoded))
-			}
-		})
-	}
-}
-
 func Test_VerifySourceURI(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -473,6 +428,12 @@ func Test_VerifySourceURI(t *testing.T) {
 			builderID: "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3",
 			source:    "https://github.com/laurentsimon/gcb-tests",
 		},
+		{
+			name:      "v0.3 valid gcb provenance with git prefix",
+			path:      "./testdata/gcloud-container-github-v03-git.json",
+			builderID: "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3",
+			source:    "https://github.com/slsa-framework/example-package",
+		},
 		{
 			name:      "v0.3 mismatch name",
 			path:      "./testdata/gcloud-container-github-v03.json",
@@ -551,6 +512,10 @@ func Test_VerifySignature(t *testing.T) {
 			name: "valid gcb provenance",
 			path: "./testdata/gcloud-container-github.json",
 		},
+		{
+			name: "global gcb signing key",
+			path: "./testdata/gcloud-container-global-pae-signing-key-successful.json",
+		},
 		{
 			name:     "invalid signature",
 			path:     "./testdata/gcloud-container-invalid-signature.json",
@@ -561,6 +526,11 @@ func Test_VerifySignature(t *testing.T) {
 			path:     "./testdata/gcloud-container-invalid-signature-payloadtype.json",
 			expected: serrors.ErrorNoValidSignature,
 		},
+		{
+			name:     "invalid signature - global PAE key",
+			path:     "./testdata/gcloud-container-invalid-signature-global-pae-key.json",
+			expected: serrors.ErrorNoValidSignature,
+		},
 		{
 			name:     "invalid signature empty",
 			path:     "./testdata/gcloud-container-empty-signature.json",
@@ -604,6 +574,10 @@ func Test_VerifySignature(t *testing.T) {
 			name: "signature multiple 3rd valid",
 			path: "./testdata/gcloud-container-multiple-signatures-3rdvalid.json",
 		},
+		{
+			name: "signature multiple global pae valid",
+			path: "./testdata/gcloud-container-multiple-signatures-global-pae-valid.json",
+		},
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
@@ -623,7 +597,6 @@ func Test_VerifySignature(t *testing.T) {
 			if err := setStatement(prov); err != nil {
 				panic(fmt.Errorf("setStatement: %w", err))
 			}
-
 			err = prov.VerifySignature()
 			if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) {
 				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
@@ -844,6 +817,10 @@ func Test_VerifyTextProvenance(t *testing.T) {
 			name: "valid gcb provenance",
 			path: "./testdata/gcloud-container-github.json",
 		},
+		{
+			name: "valid gcb provenance with global signing key",
+			path: "./testdata/gcloud-container-global-pae-signing-key-successful.json",
+		},
 		{
 			name:     "mismatch everything",
 			path:     "./testdata/gcloud-container-github.json",
@@ -993,19 +970,121 @@ func Test_VerifyBranch(t *testing.T) {
 	}
 }
 
+func Test_getSubstitutionsField(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name  string
+		path  string
+		field string
+		value string
+		err   error
+	}{
+		{
+			name:  "match tag",
+			path:  "./testdata/gcloud-container-tag.json",
+			field: "TAG_NAME",
+			value: "v33.0.4",
+		},
+		{
+			name:  "match repo name",
+			path:  "./testdata/gcloud-container-tag.json",
+			field: "REPO_NAME",
+			value: "example-package",
+		},
+		{
+			name:  "no substitutions field",
+			path:  "./testdata/gcloud-container-github.json",
+			field: "TAG_NAME",
+			err:   errorSubstitutionError,
+		},
+		{
+			name:  "tag not present",
+			path:  "./testdata/gcloud-container-tag-notpresent.json",
+			field: "TAG_NAME",
+			err:   errorSubstitutionError,
+		},
+		{
+			name:  "tag not string",
+			path:  "./testdata/gcloud-container-tag-notstring.json",
+			field: "TAG_NAME",
+			err:   errorSubstitutionError,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			content, err := os.ReadFile(tt.path)
+			if err != nil {
+				panic(fmt.Errorf("os.ReadFile: %w", err))
+			}
+
+			prov, err := ProvenanceFromBytes(content)
+			if err != nil {
+				panic(fmt.Errorf("ProvenanceFromBytes: %w", err))
+			}
+
+			if err := setStatement(prov); err != nil {
+				panic(fmt.Errorf("setStatement: %w", err))
+			}
+
+			value, err := getSubstitutionsField(prov.verifiedIntotoStatement, tt.field)
+			if !cmp.Equal(err, tt.err, cmpopts.EquateErrors()) {
+				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
+			}
+			if err != nil && !cmp.Equal(value, tt.value) {
+				t.Errorf(cmp.Diff(value, tt.value))
+			}
+		})
+	}
+}
+
 func Test_VerifyTag(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
-		name     string
-		path     string
-		tag      string
-		expected error
+		name string
+		path string
+		tag  string
+		err  error
 	}{
 		{
-			name:     "valid gcb provenance",
-			path:     "./testdata/gcloud-container-github.json",
-			tag:      "v1.2.3",
-			expected: serrors.ErrorNotSupported,
+			name: "match tag",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.0.4",
+		},
+		{
+			name: "no match major only",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33",
+			err:  serrors.ErrorMismatchTag,
+		},
+		{
+			name: "no match major and minor only",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.0",
+			err:  serrors.ErrorMismatchTag,
+		},
+		{
+			name: "no match major",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v34.0.4",
+			err:  serrors.ErrorMismatchTag,
+		},
+		{
+			name: "no substitutions field",
+			path: "./testdata/gcloud-container-github.json",
+			err:  serrors.ErrorMismatchTag,
+		},
+		{
+			name: "tag not present",
+			path: "./testdata/gcloud-container-tag-notpresent.json",
+			err:  serrors.ErrorMismatchTag,
+		},
+		{
+			name: "tag not string",
+			path: "./testdata/gcloud-container-tag-notstring.json",
+			err:  serrors.ErrorMismatchTag,
 		},
 	}
 	for _, tt := range tests {
@@ -1028,8 +1107,8 @@ func Test_VerifyTag(t *testing.T) {
 			}
 
 			err = prov.VerifyTag(tt.tag)
-			if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) {
-				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
+			if !cmp.Equal(err, tt.err, cmpopts.EquateErrors()) {
+				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
 			}
 		})
 	}
@@ -1038,16 +1117,88 @@ func Test_VerifyTag(t *testing.T) {
 func Test_VerifyVersionedTag(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
-		name     string
-		path     string
-		tag      string
-		expected error
+		name string
+		path string
+		tag  string
+		err  error
 	}{
 		{
-			name:     "valid gcb provenance",
-			path:     "./testdata/gcloud-container-github.json",
-			tag:      "v1.2.3",
-			expected: serrors.ErrorNotSupported,
+			name: "match tag",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.0.4",
+		},
+		{
+			name: "match minor",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.0",
+		},
+		{
+			name: "no match minor",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.1",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match minor with patch",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33.1.0",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "match major",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v33",
+		},
+		{
+			name: "no match major greater",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v34",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match major greater with minor",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v34.0",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match major greater with minor and patch",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v34.0.4",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match major lower",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v32",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match major lower with minor",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v32.0",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no match major lower with minor and patch",
+			path: "./testdata/gcloud-container-tag.json",
+			tag:  "v32.0.4",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "no substitutions field",
+			path: "./testdata/gcloud-container-github.json",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "tag not present",
+			path: "./testdata/gcloud-container-tag-notpresent.json",
+			err:  serrors.ErrorMismatchVersionedTag,
+		},
+		{
+			name: "tag not string",
+			path: "./testdata/gcloud-container-tag-notstring.json",
+			err:  serrors.ErrorMismatchVersionedTag,
 		},
 	}
 	for _, tt := range tests {
@@ -1070,8 +1221,8 @@ func Test_VerifyVersionedTag(t *testing.T) {
 			}
 
 			err = prov.VerifyVersionedTag(tt.tag)
-			if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) {
-				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
+			if !cmp.Equal(err, tt.err, cmpopts.EquateErrors()) {
+				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
 			}
 		})
 	}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-github-v03-git.json b/verifiers/internal/gcb/testdata/gcloud-container-github-v03-git.json
new file mode 100644
index 000000000..e302cd93f
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-github-v03-git.json
@@ -0,0 +1,124 @@
+{
+    "image_summary": {
+      "digest": "sha256:2476c2e19b1459b0a0a6d3d214f96f0a0bf4d2071584b8feeebf51a68168bff2",
+      "fully_qualified_digest": "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3@sha256:2476c2e19b1459b0a0a6d3d214f96f0a0bf4d2071584b8feeebf51a68168bff2",
+      "registry": "us-west2-docker.pkg.dev",
+      "repository": "example-package-repo"
+    },
+    "provenance_summary": {
+      "provenance": [
+        {
+          "build": {
+            "intotoStatement": {
+              "_type": "https://in-toto.io/Statement/v0.1",
+              "predicateType": "https://slsa.dev/provenance/v0.1",
+              "slsaProvenance": {
+                "builder": {
+                  "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+                },
+                "materials": [
+                  {
+                    "digest": {
+                      "sha1": "d8e834cecc09efb7099196b005441606298e47b9"
+                    },
+                    "uri": "git+https://github.com/slsa-framework/example-package"
+                  }
+                ],
+                "metadata": {
+                  "buildFinishedOn": "2023-03-08T21:38:05.119259Z",
+                  "buildInvocationId": "33fe59fd-19cb-4e85-b0b4-d58d8011a1de",
+                  "buildStartedOn": "2023-03-08T21:37:39.591139209Z"
+                },
+                "recipe": {
+                  "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "33fe59fd-19cb-4e85-b0b4-d58d8011a1de",
+                    "name": "projects/819720953812/locations/us-west2/builds/33fe59fd-19cb-4e85-b0b4-d58d8011a1de",
+                    "options": {
+                      "dynamicSubstitutions": true,
+                      "logging": "CLOUD_LOGGING_ONLY",
+                      "pool": {},
+                      "requestedVerifyOption": "VERIFIED",
+                      "sourceProvenanceHash": [
+                        "SHA256"
+                      ],
+                      "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                      {
+                        "args": [
+                          "build",
+                          "-t",
+                          "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3",
+                          "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                          "endTime": "2023-03-08T21:37:43.684787795Z",
+                          "startTime": "2023-03-08T21:37:43.681104885Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                          "endTime": "2023-03-08T21:38:03.167489646Z",
+                          "startTime": "2023-03-08T21:37:43.681104885Z"
+                        }
+                      }
+                    ],
+                    "substitutions": {
+                      "COMMIT_SHA": "d8e834cecc09efb7099196b005441606298e47b9",
+                      "REF_NAME": "v33.0.3",
+                      "REPO_NAME": "example-package",
+                      "REVISION_ID": "d8e834cecc09efb7099196b005441606298e47b9",
+                      "SHORT_SHA": "d8e834c",
+                      "TAG_NAME": "v33.0.3",
+                      "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                      "TRIGGER_NAME": "push-tag",
+                      "_IMAGE_NAME": "slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3"
+                    }
+                  },
+                  "entryPoint": "cloudbuild.yaml",
+                  "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+                }
+              },
+              "subject": [
+                {
+                  "digest": {
+                    "sha256": "2476c2e19b1459b0a0a6d3d214f96f0a0bf4d2071584b8feeebf51a68168bff2"
+                  },
+                  "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3"
+                },
+                {
+                  "digest": {
+                    "sha256": "2476c2e19b1459b0a0a6d3d214f96f0a0bf4d2071584b8feeebf51a68168bff2"
+                  },
+                  "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3:latest"
+                }
+              ]
+            }
+          },
+          "createTime": "2023-03-08T21:38:07.724936Z",
+          "envelope": {
+            "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiJkOGU4MzRjZWNjMDllZmI3MDk5MTk2YjAwNTQ0MTYwNjI5OGU0N2I5In0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAzLTA4VDIxOjM4OjA1LjExOTI1OVoiLCJidWlsZEludm9jYXRpb25JZCI6IjMzZmU1OWZkLTE5Y2ItNGU4NS1iMGI0LWQ1OGQ4MDExYTFkZSIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMy0wOFQyMTozNzozOS41OTExMzkyMDlaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIzM2ZlNTlmZC0xOWNiLTRlODUtYjBiNC1kNThkODAxMWExZGUiLCJuYW1lIjoicHJvamVjdHMvODE5NzIwOTUzODEyL2xvY2F0aW9ucy91cy13ZXN0Mi9idWlsZHMvMzNmZTU5ZmQtMTljYi00ZTg1LWIwYjQtZDU4ZDgwMTFhMWRlIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkNMT1VEX0xPR0dJTkdfT05MWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInNvdXJjZVByb3ZlbmFuY2VIYXNoIjpbIlNIQTI1NiJdLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWNsb3VkYnVpbGQtc2xzYTMiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMy0wOFQyMTozNzo0My42ODQ3ODc3OTVaIiwic3RhcnRUaW1lIjoiMjAyMy0wMy0wOFQyMTozNzo0My42ODExMDQ4ODVaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDMtMDhUMjE6Mzg6MDMuMTY3NDg5NjQ2WiIsInN0YXJ0VGltZSI6IjIwMjMtMDMtMDhUMjE6Mzc6NDMuNjgxMTA0ODg1WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6ImQ4ZTgzNGNlY2MwOWVmYjcwOTkxOTZiMDA1NDQxNjA2Mjk4ZTQ3YjkiLCJSRUZfTkFNRSI6InYzMy4wLjMiLCJSRVBPX05BTUUiOiJleGFtcGxlLXBhY2thZ2UiLCJSRVZJU0lPTl9JRCI6ImQ4ZTgzNGNlY2MwOWVmYjcwOTkxOTZiMDA1NDQxNjA2Mjk4ZTQ3YjkiLCJTSE9SVF9TSEEiOiJkOGU4MzRjIiwiVEFHX05BTUUiOiJ2MzMuMC4zIiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6InB1c2gtdGFnIiwiX0lNQUdFX05BTUUiOiJzbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1jbG91ZGJ1aWxkLXNsc2EzIn19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9DbG91ZEJ1aWxkWWFtbEB2MC4xIn19LCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YwLjEiLCJzbHNhUHJvdmVuYW5jZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiJkOGU4MzRjZWNjMDllZmI3MDk5MTk2YjAwNTQ0MTYwNjI5OGU0N2I5In0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAzLTA4VDIxOjM4OjA1LjExOTI1OVoiLCJidWlsZEludm9jYXRpb25JZCI6IjMzZmU1OWZkLTE5Y2ItNGU4NS1iMGI0LWQ1OGQ4MDExYTFkZSIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMy0wOFQyMTozNzozOS41OTExMzkyMDlaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIzM2ZlNTlmZC0xOWNiLTRlODUtYjBiNC1kNThkODAxMWExZGUiLCJuYW1lIjoicHJvamVjdHMvODE5NzIwOTUzODEyL2xvY2F0aW9ucy91cy13ZXN0Mi9idWlsZHMvMzNmZTU5ZmQtMTljYi00ZTg1LWIwYjQtZDU4ZDgwMTFhMWRlIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkNMT1VEX0xPR0dJTkdfT05MWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInNvdXJjZVByb3ZlbmFuY2VIYXNoIjpbIlNIQTI1NiJdLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWNsb3VkYnVpbGQtc2xzYTMiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMy0wOFQyMTozNzo0My42ODQ3ODc3OTVaIiwic3RhcnRUaW1lIjoiMjAyMy0wMy0wOFQyMTozNzo0My42ODExMDQ4ODVaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDMtMDhUMjE6Mzg6MDMuMTY3NDg5NjQ2WiIsInN0YXJ0VGltZSI6IjIwMjMtMDMtMDhUMjE6Mzc6NDMuNjgxMTA0ODg1WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6ImQ4ZTgzNGNlY2MwOWVmYjcwOTkxOTZiMDA1NDQxNjA2Mjk4ZTQ3YjkiLCJSRUZfTkFNRSI6InYzMy4wLjMiLCJSRVBPX05BTUUiOiJleGFtcGxlLXBhY2thZ2UiLCJSRVZJU0lPTl9JRCI6ImQ4ZTgzNGNlY2MwOWVmYjcwOTkxOTZiMDA1NDQxNjA2Mjk4ZTQ3YjkiLCJTSE9SVF9TSEEiOiJkOGU4MzRjIiwiVEFHX05BTUUiOiJ2MzMuMC4zIiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6InB1c2gtdGFnIiwiX0lNQUdFX05BTUUiOiJzbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1jbG91ZGJ1aWxkLXNsc2EzIn19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9DbG91ZEJ1aWxkWWFtbEB2MC4xIn19LCJzdWJqZWN0IjpbeyJkaWdlc3QiOnsic2hhMjU2IjoiMjQ3NmMyZTE5YjE0NTliMGEwYTZkM2QyMTRmOTZmMGEwYmY0ZDIwNzE1ODRiOGZlZWViZjUxYTY4MTY4YmZmMiJ9LCJuYW1lIjoiaHR0cHM6Ly91cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1jbG91ZGJ1aWxkLXNsc2EzIn0seyJkaWdlc3QiOnsic2hhMjU2IjoiMjQ3NmMyZTE5YjE0NTliMGEwYTZkM2QyMTRmOTZmMGEwYmY0ZDIwNzE1ODRiOGZlZWViZjUxYTY4MTY4YmZmMiJ9LCJuYW1lIjoiaHR0cHM6Ly91cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1jbG91ZGJ1aWxkLXNsc2EzOmxhdGVzdCJ9XX0=",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+              {
+                "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+                "sig": "MEYCIQCVf04enPAleDKUI0J3FXD73mhM3a5nzhJ7KAlJs8iCvwIhAKwSOTZ3rf3z2iYdZX37zGYHyQ9Q4xIiuJAH4ocJqHH0"
+              },
+              {
+                "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+                "sig": "MEQCIC5f6PB6WB9sFALPP9grkM9BYK2qxpHuxT_fQQQuwTbBAiAiECAvXX0DZ-p7Hh0QZrtHZEeSd4JxwbP77i1pv_H6rA=="
+              }
+            ]
+          },
+          "kind": "BUILD",
+          "name": "projects/slsa-tooling/occurrences/defb50a3-4889-416b-a055-eb4695658db2",
+          "noteName": "projects/verified-builder/notes/intoto_33fe59fd-19cb-4e85-b0b4-d58d8011a1de",
+          "resourceUri": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-cloudbuild-slsa3@sha256:2476c2e19b1459b0a0a6d3d214f96f0a0bf4d2071584b8feeebf51a68168bff2",
+          "updateTime": "2023-03-08T21:38:07.724936Z"
+        }
+      ]
+    }
+  }
+  
\ No newline at end of file
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-global-pae-signing-key-successful.json b/verifiers/internal/gcb/testdata/gcloud-container-global-pae-signing-key-successful.json
new file mode 100644
index 000000000..04f2ba871
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-global-pae-signing-key-successful.json
@@ -0,0 +1,114 @@
+{
+  "image_summary": {
+    "digest": "sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "fully_qualified_digest": "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "registry": "us-central1-docker.pkg.dev",
+    "repository": "khalk-docker-ar"
+  },
+  "provenance_summary": {
+    "provenance": [
+      {
+        "build": {
+          "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+              "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+              },
+              "materials": [
+                {
+                  "digest": {
+                    "sha1": "75c21a6224914056801d5be2316d89de3ff24811"
+                  },
+                  "uri": "git+https://github.com/khalkie/gcb-repo-staging"
+                }
+              ],
+              "metadata": {
+                "buildFinishedOn": "2023-02-28T15:23:37.764882Z",
+                "buildInvocationId": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                "buildStartedOn": "2023-02-28T15:23:26.521812356Z"
+              },
+              "recipe": {
+                "arguments": {
+                  "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                  "id": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "name": "projects/265426041527/locations/us-west1/builds/964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "LEGACY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "substitutionOption": "ALLOW_LOOSE"
+                  },
+                  "sourceProvenance": {},
+                  "steps": [
+                    {
+                      "args": [
+                        "tag",
+                        "hello-world",
+                        "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+                      ],
+                      "name": "gcr.io/cloud-builders/docker",
+                      "pullTiming": {
+                        "endTime": "2023-02-28T15:23:34.662245150Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      },
+                      "status": "SUCCESS",
+                      "timing": {
+                        "endTime": "2023-02-28T15:23:35.584468354Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      }
+                    }
+                  ],
+                  "substitutions": {
+                    "BRANCH_NAME": "main",
+                    "COMMIT_SHA": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "REF_NAME": "main",
+                    "REPO_NAME": "gcb-repo-staging",
+                    "REVISION_ID": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "SHORT_SHA": "75c21a6",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "github-trigger-staging"
+                  }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+              }
+            },
+            "subject": [
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+              },
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3:latest"
+              }
+            ]
+          }
+        },
+        "createTime": "2023-02-28T15:23:39.650659Z",
+        "envelope": {
+          "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIn0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20va2hhbGtpZS9nY2ItcmVwby1zdGFnaW5nIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAyLTI4VDE1OjIzOjM3Ljc2NDg4MloiLCJidWlsZEludm9jYXRpb25JZCI6Ijk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzoyNi41MjE4MTIzNTZaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJuYW1lIjoicHJvamVjdHMvMjY1NDI2MDQxNTI3L2xvY2F0aW9ucy91cy13ZXN0MS9idWlsZHMvOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkxFR0FDWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJ0YWciLCJoZWxsby13b3JsZCIsInVzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjYyMjQ1MTUwWiIsInN0YXJ0VGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjU0MTUxMjYwWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM1LjU4NDQ2ODM1NFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifX1dLCJzdWJzdGl0dXRpb25zIjp7IkJSQU5DSF9OQU1FIjoibWFpbiIsIkNPTU1JVF9TSEEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIiwiUkVGX05BTUUiOiJtYWluIiwiUkVQT19OQU1FIjoiZ2NiLXJlcG8tc3RhZ2luZyIsIlJFVklTSU9OX0lEIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlNIT1JUX1NIQSI6Ijc1YzIxYTYiLCJUUklHR0VSX0JVSUxEX0NPTkZJR19QQVRIIjoiY2xvdWRidWlsZC55YW1sIiwiVFJJR0dFUl9OQU1FIjoiZ2l0aHViLXRyaWdnZXItc3RhZ2luZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyJ9LCJtYXRlcmlhbHMiOlt7ImRpZ2VzdCI6eyJzaGExIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSJ9LCJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2toYWxraWUvZ2NiLXJlcG8tc3RhZ2luZyJ9XSwibWV0YWRhdGEiOnsiYnVpbGRGaW5pc2hlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzozNy43NjQ4ODJaIiwiYnVpbGRJbnZvY2F0aW9uSWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJidWlsZFN0YXJ0ZWRPbiI6IjIwMjMtMDItMjhUMTU6MjM6MjYuNTIxODEyMzU2WiJ9LCJyZWNpcGUiOnsiYXJndW1lbnRzIjp7IkB0eXBlIjoidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsImlkIjoiOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwibmFtZSI6InByb2plY3RzLzI2NTQyNjA0MTUyNy9sb2NhdGlvbnMvdXMtd2VzdDEvYnVpbGRzLzk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsidGFnIiwiaGVsbG8td29ybGQiLCJ1cy1jZW50cmFsMS1kb2NrZXIucGtnLmRldi9hcmdvLWxvY2FsLWtoYWxrL2toYWxrLWRvY2tlci1hci90YWdnZWQtd29ybGQtdHJpZ2dlci05NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY2MjI0NTE1MFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNS41ODQ0NjgzNTRaIiwic3RhcnRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNC42NTQxNTEyNjBaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJCUkFOQ0hfTkFNRSI6Im1haW4iLCJDT01NSVRfU0hBIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlJFRl9OQU1FIjoibWFpbiIsIlJFUE9fTkFNRSI6ImdjYi1yZXBvLXN0YWdpbmciLCJSRVZJU0lPTl9JRCI6Ijc1YzIxYTYyMjQ5MTQwNTY4MDFkNWJlMjMxNmQ4OWRlM2ZmMjQ4MTEiLCJTSE9SVF9TSEEiOiI3NWMyMWE2IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6ImdpdGh1Yi10cmlnZ2VyLXN0YWdpbmcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiJmNTRhNThiYzFhYWM1ZWExYTI1ZDc5NmFlMTU1ZGMyMjhiM2YwZTExZDA0NmFlMjc2YjM5YzRiZjJmMTNkOGM0In0sIm5hbWUiOiJodHRwczovL3VzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJ9LHsiZGlnZXN0Ijp7InNoYTI1NiI6ImY1NGE1OGJjMWFhYzVlYTFhMjVkNzk2YWUxNTVkYzIyOGIzZjBlMTFkMDQ2YWUyNzZiMzljNGJmMmYxM2Q4YzQifSwibmFtZSI6Imh0dHBzOi8vdXMtY2VudHJhbDEtZG9ja2VyLnBrZy5kZXYvYXJnby1sb2NhbC1raGFsay9raGFsay1kb2NrZXItYXIvdGFnZ2VkLXdvcmxkLXRyaWdnZXItOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzOmxhdGVzdCJ9XX0=",
+          "payloadType": "application/vnd.in-toto+json",
+          "signatures": [
+            {
+              "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+              "sig": "MEUCIQCJQRkaJuajYy_KKV71VYS13QLdp57pAdQMVXucy3Ev-wIgBCcaPtO16_WWhRrPWVpxrTxtypNVLAqIVeywNYk2-Xk="
+            }
+          ]
+        },
+        "kind": "BUILD",
+        "name": "projects/argo-local-khalk/occurrences/26a014ac-3779-4a0b-98da-2d804f257f3d",
+        "noteName": "projects/argo-qa/notes/intoto_964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+        "resourceUri": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+        "updateTime": "2023-02-28T15:23:39.650659Z"
+      }
+    ]
+  }
+}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-global-pae-key.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-global-pae-key.json
new file mode 100644
index 000000000..0d905739e
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-global-pae-key.json
@@ -0,0 +1,114 @@
+{
+  "image_summary": {
+    "digest": "sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "fully_qualified_digest": "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "registry": "us-central1-docker.pkg.dev",
+    "repository": "khalk-docker-ar"
+  },
+  "provenance_summary": {
+    "provenance": [
+      {
+        "build": {
+          "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+              "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+              },
+              "materials": [
+                {
+                  "digest": {
+                    "sha1": "75c21a6224914056801d5be2316d89de3ff24811"
+                  },
+                  "uri": "git+https://github.com/khalkie/gcb-repo-staging"
+                }
+              ],
+              "metadata": {
+                "buildFinishedOn": "2023-02-28T15:23:37.764882Z",
+                "buildInvocationId": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                "buildStartedOn": "2023-02-28T15:23:26.521812356Z"
+              },
+              "recipe": {
+                "arguments": {
+                  "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                  "id": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "name": "projects/265426041527/locations/us-west1/builds/964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "LEGACY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "substitutionOption": "ALLOW_LOOSE"
+                  },
+                  "sourceProvenance": {},
+                  "steps": [
+                    {
+                      "args": [
+                        "tag",
+                        "hello-world",
+                        "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+                      ],
+                      "name": "gcr.io/cloud-builders/docker",
+                      "pullTiming": {
+                        "endTime": "2023-02-28T15:23:34.662245150Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      },
+                      "status": "SUCCESS",
+                      "timing": {
+                        "endTime": "2023-02-28T15:23:35.584468354Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      }
+                    }
+                  ],
+                  "substitutions": {
+                    "BRANCH_NAME": "main",
+                    "COMMIT_SHA": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "REF_NAME": "main",
+                    "REPO_NAME": "gcb-repo-staging",
+                    "REVISION_ID": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "SHORT_SHA": "75c21a6",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "github-trigger-staging"
+                  }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+              }
+            },
+            "subject": [
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+              },
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3:latest"
+              }
+            ]
+          }
+        },
+        "createTime": "2023-02-28T15:23:39.650659Z",
+        "envelope": {
+          "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIn0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20va2hhbGtpZS9nY2ItcmVwby1zdGFnaW5nIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAyLTI4VDE1OjIzOjM3Ljc2NDg4MloiLCJidWlsZEludm9jYXRpb25JZCI6Ijk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzoyNi41MjE4MTIzNTZaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJuYW1lIjoicHJvamVjdHMvMjY1NDI2MDQxNTI3L2xvY2F0aW9ucy91cy13ZXN0MS9idWlsZHMvOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkxFR0FDWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJ0YWciLCJoZWxsby13b3JsZCIsInVzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjYyMjQ1MTUwWiIsInN0YXJ0VGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjU0MTUxMjYwWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM1LjU4NDQ2ODM1NFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifX1dLCJzdWJzdGl0dXRpb25zIjp7IkJSQU5DSF9OQU1FIjoibWFpbiIsIkNPTU1JVF9TSEEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIiwiUkVGX05BTUUiOiJtYWluIiwiUkVQT19OQU1FIjoiZ2NiLXJlcG8tc3RhZ2luZyIsIlJFVklTSU9OX0lEIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlNIT1JUX1NIQSI6Ijc1YzIxYTYiLCJUUklHR0VSX0JVSUxEX0NPTkZJR19QQVRIIjoiY2xvdWRidWlsZC55YW1sIiwiVFJJR0dFUl9OQU1FIjoiZ2l0aHViLXRyaWdnZXItc3RhZ2luZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyJ9LCJtYXRlcmlhbHMiOlt7ImRpZ2VzdCI6eyJzaGExIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSJ9LCJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2toYWxraWUvZ2NiLXJlcG8tc3RhZ2luZyJ9XSwibWV0YWRhdGEiOnsiYnVpbGRGaW5pc2hlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzozNy43NjQ4ODJaIiwiYnVpbGRJbnZvY2F0aW9uSWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJidWlsZFN0YXJ0ZWRPbiI6IjIwMjMtMDItMjhUMTU6MjM6MjYuNTIxODEyMzU2WiJ9LCJyZWNpcGUiOnsiYXJndW1lbnRzIjp7IkB0eXBlIjoidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsImlkIjoiOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwibmFtZSI6InByb2plY3RzLzI2NTQyNjA0MTUyNy9sb2NhdGlvbnMvdXMtd2VzdDEvYnVpbGRzLzk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsidGFnIiwiaGVsbG8td29ybGQiLCJ1cy1jZW50cmFsMS1kb2NrZXIucGtnLmRldi9hcmdvLWxvY2FsLWtoYWxrL2toYWxrLWRvY2tlci1hci90YWdnZWQtd29ybGQtdHJpZ2dlci05NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY2MjI0NTE1MFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNS41ODQ0NjgzNTRaIiwic3RhcnRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNC42NTQxNTEyNjBaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJCUkFOQ0hfTkFNRSI6Im1haW4iLCJDT01NSVRfU0hBIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlJFRl9OQU1FIjoibWFpbiIsIlJFUE9fTkFNRSI6ImdjYi1yZXBvLXN0YWdpbmciLCJSRVZJU0lPTl9JRCI6Ijc1YzIxYTYyMjQ5MTQwNTY4MDFkNWJlMjMxNmQ4OWRlM2ZmMjQ4MTEiLCJTSE9SVF9TSEEiOiI3NWMyMWE2IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6ImdpdGh1Yi10cmlnZ2VyLXN0YWdpbmcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiJmNTRhNThiYzFhYWM1ZWExYTI1ZDc5NmFlMTU1ZGMyMjhiM2YwZTExZDA0NmFlMjc2YjM5YzRiZjJmMTNkOGM0In0sIm5hbWUiOiJodHRwczovL3VzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJ9LHsiZGlnZXN0Ijp7InNoYTI1NiI6ImY1NGE1OGJjMWFhYzVlYTFhMjVkNzk2YWUxNTVkYzIyOGIzZjBlMTFkMDQ2YWUyNzZiMzljNGJmMmYxM2Q4YzQifSwibmFtZSI6Imh0dHBzOi8vdXMtY2VudHJhbDEtZG9ja2VyLnBrZy5kZXYvYXJnby1sb2NhbC1raGFsay9raGFsay1kb2NrZXItYXIvdGFnZ2VkLXdvcmxkLXRyaWdnZXItOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzOmxhdGVzdCJ9XX0=",
+          "payloadType": "application/vnd.in-toto+json",
+          "signatures": [
+            {
+              "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+              "sig": "BADSIG-JQRkaJuajYy_KKV71VYS13QLdp57pAdQMVXucy3Ev-wIgBCcaPtO16_WWhRrPWVpxrTxtypNVLAqIVeywNYk2-Xk="
+            }
+          ]
+        },
+        "kind": "BUILD",
+        "name": "projects/argo-local-khalk/occurrences/26a014ac-3779-4a0b-98da-2d804f257f3d",
+        "noteName": "projects/argo-qa/notes/intoto_964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+        "resourceUri": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+        "updateTime": "2023-02-28T15:23:39.650659Z"
+      }
+    ]
+  }
+}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-global-pae-valid.json b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-global-pae-valid.json
new file mode 100644
index 000000000..f6f19f903
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-global-pae-valid.json
@@ -0,0 +1,118 @@
+{
+  "image_summary": {
+    "digest": "sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "fully_qualified_digest": "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+    "registry": "us-central1-docker.pkg.dev",
+    "repository": "khalk-docker-ar"
+  },
+  "provenance_summary": {
+    "provenance": [
+      {
+        "build": {
+          "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+              "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+              },
+              "materials": [
+                {
+                  "digest": {
+                    "sha1": "75c21a6224914056801d5be2316d89de3ff24811"
+                  },
+                  "uri": "git+https://github.com/khalkie/gcb-repo-staging"
+                }
+              ],
+              "metadata": {
+                "buildFinishedOn": "2023-02-28T15:23:37.764882Z",
+                "buildInvocationId": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                "buildStartedOn": "2023-02-28T15:23:26.521812356Z"
+              },
+              "recipe": {
+                "arguments": {
+                  "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                  "id": "964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "name": "projects/265426041527/locations/us-west1/builds/964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+                  "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "LEGACY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "substitutionOption": "ALLOW_LOOSE"
+                  },
+                  "sourceProvenance": {},
+                  "steps": [
+                    {
+                      "args": [
+                        "tag",
+                        "hello-world",
+                        "us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+                      ],
+                      "name": "gcr.io/cloud-builders/docker",
+                      "pullTiming": {
+                        "endTime": "2023-02-28T15:23:34.662245150Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      },
+                      "status": "SUCCESS",
+                      "timing": {
+                        "endTime": "2023-02-28T15:23:35.584468354Z",
+                        "startTime": "2023-02-28T15:23:34.654151260Z"
+                      }
+                    }
+                  ],
+                  "substitutions": {
+                    "BRANCH_NAME": "main",
+                    "COMMIT_SHA": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "REF_NAME": "main",
+                    "REPO_NAME": "gcb-repo-staging",
+                    "REVISION_ID": "75c21a6224914056801d5be2316d89de3ff24811",
+                    "SHORT_SHA": "75c21a6",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "github-trigger-staging"
+                  }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+              }
+            },
+            "subject": [
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3"
+              },
+              {
+                "digest": {
+                  "sha256": "f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4"
+                },
+                "name": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3:latest"
+              }
+            ]
+          }
+        },
+        "createTime": "2023-02-28T15:23:39.650659Z",
+        "envelope": {
+          "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIn0sInVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20va2hhbGtpZS9nY2ItcmVwby1zdGFnaW5nIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIzLTAyLTI4VDE1OjIzOjM3Ljc2NDg4MloiLCJidWlsZEludm9jYXRpb25JZCI6Ijk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzoyNi41MjE4MTIzNTZaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJuYW1lIjoicHJvamVjdHMvMjY1NDI2MDQxNTI3L2xvY2F0aW9ucy91cy13ZXN0MS9idWlsZHMvOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwib3B0aW9ucyI6eyJkeW5hbWljU3Vic3RpdHV0aW9ucyI6dHJ1ZSwibG9nZ2luZyI6IkxFR0FDWSIsInBvb2wiOnt9LCJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiJWRVJJRklFRCIsInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJ0YWciLCJoZWxsby13b3JsZCIsInVzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjYyMjQ1MTUwWiIsInN0YXJ0VGltZSI6IjIwMjMtMDItMjhUMTU6MjM6MzQuNjU0MTUxMjYwWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM1LjU4NDQ2ODM1NFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifX1dLCJzdWJzdGl0dXRpb25zIjp7IkJSQU5DSF9OQU1FIjoibWFpbiIsIkNPTU1JVF9TSEEiOiI3NWMyMWE2MjI0OTE0MDU2ODAxZDViZTIzMTZkODlkZTNmZjI0ODExIiwiUkVGX05BTUUiOiJtYWluIiwiUkVQT19OQU1FIjoiZ2NiLXJlcG8tc3RhZ2luZyIsIlJFVklTSU9OX0lEIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlNIT1JUX1NIQSI6Ijc1YzIxYTYiLCJUUklHR0VSX0JVSUxEX0NPTkZJR19QQVRIIjoiY2xvdWRidWlsZC55YW1sIiwiVFJJR0dFUl9OQU1FIjoiZ2l0aHViLXRyaWdnZXItc3RhZ2luZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyJ9LCJtYXRlcmlhbHMiOlt7ImRpZ2VzdCI6eyJzaGExIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSJ9LCJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2toYWxraWUvZ2NiLXJlcG8tc3RhZ2luZyJ9XSwibWV0YWRhdGEiOnsiYnVpbGRGaW5pc2hlZE9uIjoiMjAyMy0wMi0yOFQxNToyMzozNy43NjQ4ODJaIiwiYnVpbGRJbnZvY2F0aW9uSWQiOiI5NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiLCJidWlsZFN0YXJ0ZWRPbiI6IjIwMjMtMDItMjhUMTU6MjM6MjYuNTIxODEyMzU2WiJ9LCJyZWNpcGUiOnsiYXJndW1lbnRzIjp7IkB0eXBlIjoidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsImlkIjoiOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzIiwibmFtZSI6InByb2plY3RzLzI2NTQyNjA0MTUyNy9sb2NhdGlvbnMvdXMtd2VzdDEvYnVpbGRzLzk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsidGFnIiwiaGVsbG8td29ybGQiLCJ1cy1jZW50cmFsMS1kb2NrZXIucGtnLmRldi9hcmdvLWxvY2FsLWtoYWxrL2toYWxrLWRvY2tlci1hci90YWdnZWQtd29ybGQtdHJpZ2dlci05NjRhMmViYS02MmYwLTRhNTMtODdkMy00ZTZkZGRjYzcwYjMiXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY2MjI0NTE1MFoiLCJzdGFydFRpbWUiOiIyMDIzLTAyLTI4VDE1OjIzOjM0LjY1NDE1MTI2MFoifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNS41ODQ0NjgzNTRaIiwic3RhcnRUaW1lIjoiMjAyMy0wMi0yOFQxNToyMzozNC42NTQxNTEyNjBaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJCUkFOQ0hfTkFNRSI6Im1haW4iLCJDT01NSVRfU0hBIjoiNzVjMjFhNjIyNDkxNDA1NjgwMWQ1YmUyMzE2ZDg5ZGUzZmYyNDgxMSIsIlJFRl9OQU1FIjoibWFpbiIsIlJFUE9fTkFNRSI6ImdjYi1yZXBvLXN0YWdpbmciLCJSRVZJU0lPTl9JRCI6Ijc1YzIxYTYyMjQ5MTQwNTY4MDFkNWJlMjMxNmQ4OWRlM2ZmMjQ4MTEiLCJTSE9SVF9TSEEiOiI3NWMyMWE2IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6ImdpdGh1Yi10cmlnZ2VyLXN0YWdpbmcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiJmNTRhNThiYzFhYWM1ZWExYTI1ZDc5NmFlMTU1ZGMyMjhiM2YwZTExZDA0NmFlMjc2YjM5YzRiZjJmMTNkOGM0In0sIm5hbWUiOiJodHRwczovL3VzLWNlbnRyYWwxLWRvY2tlci5wa2cuZGV2L2FyZ28tbG9jYWwta2hhbGsva2hhbGstZG9ja2VyLWFyL3RhZ2dlZC13b3JsZC10cmlnZ2VyLTk2NGEyZWJhLTYyZjAtNGE1My04N2QzLTRlNmRkZGNjNzBiMyJ9LHsiZGlnZXN0Ijp7InNoYTI1NiI6ImY1NGE1OGJjMWFhYzVlYTFhMjVkNzk2YWUxNTVkYzIyOGIzZjBlMTFkMDQ2YWUyNzZiMzljNGJmMmYxM2Q4YzQifSwibmFtZSI6Imh0dHBzOi8vdXMtY2VudHJhbDEtZG9ja2VyLnBrZy5kZXYvYXJnby1sb2NhbC1raGFsay9raGFsay1kb2NrZXItYXIvdGFnZ2VkLXdvcmxkLXRyaWdnZXItOTY0YTJlYmEtNjJmMC00YTUzLTg3ZDMtNGU2ZGRkY2M3MGIzOmxhdGVzdCJ9XX0=",
+          "payloadType": "application/vnd.in-toto+json",
+          "signatures": [
+            {
+              "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+              "sig": "MEUCIQCJQRkaJuajYy_KKV71VYS13QLdp57pAdQMVXucy3Ev-wIgBCcaPtO16_WWhRrPWVpxrTxtypNVLAqIVeywNYk2-Xk="
+            },
+            {
+              "keyid": "projects/argo-qa/locations/us-west1/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+              "sig": "THIS-IS-BAD-CY8BRxZGNBHktKHWQHnO0OKW2awEqorwGs9l2AIgKnoPsZAwVv5TSzbN8UlkEvTRRTVTTEAbfG9V1lCQzVw="
+            }
+          ]
+        },
+        "kind": "BUILD",
+        "name": "projects/argo-local-khalk/occurrences/26a014ac-3779-4a0b-98da-2d804f257f3d",
+        "noteName": "projects/argo-qa/notes/intoto_964a2eba-62f0-4a53-87d3-4e6dddcc70b3",
+        "resourceUri": "https://us-central1-docker.pkg.dev/argo-local-khalk/khalk-docker-ar/tagged-world-trigger-964a2eba-62f0-4a53-87d3-4e6dddcc70b3@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4",
+        "updateTime": "2023-02-28T15:23:39.650659Z"
+      }
+    ]
+  }
+}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-tag-notpresent.json b/verifiers/internal/gcb/testdata/gcloud-container-tag-notpresent.json
new file mode 100644
index 000000000..b103360a8
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-tag-notpresent.json
@@ -0,0 +1,123 @@
+{
+    "image_summary": {
+        "digest": "sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "fully_qualified_digest": "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "registry": "us-west2-docker.pkg.dev",
+        "repository": "example-package-repo"
+    },
+    "provenance_summary": {
+    "provenance": [
+        {
+        "build": {
+            "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+                "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+                },
+                "materials": [
+                {
+                    "digest": {
+                    "sha1": "c750fd73a1669b095df7c74da9f1ff2032f926c9"
+                    },
+                    "uri": "git+https://github.com/slsa-framework/example-package"
+                }
+                ],
+                "metadata": {
+                "buildFinishedOn": "2023-03-15T03:14:35.163724Z",
+                "buildInvocationId": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                "buildStartedOn": "2023-03-15T03:14:09.188170704Z"
+                },
+                "recipe": {
+                "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "name": "projects/819720953812/locations/us-west2/builds/40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "CLOUD_LOGGING_ONLY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "sourceProvenanceHash": [
+                        "SHA256"
+                    ],
+                    "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                    {
+                        "args": [
+                        "build",
+                        "-t",
+                        "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3",
+                        "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                        "endTime": "2023-03-15T03:14:13.395259677Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                        "endTime": "2023-03-15T03:14:33.194195471Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        }
+                    }
+                    ],
+                    "substitutions": {
+                    "COMMIT_SHA": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "REF_NAME": "v33.0.4",
+                    "REPO_NAME": "example-package",
+                    "REVISION_ID": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "SHORT_SHA": "c750fd7",
+                    "TAG_NAME": "v33.0.4",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "push-tag",
+                    "_IMAGE_NAME": "slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                    }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+                }
+            },
+            "subject": [
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                },
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3:latest"
+                }
+            ]
+            }
+        },
+        "createTime": "2023-03-15T03:14:37.761441Z",
+        "envelope": {
+            "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGExIjogImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiCiAgICAgICAgfSwKICAgICAgICAidXJpIjogImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIgogICAgICB9CiAgICBdLAogICAgIm1ldGFkYXRhIjogewogICAgICAiYnVpbGRGaW5pc2hlZE9uIjogIjIwMjMtMDMtMTVUMDM6MTQ6MzUuMTYzNzI0WiIsCiAgICAgICJidWlsZEludm9jYXRpb25JZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAiYnVpbGRTdGFydGVkT24iOiAiMjAyMy0wMy0xNVQwMzoxNDowOS4xODgxNzA3MDRaIgogICAgfSwKICAgICJyZWNpcGUiOiB7CiAgICAgICJhcmd1bWVudHMiOiB7CiAgICAgICAgIkB0eXBlIjogInR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLAogICAgICAgICJpZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAgICJuYW1lIjogInByb2plY3RzLzgxOTcyMDk1MzgxMi9sb2NhdGlvbnMvdXMtd2VzdDIvYnVpbGRzLzQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsCiAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAiZHluYW1pY1N1YnN0aXR1dGlvbnMiOiB0cnVlLAogICAgICAgICAgImxvZ2dpbmciOiAiQ0xPVURfTE9HR0lOR19PTkxZIiwKICAgICAgICAgICJwb29sIjoge30sCiAgICAgICAgICAicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjogIlZFUklGSUVEIiwKICAgICAgICAgICJzb3VyY2VQcm92ZW5hbmNlSGFzaCI6IFsKICAgICAgICAgICAgIlNIQTI1NiIKICAgICAgICAgIF0sCiAgICAgICAgICAic3Vic3RpdHV0aW9uT3B0aW9uIjogIkFMTE9XX0xPT1NFIgogICAgICAgIH0sCiAgICAgICAgInNvdXJjZVByb3ZlbmFuY2UiOiB7fSwKICAgICAgICAic3RlcHMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJhcmdzIjogWwogICAgICAgICAgICAgICJidWlsZCIsCiAgICAgICAgICAgICAgIi10IiwKICAgICAgICAgICAgICAidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvc2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzIiwKICAgICAgICAgICAgICAiLiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsCiAgICAgICAgICAgICJwdWxsVGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzk1MjU5Njc3WiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJzdGF0dXMiOiAiU1VDQ0VTUyIsCiAgICAgICAgICAgICJ0aW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDozMy4xOTQxOTU0NzFaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzkyMzYwMjE1WiIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgInN1YnN0aXR1dGlvbnMiOiB7CiAgICAgICAgICAiQ09NTUlUX1NIQSI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IiwKICAgICAgICAgICJSRUZfTkFNRSI6ICJ2MzMuMC40IiwKICAgICAgICAgICJSRVBPX05BTUUiOiAiZXhhbXBsZS1wYWNrYWdlIiwKICAgICAgICAgICJSRVZJU0lPTl9JRCI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IiwKICAgICAgICAgICJTSE9SVF9TSEEiOiAiYzc1MGZkNyIsCiAgICAgICAgICAiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ICJjbG91ZGJ1aWxkLnlhbWwiLAogICAgICAgICAgIlRSSUdHRVJfTkFNRSI6ICJwdXNoLXRhZyIsCiAgICAgICAgICAiX0lNQUdFX05BTUUiOiAic2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzIgogICAgICAgIH0KICAgICAgfSwKICAgICAgImVudHJ5UG9pbnQiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgInR5cGUiOiAiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEiCiAgICB9CiAgfSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsCiAgInNsc2FQcm92ZW5hbmNlIjogewogICAgImJ1aWxkZXIiOiB7CiAgICAgICJpZCI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMiCiAgICB9LAogICAgIm1hdGVyaWFscyI6IFsKICAgICAgewogICAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgICAic2hhMSI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IgogICAgICAgIH0sCiAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIKICAgICAgfQogICAgXSwKICAgICJtZXRhZGF0YSI6IHsKICAgICAgImJ1aWxkRmluaXNoZWRPbiI6ICIyMDIzLTAzLTE1VDAzOjE0OjM1LjE2MzcyNFoiLAogICAgICAiYnVpbGRJbnZvY2F0aW9uSWQiOiAiNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwKICAgICAgImJ1aWxkU3RhcnRlZE9uIjogIjIwMjMtMDMtMTVUMDM6MTQ6MDkuMTg4MTcwNzA0WiIKICAgIH0sCiAgICAicmVjaXBlIjogewogICAgICAiYXJndW1lbnRzIjogewogICAgICAgICJAdHlwZSI6ICJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwKICAgICAgICAiaWQiOiAiNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwKICAgICAgICAibmFtZSI6ICJwcm9qZWN0cy84MTk3MjA5NTM4MTIvbG9jYXRpb25zL3VzLXdlc3QyL2J1aWxkcy80MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAgICJvcHRpb25zIjogewogICAgICAgICAgImR5bmFtaWNTdWJzdGl0dXRpb25zIjogdHJ1ZSwKICAgICAgICAgICJsb2dnaW5nIjogIkNMT1VEX0xPR0dJTkdfT05MWSIsCiAgICAgICAgICAicG9vbCI6IHt9LAogICAgICAgICAgInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6ICJWRVJJRklFRCIsCiAgICAgICAgICAic291cmNlUHJvdmVuYW5jZUhhc2giOiBbCiAgICAgICAgICAgICJTSEEyNTYiCiAgICAgICAgICBdLAogICAgICAgICAgInN1YnN0aXR1dGlvbk9wdGlvbiI6ICJBTExPV19MT09TRSIKICAgICAgICB9LAogICAgICAgICJzb3VyY2VQcm92ZW5hbmNlIjoge30sCiAgICAgICAgInN0ZXBzIjogWwogICAgICAgICAgewogICAgICAgICAgICAiYXJncyI6IFsKICAgICAgICAgICAgICAiYnVpbGQiLAogICAgICAgICAgICAgICItdCIsCiAgICAgICAgICAgICAgInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIsCiAgICAgICAgICAgICAgIi4iCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJuYW1lIjogImdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLAogICAgICAgICAgICAicHVsbFRpbWluZyI6IHsKICAgICAgICAgICAgICAiZW5kVGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5NTI1OTY3N1oiLAogICAgICAgICAgICAgICJzdGFydFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTIzNjAyMTVaIgogICAgICAgICAgICB9LAogICAgICAgICAgICAic3RhdHVzIjogIlNVQ0NFU1MiLAogICAgICAgICAgICAidGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MzMuMTk0MTk1NDcxWiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoiCiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICBdLAogICAgICAgICJzdWJzdGl0dXRpb25zIjogewogICAgICAgICAgIkNPTU1JVF9TSEEiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsCiAgICAgICAgICAiUkVGX05BTUUiOiAidjMzLjAuNCIsCiAgICAgICAgICAiUkVQT19OQU1FIjogImV4YW1wbGUtcGFja2FnZSIsCiAgICAgICAgICAiUkVWSVNJT05fSUQiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsCiAgICAgICAgICAiU0hPUlRfU0hBIjogImM3NTBmZDciLAogICAgICAgICAgIlRBR19OQU1FIjogInYzMy4wLjQiLAogICAgICAgICAgIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgICAgICJUUklHR0VSX05BTUUiOiAicHVzaC10YWciLAogICAgICAgICAgIl9JTUFHRV9OQU1FIjogInNsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJlbnRyeVBvaW50IjogImNsb3VkYnVpbGQueWFtbCIsCiAgICAgICJ0eXBlIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9DbG91ZEJ1aWxkWWFtbEB2MC4xIgogICAgfQogIH0sCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICI4N2RiNmQ1MjI2NDQwZTcyZjcxMzRiNzExNjNkZjQ1MjgyMTI3YTNmN2IwNjAwYzk0NjY4M2NiMmY0M2E3MGE5IgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIKICAgIH0sCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICI4N2RiNmQ1MjI2NDQwZTcyZjcxMzRiNzExNjNkZjQ1MjgyMTI3YTNmN2IwNjAwYzk0NjY4M2NiMmY0M2E3MGE5IgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMzpsYXRlc3QiCiAgICB9CiAgXQp9Cg==",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+            {
+                "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+                "sig": "MEUCIQCyUACW1iuJZWG-c_-THrjMEpqRh7Er--e3Dl5tI47ckgIgEpHlnlARXZ67EA8xsqAaGIdlybe4afJKoGy3kCnzFRU="
+            },
+            {
+                "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+                "sig": "MEQCICN-XUNR1jLfImkwX0GVZQIJkr7LilQB_J_dc6QwQ57uAiBfgDokQLaYaeyDQn6uNzRvW9bt-AAW1PsuE-OmY3vqgA=="
+            }
+            ]
+        },
+        "kind": "BUILD",
+        "name": "projects/slsa-tooling/occurrences/63a00a0f-46f3-44e0-8997-2e9efa439b95",
+        "noteName": "projects/verified-builder/notes/intoto_40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+        "resourceUri": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "updateTime": "2023-03-15T03:14:37.761441Z"
+        }
+    ]
+    }
+}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-tag-notstring.json b/verifiers/internal/gcb/testdata/gcloud-container-tag-notstring.json
new file mode 100644
index 000000000..9697f8717
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-tag-notstring.json
@@ -0,0 +1,123 @@
+{
+    "image_summary": {
+        "digest": "sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "fully_qualified_digest": "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "registry": "us-west2-docker.pkg.dev",
+        "repository": "example-package-repo"
+    },
+    "provenance_summary": {
+    "provenance": [
+        {
+        "build": {
+            "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+                "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+                },
+                "materials": [
+                {
+                    "digest": {
+                    "sha1": "c750fd73a1669b095df7c74da9f1ff2032f926c9"
+                    },
+                    "uri": "git+https://github.com/slsa-framework/example-package"
+                }
+                ],
+                "metadata": {
+                "buildFinishedOn": "2023-03-15T03:14:35.163724Z",
+                "buildInvocationId": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                "buildStartedOn": "2023-03-15T03:14:09.188170704Z"
+                },
+                "recipe": {
+                "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "name": "projects/819720953812/locations/us-west2/builds/40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "CLOUD_LOGGING_ONLY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "sourceProvenanceHash": [
+                        "SHA256"
+                    ],
+                    "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                    {
+                        "args": [
+                        "build",
+                        "-t",
+                        "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3",
+                        "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                        "endTime": "2023-03-15T03:14:13.395259677Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                        "endTime": "2023-03-15T03:14:33.194195471Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        }
+                    }
+                    ],
+                    "substitutions": {
+                    "COMMIT_SHA": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "REF_NAME": "v33.0.4",
+                    "REPO_NAME": "example-package",
+                    "REVISION_ID": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "SHORT_SHA": "c750fd7",
+                    "TAG_NAME": "v33.0.4",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "push-tag",
+                    "_IMAGE_NAME": "slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                    }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+                }
+            },
+            "subject": [
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                },
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3:latest"
+                }
+            ]
+            }
+        },
+        "createTime": "2023-03-15T03:14:37.761441Z",
+        "envelope": {
+            "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGExIjogImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiCiAgICAgICAgfSwKICAgICAgICAidXJpIjogImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIgogICAgICB9CiAgICBdLAogICAgIm1ldGFkYXRhIjogewogICAgICAiYnVpbGRGaW5pc2hlZE9uIjogIjIwMjMtMDMtMTVUMDM6MTQ6MzUuMTYzNzI0WiIsCiAgICAgICJidWlsZEludm9jYXRpb25JZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAiYnVpbGRTdGFydGVkT24iOiAiMjAyMy0wMy0xNVQwMzoxNDowOS4xODgxNzA3MDRaIgogICAgfSwKICAgICJyZWNpcGUiOiB7CiAgICAgICJhcmd1bWVudHMiOiB7CiAgICAgICAgIkB0eXBlIjogInR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLAogICAgICAgICJpZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAgICJuYW1lIjogInByb2plY3RzLzgxOTcyMDk1MzgxMi9sb2NhdGlvbnMvdXMtd2VzdDIvYnVpbGRzLzQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsCiAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAiZHluYW1pY1N1YnN0aXR1dGlvbnMiOiB0cnVlLAogICAgICAgICAgImxvZ2dpbmciOiAiQ0xPVURfTE9HR0lOR19PTkxZIiwKICAgICAgICAgICJwb29sIjoge30sCiAgICAgICAgICAicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjogIlZFUklGSUVEIiwKICAgICAgICAgICJzb3VyY2VQcm92ZW5hbmNlSGFzaCI6IFsKICAgICAgICAgICAgIlNIQTI1NiIKICAgICAgICAgIF0sCiAgICAgICAgICAic3Vic3RpdHV0aW9uT3B0aW9uIjogIkFMTE9XX0xPT1NFIgogICAgICAgIH0sCiAgICAgICAgInNvdXJjZVByb3ZlbmFuY2UiOiB7fSwKICAgICAgICAic3RlcHMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJhcmdzIjogWwogICAgICAgICAgICAgICJidWlsZCIsCiAgICAgICAgICAgICAgIi10IiwKICAgICAgICAgICAgICAidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvc2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzIiwKICAgICAgICAgICAgICAiLiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsCiAgICAgICAgICAgICJwdWxsVGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzk1MjU5Njc3WiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJzdGF0dXMiOiAiU1VDQ0VTUyIsCiAgICAgICAgICAgICJ0aW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDozMy4xOTQxOTU0NzFaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzkyMzYwMjE1WiIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgInN1YnN0aXR1dGlvbnMiOiB7CiAgICAgICAgICAiQ09NTUlUX1NIQSI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IiwKICAgICAgICAgICJSRUZfTkFNRSI6ICJ2MzMuMC40IiwKICAgICAgICAgICJUQUdfTkFNRSI6IDEyMzQsCiAgICAgICAgICAiUkVQT19OQU1FIjogImV4YW1wbGUtcGFja2FnZSIsCiAgICAgICAgICAiUkVWSVNJT05fSUQiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsCiAgICAgICAgICAiU0hPUlRfU0hBIjogImM3NTBmZDciLAogICAgICAgICAgIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgICAgICJUUklHR0VSX05BTUUiOiAicHVzaC10YWciLAogICAgICAgICAgIl9JTUFHRV9OQU1FIjogInNsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJlbnRyeVBvaW50IjogImNsb3VkYnVpbGQueWFtbCIsCiAgICAgICJ0eXBlIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9DbG91ZEJ1aWxkWWFtbEB2MC4xIgogICAgfQogIH0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YwLjEiLAogICJzbHNhUHJvdmVuYW5jZSI6IHsKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIgogICAgfSwKICAgICJtYXRlcmlhbHMiOiBbCiAgICAgIHsKICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgInNoYTEiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIKICAgICAgICB9LAogICAgICAgICJ1cmkiOiAiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiCiAgICAgIH0KICAgIF0sCiAgICAibWV0YWRhdGEiOiB7CiAgICAgICJidWlsZEZpbmlzaGVkT24iOiAiMjAyMy0wMy0xNVQwMzoxNDozNS4xNjM3MjRaIiwKICAgICAgImJ1aWxkSW52b2NhdGlvbklkIjogIjQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsCiAgICAgICJidWlsZFN0YXJ0ZWRPbiI6ICIyMDIzLTAzLTE1VDAzOjE0OjA5LjE4ODE3MDcwNFoiCiAgICB9LAogICAgInJlY2lwZSI6IHsKICAgICAgImFyZ3VtZW50cyI6IHsKICAgICAgICAiQHR5cGUiOiAidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsCiAgICAgICAgImlkIjogIjQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsCiAgICAgICAgIm5hbWUiOiAicHJvamVjdHMvODE5NzIwOTUzODEyL2xvY2F0aW9ucy91cy13ZXN0Mi9idWlsZHMvNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwKICAgICAgICAib3B0aW9ucyI6IHsKICAgICAgICAgICJkeW5hbWljU3Vic3RpdHV0aW9ucyI6IHRydWUsCiAgICAgICAgICAibG9nZ2luZyI6ICJDTE9VRF9MT0dHSU5HX09OTFkiLAogICAgICAgICAgInBvb2wiOiB7fSwKICAgICAgICAgICJyZXF1ZXN0ZWRWZXJpZnlPcHRpb24iOiAiVkVSSUZJRUQiLAogICAgICAgICAgInNvdXJjZVByb3ZlbmFuY2VIYXNoIjogWwogICAgICAgICAgICAiU0hBMjU2IgogICAgICAgICAgXSwKICAgICAgICAgICJzdWJzdGl0dXRpb25PcHRpb24iOiAiQUxMT1dfTE9PU0UiCiAgICAgICAgfSwKICAgICAgICAic291cmNlUHJvdmVuYW5jZSI6IHt9LAogICAgICAgICJzdGVwcyI6IFsKICAgICAgICAgIHsKICAgICAgICAgICAgImFyZ3MiOiBbCiAgICAgICAgICAgICAgImJ1aWxkIiwKICAgICAgICAgICAgICAiLXQiLAogICAgICAgICAgICAgICJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTMiLAogICAgICAgICAgICAgICIuIgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwKICAgICAgICAgICAgInB1bGxUaW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTUyNTk2NzdaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzkyMzYwMjE1WiIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInN0YXR1cyI6ICJTVUNDRVNTIiwKICAgICAgICAgICAgInRpbWluZyI6IHsKICAgICAgICAgICAgICAiZW5kVGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjMzLjE5NDE5NTQ3MVoiLAogICAgICAgICAgICAgICJzdGFydFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTIzNjAyMTVaIgogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXSwKICAgICAgICAic3Vic3RpdHV0aW9ucyI6IHsKICAgICAgICAgICJDT01NSVRfU0hBIjogImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiLAogICAgICAgICAgIlJFRl9OQU1FIjogInYzMy4wLjQiLAogICAgICAgICAgIlJFUE9fTkFNRSI6ICJleGFtcGxlLXBhY2thZ2UiLAogICAgICAgICAgIlJFVklTSU9OX0lEIjogImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiLAogICAgICAgICAgIlNIT1JUX1NIQSI6ICJjNzUwZmQ3IiwKICAgICAgICAgICJUQUdfTkFNRSI6ICJ2MzMuMC40IiwKICAgICAgICAgICJUUklHR0VSX0JVSUxEX0NPTkZJR19QQVRIIjogImNsb3VkYnVpbGQueWFtbCIsCiAgICAgICAgICAiVFJJR0dFUl9OQU1FIjogInB1c2gtdGFnIiwKICAgICAgICAgICJfSU1BR0VfTkFNRSI6ICJzbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTMiCiAgICAgICAgfQogICAgICB9LAogICAgICAiZW50cnlQb2ludCI6ICJjbG91ZGJ1aWxkLnlhbWwiLAogICAgICAidHlwZSI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSIKICAgIH0KICB9LAogICJzdWJqZWN0IjogWwogICAgewogICAgICAiZGlnZXN0IjogewogICAgICAgICJzaGEyNTYiOiAiODdkYjZkNTIyNjQ0MGU3MmY3MTM0YjcxMTYzZGY0NTI4MjEyN2EzZjdiMDYwMGM5NDY2ODNjYjJmNDNhNzBhOSIKICAgICAgfSwKICAgICAgIm5hbWUiOiAiaHR0cHM6Ly91cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTMiCiAgICB9LAogICAgewogICAgICAiZGlnZXN0IjogewogICAgICAgICJzaGEyNTYiOiAiODdkYjZkNTIyNjQ0MGU3MmY3MTM0YjcxMTYzZGY0NTI4MjEyN2EzZjdiMDYwMGM5NDY2ODNjYjJmNDNhNzBhOSIKICAgICAgfSwKICAgICAgIm5hbWUiOiAiaHR0cHM6Ly91cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9zbHNhLXRvb2xpbmcvZXhhbXBsZS1wYWNrYWdlLXJlcG8vZTJlLWdjYi10YWctbWFpbi1hbm5vdGF0ZWQtc2xzYTM6bGF0ZXN0IgogICAgfQogIF0KfQo=",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+            {
+                "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+                "sig": "MEUCIQCyUACW1iuJZWG-c_-THrjMEpqRh7Er--e3Dl5tI47ckgIgEpHlnlARXZ67EA8xsqAaGIdlybe4afJKoGy3kCnzFRU="
+            },
+            {
+                "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+                "sig": "MEQCICN-XUNR1jLfImkwX0GVZQIJkr7LilQB_J_dc6QwQ57uAiBfgDokQLaYaeyDQn6uNzRvW9bt-AAW1PsuE-OmY3vqgA=="
+            }
+            ]
+        },
+        "kind": "BUILD",
+        "name": "projects/slsa-tooling/occurrences/63a00a0f-46f3-44e0-8997-2e9efa439b95",
+        "noteName": "projects/verified-builder/notes/intoto_40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+        "resourceUri": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "updateTime": "2023-03-15T03:14:37.761441Z"
+        }
+    ]
+    }
+}
diff --git a/verifiers/internal/gcb/testdata/gcloud-container-tag.json b/verifiers/internal/gcb/testdata/gcloud-container-tag.json
new file mode 100644
index 000000000..207a5e223
--- /dev/null
+++ b/verifiers/internal/gcb/testdata/gcloud-container-tag.json
@@ -0,0 +1,123 @@
+{
+    "image_summary": {
+        "digest": "sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "fully_qualified_digest": "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "registry": "us-west2-docker.pkg.dev",
+        "repository": "example-package-repo"
+    },
+    "provenance_summary": {
+    "provenance": [
+        {
+        "build": {
+            "intotoStatement": {
+            "_type": "https://in-toto.io/Statement/v0.1",
+            "predicateType": "https://slsa.dev/provenance/v0.1",
+            "slsaProvenance": {
+                "builder": {
+                "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"
+                },
+                "materials": [
+                {
+                    "digest": {
+                    "sha1": "c750fd73a1669b095df7c74da9f1ff2032f926c9"
+                    },
+                    "uri": "git+https://github.com/slsa-framework/example-package"
+                }
+                ],
+                "metadata": {
+                "buildFinishedOn": "2023-03-15T03:14:35.163724Z",
+                "buildInvocationId": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                "buildStartedOn": "2023-03-15T03:14:09.188170704Z"
+                },
+                "recipe": {
+                "arguments": {
+                    "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build",
+                    "id": "40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "name": "projects/819720953812/locations/us-west2/builds/40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+                    "options": {
+                    "dynamicSubstitutions": true,
+                    "logging": "CLOUD_LOGGING_ONLY",
+                    "pool": {},
+                    "requestedVerifyOption": "VERIFIED",
+                    "sourceProvenanceHash": [
+                        "SHA256"
+                    ],
+                    "substitutionOption": "ALLOW_LOOSE"
+                    },
+                    "sourceProvenance": {},
+                    "steps": [
+                    {
+                        "args": [
+                        "build",
+                        "-t",
+                        "us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3",
+                        "."
+                        ],
+                        "name": "gcr.io/cloud-builders/docker",
+                        "pullTiming": {
+                        "endTime": "2023-03-15T03:14:13.395259677Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        },
+                        "status": "SUCCESS",
+                        "timing": {
+                        "endTime": "2023-03-15T03:14:33.194195471Z",
+                        "startTime": "2023-03-15T03:14:13.392360215Z"
+                        }
+                    }
+                    ],
+                    "substitutions": {
+                    "COMMIT_SHA": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "REF_NAME": "v33.0.4",
+                    "REPO_NAME": "example-package",
+                    "REVISION_ID": "c750fd73a1669b095df7c74da9f1ff2032f926c9",
+                    "SHORT_SHA": "c750fd7",
+                    "TAG_NAME": "v33.0.4",
+                    "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml",
+                    "TRIGGER_NAME": "push-tag",
+                    "_IMAGE_NAME": "slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                    }
+                },
+                "entryPoint": "cloudbuild.yaml",
+                "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1"
+                }
+            },
+            "subject": [
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3"
+                },
+                {
+                "digest": {
+                    "sha256": "87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9"
+                },
+                "name": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3:latest"
+                }
+            ]
+            }
+        },
+        "createTime": "2023-03-15T03:14:37.761441Z",
+        "envelope": {
+            "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMyIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGExIjogImM3NTBmZDczYTE2NjliMDk1ZGY3Yzc0ZGE5ZjFmZjIwMzJmOTI2YzkiCiAgICAgICAgfSwKICAgICAgICAidXJpIjogImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIgogICAgICB9CiAgICBdLAogICAgIm1ldGFkYXRhIjogewogICAgICAiYnVpbGRGaW5pc2hlZE9uIjogIjIwMjMtMDMtMTVUMDM6MTQ6MzUuMTYzNzI0WiIsCiAgICAgICJidWlsZEludm9jYXRpb25JZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAiYnVpbGRTdGFydGVkT24iOiAiMjAyMy0wMy0xNVQwMzoxNDowOS4xODgxNzA3MDRaIgogICAgfSwKICAgICJyZWNpcGUiOiB7CiAgICAgICJhcmd1bWVudHMiOiB7CiAgICAgICAgIkB0eXBlIjogInR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLAogICAgICAgICJpZCI6ICI0MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAgICJuYW1lIjogInByb2plY3RzLzgxOTcyMDk1MzgxMi9sb2NhdGlvbnMvdXMtd2VzdDIvYnVpbGRzLzQwZWRhYWVkLWIyY2UtNDliNy1iYzRkLTRmNjc3NzlmZDBkYyIsCiAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAiZHluYW1pY1N1YnN0aXR1dGlvbnMiOiB0cnVlLAogICAgICAgICAgImxvZ2dpbmciOiAiQ0xPVURfTE9HR0lOR19PTkxZIiwKICAgICAgICAgICJwb29sIjoge30sCiAgICAgICAgICAicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjogIlZFUklGSUVEIiwKICAgICAgICAgICJzb3VyY2VQcm92ZW5hbmNlSGFzaCI6IFsKICAgICAgICAgICAgIlNIQTI1NiIKICAgICAgICAgIF0sCiAgICAgICAgICAic3Vic3RpdHV0aW9uT3B0aW9uIjogIkFMTE9XX0xPT1NFIgogICAgICAgIH0sCiAgICAgICAgInNvdXJjZVByb3ZlbmFuY2UiOiB7fSwKICAgICAgICAic3RlcHMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJhcmdzIjogWwogICAgICAgICAgICAgICJidWlsZCIsCiAgICAgICAgICAgICAgIi10IiwKICAgICAgICAgICAgICAidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvc2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzIiwKICAgICAgICAgICAgICAiLiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsCiAgICAgICAgICAgICJwdWxsVGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzk1MjU5Njc3WiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJzdGF0dXMiOiAiU1VDQ0VTUyIsCiAgICAgICAgICAgICJ0aW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDozMy4xOTQxOTU0NzFaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MTMuMzkyMzYwMjE1WiIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0sCiAgICAgICAgInN1YnN0aXR1dGlvbnMiOiB7CiAgICAgICAgICAiQ09NTUlUX1NIQSI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IiwKICAgICAgICAgICJSRUZfTkFNRSI6ICJ2MzMuMC40IiwKICAgICAgICAgICJUQUdfTkFNRSI6ICJ2MzMuMC40IiwKICAgICAgICAgICJSRVBPX05BTUUiOiAiZXhhbXBsZS1wYWNrYWdlIiwKICAgICAgICAgICJSRVZJU0lPTl9JRCI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IiwKICAgICAgICAgICJTSE9SVF9TSEEiOiAiYzc1MGZkNyIsCiAgICAgICAgICAiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ICJjbG91ZGJ1aWxkLnlhbWwiLAogICAgICAgICAgIlRSSUdHRVJfTkFNRSI6ICJwdXNoLXRhZyIsCiAgICAgICAgICAiX0lNQUdFX05BTUUiOiAic2xzYS10b29saW5nL2V4YW1wbGUtcGFja2FnZS1yZXBvL2UyZS1nY2ItdGFnLW1haW4tYW5ub3RhdGVkLXNsc2EzIgogICAgICAgIH0KICAgICAgfSwKICAgICAgImVudHJ5UG9pbnQiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgInR5cGUiOiAiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEiCiAgICB9CiAgfSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsCiAgInNsc2FQcm92ZW5hbmNlIjogewogICAgImJ1aWxkZXIiOiB7CiAgICAgICJpZCI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMiCiAgICB9LAogICAgIm1hdGVyaWFscyI6IFsKICAgICAgewogICAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgICAic2hhMSI6ICJjNzUwZmQ3M2ExNjY5YjA5NWRmN2M3NGRhOWYxZmYyMDMyZjkyNmM5IgogICAgICAgIH0sCiAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIKICAgICAgfQogICAgXSwKICAgICJtZXRhZGF0YSI6IHsKICAgICAgImJ1aWxkRmluaXNoZWRPbiI6ICIyMDIzLTAzLTE1VDAzOjE0OjM1LjE2MzcyNFoiLAogICAgICAiYnVpbGRJbnZvY2F0aW9uSWQiOiAiNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwKICAgICAgImJ1aWxkU3RhcnRlZE9uIjogIjIwMjMtMDMtMTVUMDM6MTQ6MDkuMTg4MTcwNzA0WiIKICAgIH0sCiAgICAicmVjaXBlIjogewogICAgICAiYXJndW1lbnRzIjogewogICAgICAgICJAdHlwZSI6ICJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwKICAgICAgICAiaWQiOiAiNDBlZGFhZWQtYjJjZS00OWI3LWJjNGQtNGY2Nzc3OWZkMGRjIiwKICAgICAgICAibmFtZSI6ICJwcm9qZWN0cy84MTk3MjA5NTM4MTIvbG9jYXRpb25zL3VzLXdlc3QyL2J1aWxkcy80MGVkYWFlZC1iMmNlLTQ5YjctYmM0ZC00ZjY3Nzc5ZmQwZGMiLAogICAgICAgICJvcHRpb25zIjogewogICAgICAgICAgImR5bmFtaWNTdWJzdGl0dXRpb25zIjogdHJ1ZSwKICAgICAgICAgICJsb2dnaW5nIjogIkNMT1VEX0xPR0dJTkdfT05MWSIsCiAgICAgICAgICAicG9vbCI6IHt9LAogICAgICAgICAgInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6ICJWRVJJRklFRCIsCiAgICAgICAgICAic291cmNlUHJvdmVuYW5jZUhhc2giOiBbCiAgICAgICAgICAgICJTSEEyNTYiCiAgICAgICAgICBdLAogICAgICAgICAgInN1YnN0aXR1dGlvbk9wdGlvbiI6ICJBTExPV19MT09TRSIKICAgICAgICB9LAogICAgICAgICJzb3VyY2VQcm92ZW5hbmNlIjoge30sCiAgICAgICAgInN0ZXBzIjogWwogICAgICAgICAgewogICAgICAgICAgICAiYXJncyI6IFsKICAgICAgICAgICAgICAiYnVpbGQiLAogICAgICAgICAgICAgICItdCIsCiAgICAgICAgICAgICAgInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIsCiAgICAgICAgICAgICAgIi4iCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJuYW1lIjogImdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLAogICAgICAgICAgICAicHVsbFRpbWluZyI6IHsKICAgICAgICAgICAgICAiZW5kVGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5NTI1OTY3N1oiLAogICAgICAgICAgICAgICJzdGFydFRpbWUiOiAiMjAyMy0wMy0xNVQwMzoxNDoxMy4zOTIzNjAyMTVaIgogICAgICAgICAgICB9LAogICAgICAgICAgICAic3RhdHVzIjogIlNVQ0NFU1MiLAogICAgICAgICAgICAidGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjMtMDMtMTVUMDM6MTQ6MzMuMTk0MTk1NDcxWiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIzLTAzLTE1VDAzOjE0OjEzLjM5MjM2MDIxNVoiCiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICBdLAogICAgICAgICJzdWJzdGl0dXRpb25zIjogewogICAgICAgICAgIkNPTU1JVF9TSEEiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsCiAgICAgICAgICAiUkVGX05BTUUiOiAidjMzLjAuNCIsCiAgICAgICAgICAiUkVQT19OQU1FIjogImV4YW1wbGUtcGFja2FnZSIsCiAgICAgICAgICAiUkVWSVNJT05fSUQiOiAiYzc1MGZkNzNhMTY2OWIwOTVkZjdjNzRkYTlmMWZmMjAzMmY5MjZjOSIsCiAgICAgICAgICAiU0hPUlRfU0hBIjogImM3NTBmZDciLAogICAgICAgICAgIlRBR19OQU1FIjogInYzMy4wLjQiLAogICAgICAgICAgIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgICAgICJUUklHR0VSX05BTUUiOiAicHVzaC10YWciLAogICAgICAgICAgIl9JTUFHRV9OQU1FIjogInNsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJlbnRyeVBvaW50IjogImNsb3VkYnVpbGQueWFtbCIsCiAgICAgICJ0eXBlIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9DbG91ZEJ1aWxkWWFtbEB2MC4xIgogICAgfQogIH0sCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICI4N2RiNmQ1MjI2NDQwZTcyZjcxMzRiNzExNjNkZjQ1MjgyMTI3YTNmN2IwNjAwYzk0NjY4M2NiMmY0M2E3MGE5IgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMyIKICAgIH0sCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICI4N2RiNmQ1MjI2NDQwZTcyZjcxMzRiNzExNjNkZjQ1MjgyMTI3YTNmN2IwNjAwYzk0NjY4M2NiMmY0M2E3MGE5IgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L3Nsc2EtdG9vbGluZy9leGFtcGxlLXBhY2thZ2UtcmVwby9lMmUtZ2NiLXRhZy1tYWluLWFubm90YXRlZC1zbHNhMzpsYXRlc3QiCiAgICB9CiAgXQp9Cg==",
+            "payloadType": "application/vnd.in-toto+json",
+            "signatures": [
+            {
+                "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1",
+                "sig": "MEUCIQCyUACW1iuJZWG-c_-THrjMEpqRh7Er--e3Dl5tI47ckgIgEpHlnlARXZ67EA8xsqAaGIdlybe4afJKoGy3kCnzFRU="
+            },
+            {
+                "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1",
+                "sig": "MEQCICN-XUNR1jLfImkwX0GVZQIJkr7LilQB_J_dc6QwQ57uAiBfgDokQLaYaeyDQn6uNzRvW9bt-AAW1PsuE-OmY3vqgA=="
+            }
+            ]
+        },
+        "kind": "BUILD",
+        "name": "projects/slsa-tooling/occurrences/63a00a0f-46f3-44e0-8997-2e9efa439b95",
+        "noteName": "projects/verified-builder/notes/intoto_40edaaed-b2ce-49b7-bc4d-4f67779fd0dc",
+        "resourceUri": "https://us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-tag-main-annotated-slsa3@sha256:87db6d5226440e72f7134b71163df45282127a3f7b0600c946683cb2f43a70a9",
+        "updateTime": "2023-03-15T03:14:37.761441Z"
+        }
+    ]
+    }
+}
diff --git a/verifiers/internal/gcb/verifier.go b/verifiers/internal/gcb/verifier.go
index de5d7754a..04f31e6bb 100644
--- a/verifiers/internal/gcb/verifier.go
+++ b/verifiers/internal/gcb/verifier.go
@@ -39,6 +39,15 @@ func (v *GCBVerifier) VerifyArtifact(ctx context.Context,
 	return nil, nil, serrors.ErrorNotSupported
 }
 
+// VerifyNpmPackage verifies an npm package tarball.
+func (v *GCBVerifier) VerifyNpmPackage(ctx context.Context,
+	attestations []byte, tarballHash string,
+	provenanceOpts *options.ProvenanceOpts,
+	builderOpts *options.BuilderOpts,
+) ([]byte, *utils.TrustedBuilderID, error) {
+	return nil, nil, serrors.ErrorNotSupported
+}
+
 // VerifyImage verifies provenance for an OCI image.
 func (v *GCBVerifier) VerifyImage(ctx context.Context,
 	provenance []byte, artifactImage string,
diff --git a/verifiers/internal/gha/builder.go b/verifiers/internal/gha/builder.go
index 423fc0e8e..422cd744b 100644
--- a/verifiers/internal/gha/builder.go
+++ b/verifiers/internal/gha/builder.go
@@ -32,13 +32,39 @@ var defaultContainerTrustedReusableWorkflows = map[string]bool{
 	trustedBuilderRepository + "/.github/workflows/generator_container_slsa3.yml": true,
 }
 
-// VerifyWorkflowIdentity verifies the signing certificate information
+var defaultBYOBReusableWorkflows = map[string]bool{
+	trustedBuilderRepository + "/.github/workflows/delegator_generic_slsa3.yml": true,
+}
+
+// VerifyCertficateSourceRepository verifies the source repository.
+func VerifyCertficateSourceRepository(id *WorkflowIdentity,
+	sourceRepo string,
+) error {
+	// The caller repository in the x509 extension is not fully qualified. It only contains
+	// {org}/{repository}.
+	expectedSource := strings.TrimPrefix(sourceRepo, "git+https://")
+	expectedSource = strings.TrimPrefix(expectedSource, "github.com/")
+	if id.CallerRepository != expectedSource {
+		return fmt.Errorf("%w: expected source '%s', got '%s'", serrors.ErrorMismatchSource,
+			expectedSource, id.CallerRepository)
+	}
+	return nil
+}
+
+// VerifyBuilderIdentity verifies the signing certificate information.
 // Builder IDs are verified against an expected builder ID provided in the
-// builerOpts, or against the set of defaultBuilders provided.
-func VerifyWorkflowIdentity(id *WorkflowIdentity,
-	builderOpts *options.BuilderOpts, source string,
+// builerOpts, or against the set of defaultBuilders provided. The identiy
+// in the certificate corresponds to a GitHub workflow's path.
+func VerifyBuilderIdentity(id *WorkflowIdentity,
+	builderOpts *options.BuilderOpts,
 	defaultBuilders map[string]bool,
 ) (*utils.TrustedBuilderID, error) {
+	// Issuer verification.
+	// NOTE: this is necessary before we do any further verification.
+	if id.Issuer != certOidcIssuer {
+		return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidOIDCIssuer, id.Issuer)
+	}
+
 	// cert URI path is /org/repo/path/to/workflow@ref
 	workflowPath := strings.SplitN(id.JobWobWorkflowRef, "@", 2)
 	if len(workflowPath) < 2 {
@@ -59,22 +85,6 @@ func VerifyWorkflowIdentity(id *WorkflowIdentity,
 		return nil, err
 	}
 
-	// Issuer verification.
-	if !strings.EqualFold(id.Issuer, certOidcIssuer) {
-		return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidOIDCIssuer, id.Issuer)
-	}
-
-	// The caller repository in the x509 extension is not fully qualified. It only contains
-	// {org}/{repository}.
-	expectedSource := strings.TrimPrefix(source, "git+https://")
-	expectedSource = strings.TrimPrefix(expectedSource, "github.com/")
-	if !strings.EqualFold(id.CallerRepository, expectedSource) {
-		return nil, fmt.Errorf("%w: expected source '%s', got '%s'", serrors.ErrorMismatchSource,
-			expectedSource, id.CallerRepository)
-	}
-
-	// Return the builder and its tag.
-	// Note: the tag has the format `refs/tags/v1.2.3`.
 	return builderID, nil
 }
 
@@ -121,7 +131,27 @@ func verifyTrustedBuilderID(certPath, certTag string, expectedBuilderID *string,
 func verifyTrustedBuilderRef(id *WorkflowIdentity, ref string) error {
 	if (id.CallerRepository == trustedBuilderRepository ||
 		id.CallerRepository == e2eTestRepository) &&
-		strings.EqualFold("refs/heads/main", ref) {
+		options.TestingEnabled() {
+		// Allow verification on the main branch to support e2e tests.
+		if ref == "refs/heads/main" {
+			return nil
+		}
+
+		// Extract the tag.
+		pin, err := utils.TagFromGitHubRef(ref)
+		if err != nil {
+			return err
+		}
+
+		// Tags on trusted repositories should be a valid semver with version
+		// core including all three parts and no build identifier.
+		versionCore := strings.Split(pin, "-")[0]
+		if !semver.IsValid(pin) ||
+			len(strings.Split(versionCore, ".")) != 3 ||
+			semver.Build(pin) != "" {
+			return fmt.Errorf("%w: %s: version tag not valid", serrors.ErrorInvalidRef, pin)
+		}
+
 		return nil
 	}
 
diff --git a/verifiers/internal/gha/builder_test.go b/verifiers/internal/gha/builder_test.go
index 8dac4bd6d..aa99ee488 100644
--- a/verifiers/internal/gha/builder_test.go
+++ b/verifiers/internal/gha/builder_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/slsa-framework/slsa-verifier/v2/options"
 )
 
-func Test_VerifyWorkflowIdentity(t *testing.T) {
+func Test_VerifyBuilderIdentity(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name      string
@@ -18,7 +18,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 		buildOpts *options.BuilderOpts
 		builderID string
 		defaults  map[string]bool
-		source    string
 		err       error
 	}{
 		{
@@ -30,7 +29,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorMalformedURI,
 		},
@@ -43,7 +41,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorUntrustedReusableWorkflow,
 		},
@@ -54,9 +51,8 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
 				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/heads/main",
 				Trigger:           "workflow_dispatch",
-				Issuer:            "https://bad.issuer.com",
+				Issuer:            "https://token.actions.githubusercontent.com",
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorInvalidRef,
 		},
@@ -69,7 +65,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://bad.issuer.com",
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorInvalidOIDCIssuer,
 		},
@@ -82,7 +77,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},
-			source:    trustedBuilderRepository,
 			defaults:  defaultArtifactTrustedReusableWorkflows,
 			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
 		},
@@ -95,7 +89,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:    e2eTestRepository,
 			defaults:  defaultArtifactTrustedReusableWorkflows,
 			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
 		},
@@ -108,7 +101,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: e2eTestRepository,
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml"),
 			},
@@ -124,65 +116,12 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: e2eTestRepository,
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("some-other-builderID"),
 			},
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorUntrustedReusableWorkflow,
 		},
-		{
-			name: "unexpected source for e2e test",
-			workflow: &WorkflowIdentity{
-				CallerRepository:  e2eTestRepository,
-				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
-				Trigger:           "workflow_dispatch",
-				Issuer:            certOidcIssuer,
-			},
-			source:    "malicious/source",
-			err:       serrors.ErrorMismatchSource,
-			defaults:  defaultArtifactTrustedReusableWorkflows,
-			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
-		},
-		{
-			name: "valid main ref for builder",
-			workflow: &WorkflowIdentity{
-				CallerRepository:  trustedBuilderRepository,
-				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
-				Trigger:           "workflow_dispatch",
-				Issuer:            certOidcIssuer,
-			},
-			source:   "malicious/source",
-			defaults: defaultArtifactTrustedReusableWorkflows,
-			err:      serrors.ErrorMismatchSource,
-		},
-		{
-			name: "unexpected source",
-			workflow: &WorkflowIdentity{
-				CallerRepository:  "malicious/slsa-on-github-test",
-				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
-				Trigger:           "workflow_dispatch",
-				Issuer:            certOidcIssuer,
-			},
-			source:   "asraa/slsa-on-github-test",
-			defaults: defaultArtifactTrustedReusableWorkflows,
-			err:      serrors.ErrorMismatchSource,
-		},
-		{
-			name: "valid workflow identity",
-			workflow: &WorkflowIdentity{
-				CallerRepository:  "asraa/slsa-on-github-test",
-				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
-				Trigger:           "workflow_dispatch",
-				Issuer:            certOidcIssuer,
-			},
-			source:    "asraa/slsa-on-github-test",
-			defaults:  defaultArtifactTrustedReusableWorkflows,
-			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
-		},
 		{
 			name: "valid workflow identity - match builderID",
 			workflow: &WorkflowIdentity{
@@ -192,7 +131,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: "asraa/slsa-on-github-test",
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml"),
 			},
@@ -208,7 +146,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: "asraa/slsa-on-github-test",
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("some-other-builderID"),
 			},
@@ -224,7 +161,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:    "asraa/slsa-on-github-test",
 			err:       serrors.ErrorInvalidRef,
 			defaults:  defaultArtifactTrustedReusableWorkflows,
 			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
@@ -238,7 +174,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorInvalidRef,
 		},
@@ -251,7 +186,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:   "asraa/slsa-on-github-test",
 			defaults: defaultArtifactTrustedReusableWorkflows,
 			err:      serrors.ErrorInvalidRef,
 		},
@@ -264,7 +198,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:    "github.com/asraa/slsa-on-github-test",
 			defaults:  defaultArtifactTrustedReusableWorkflows,
 			builderID: "https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml",
 		},
@@ -277,7 +210,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: "github.com/asraa/slsa-on-github-test",
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml"),
 			},
@@ -292,7 +224,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: "github.com/asraa/slsa-on-github-test",
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("https://github.com/" + trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml"),
 			},
@@ -308,7 +239,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source: "github.com/asraa/slsa-on-github-test",
 			buildOpts: &options.BuilderOpts{
 				ExpectedID: asStringPointer("some-other-builderID"),
 			},
@@ -324,7 +254,6 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 				Trigger:           "workflow_dispatch",
 				Issuer:            certOidcIssuer,
 			},
-			source:   "github.com/asraa/slsa-on-github-test",
 			defaults: defaultContainerTrustedReusableWorkflows,
 			err:      serrors.ErrorUntrustedReusableWorkflow,
 		},
@@ -337,8 +266,7 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 			if opts == nil {
 				opts = &options.BuilderOpts{}
 			}
-			id, err := VerifyWorkflowIdentity(tt.workflow, opts, tt.source,
-				tt.defaults)
+			id, err := VerifyBuilderIdentity(tt.workflow, opts, tt.defaults)
 			if !errCmp(err, tt.err) {
 				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
 			}
@@ -353,6 +281,73 @@ func Test_VerifyWorkflowIdentity(t *testing.T) {
 	}
 }
 
+func Test_VerifyCertficateSourceRepository(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name     string
+		workflow *WorkflowIdentity
+		source   string
+		err      error
+	}{
+		{
+			name: "repo match",
+			workflow: &WorkflowIdentity{
+				CallerRepository:  "asraa/slsa-on-github-test",
+				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
+				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
+				Trigger:           "workflow_dispatch",
+				Issuer:            certOidcIssuer,
+			},
+			source: "github.com/asraa/slsa-on-github-test",
+		},
+		{
+			name: "unexpected source for e2e test",
+			workflow: &WorkflowIdentity{
+				CallerRepository:  e2eTestRepository,
+				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
+				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
+				Trigger:           "workflow_dispatch",
+				Issuer:            certOidcIssuer,
+			},
+			source: "malicious/source",
+			err:    serrors.ErrorMismatchSource,
+		},
+		{
+			name: "valid main ref for builder",
+			workflow: &WorkflowIdentity{
+				CallerRepository:  trustedBuilderRepository,
+				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
+				Trigger:           "workflow_dispatch",
+				Issuer:            certOidcIssuer,
+			},
+			source: "malicious/source",
+			err:    serrors.ErrorMismatchSource,
+		},
+		{
+			name: "unexpected source",
+			workflow: &WorkflowIdentity{
+				CallerRepository:  "malicious/slsa-on-github-test",
+				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
+				JobWobWorkflowRef: trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.2.3",
+				Trigger:           "workflow_dispatch",
+				Issuer:            certOidcIssuer,
+			},
+			source: "asraa/slsa-on-github-test",
+			err:    serrors.ErrorMismatchSource,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			err := VerifyCertficateSourceRepository(tt.workflow, tt.source)
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
+			}
+		})
+	}
+}
+
 func asStringPointer(s string) *string {
 	return &s
 }
@@ -493,18 +488,25 @@ func Test_verifyTrustedBuilderID(t *testing.T) {
 }
 
 func Test_verifyTrustedBuilderRef(t *testing.T) {
-	t.Parallel()
 	tests := []struct {
-		name       string
-		callerRepo string
-		builderRef string
-		expected   error
+		name           string
+		callerRepo     string
+		builderRef     string
+		expected       error
+		testingEnabled bool
 	}{
 		// Trusted repo.
 		{
-			name:       "main allowed for builder",
+			name:       "main not allowed for builder",
 			callerRepo: trustedBuilderRepository,
 			builderRef: "refs/heads/main",
+			expected:   serrors.ErrorInvalidRef,
+		},
+		{
+			name:           "main allowed for builder w/ testing enabled",
+			callerRepo:     trustedBuilderRepository,
+			builderRef:     "refs/heads/main",
+			testingEnabled: true,
 		},
 		{
 			name:       "full semver for builder",
@@ -543,10 +545,18 @@ func Test_verifyTrustedBuilderRef(t *testing.T) {
 		},
 		// E2e tests repo.
 		{
-			name:       "main allowed for test repo",
+			name:       "main not allowed for test repo",
 			callerRepo: e2eTestRepository,
 			builderRef: "refs/heads/main",
+			expected:   serrors.ErrorInvalidRef,
 		},
+		{
+			name:           "main allowed for test repo w/ testing enabled",
+			callerRepo:     e2eTestRepository,
+			builderRef:     "refs/heads/main",
+			testingEnabled: true,
+		},
+
 		{
 			name:       "full semver for test repo",
 			callerRepo: e2eTestRepository,
@@ -590,6 +600,14 @@ func Test_verifyTrustedBuilderRef(t *testing.T) {
 			expected:   serrors.ErrorInvalidRef,
 		},
 		{
+			name:           "main not allowed for other repos w/ testing enabled",
+			callerRepo:     "some/repo",
+			builderRef:     "refs/heads/main",
+			testingEnabled: true,
+			expected:       serrors.ErrorInvalidRef,
+		},
+		{
+
 			name:       "full semver for other repos",
 			callerRepo: "some/repo",
 			builderRef: "refs/tags/v1.2.3",
@@ -612,28 +630,54 @@ func Test_verifyTrustedBuilderRef(t *testing.T) {
 			builderRef: "refs/tags/v1.2.3-alpha",
 			expected:   serrors.ErrorInvalidRef,
 		},
+		{
+			name:           "full semver with prerelease for other repos w/ testing enabled",
+			callerRepo:     "some/repo",
+			builderRef:     "refs/tags/v1.2.3-alpha",
+			testingEnabled: true,
+			expected:       serrors.ErrorInvalidRef,
+		},
 		{
 			name:       "full semver with build for other repos",
 			callerRepo: "some/repo",
 			builderRef: "refs/tags/v1.2.3+123",
 			expected:   serrors.ErrorInvalidRef,
 		},
+		{
+			name:           "full semver with build for other repos w/ testing enabled",
+			callerRepo:     "some/repo",
+			builderRef:     "refs/tags/v1.2.3+123",
+			testingEnabled: true,
+			expected:       serrors.ErrorInvalidRef,
+		},
 		{
 			name:       "full semver with build/prerelease for other repos",
 			callerRepo: "some/repo",
 			builderRef: "refs/tags/v1.2.3-alpha+123",
 			expected:   serrors.ErrorInvalidRef,
 		},
+		{
+			name:           "full semver with build/prerelease for other repos w/ testing enabled",
+			callerRepo:     "some/repo",
+			builderRef:     "refs/tags/v1.2.3-alpha+123",
+			testingEnabled: true,
+			expected:       serrors.ErrorInvalidRef,
+		},
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
-			t.Parallel()
-
 			wf := WorkflowIdentity{
 				CallerRepository: tt.callerRepo,
 			}
 
+			if tt.testingEnabled {
+				t.Setenv("SLSA_VERIFIER_TESTING", "1")
+			} else {
+				// Ensure that the variable is not set.
+				t.Setenv("SLSA_VERIFIER_TESTING", "")
+			}
+
 			err := verifyTrustedBuilderRef(&wf, tt.builderRef)
 			if !errCmp(err, tt.expected) {
 				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
diff --git a/verifiers/internal/gha/bundle.go b/verifiers/internal/gha/bundle.go
index 7b52f895c..4950e488a 100644
--- a/verifiers/internal/gha/bundle.go
+++ b/verifiers/internal/gha/bundle.go
@@ -37,7 +37,8 @@ func IsSigstoreBundle(bytes []byte) bool {
 // bundle verification material, validating the SignedEntryTimestamp.
 func verifyRekorEntryFromBundle(ctx context.Context, tlogEntry *v1.TransparencyLogEntry,
 	trustedRoot *TrustedRoot) (
-	*models.LogEntryAnon, error) {
+	*models.LogEntryAnon, error,
+) {
 	canonicalBody := tlogEntry.GetCanonicalizedBody()
 	logID := hex.EncodeToString(tlogEntry.GetLogId().GetKeyId())
 	rekorEntry := &models.LogEntryAnon{
@@ -78,6 +79,19 @@ func getEnvelopeFromBundle(bundle *bundle_v1.Bundle) (*dsselib.Envelope, error)
 	return env, nil
 }
 
+func getEnvelopeFromBundleBytes(content []byte) (*dsselib.Envelope, error) {
+	var bundle bundle_v1.Bundle
+	if err := protojson.Unmarshal(content, &bundle); err != nil {
+		return nil, fmt.Errorf("unmarshaling bundle: %w", err)
+	}
+	env, err := getEnvelopeFromBundle(&bundle)
+	if err != nil {
+		return nil, err
+	}
+
+	return env, nil
+}
+
 // getLeafCertFromBundle extracts the signing cert from the Sigstore bundle.
 func getLeafCertFromBundle(bundle *bundle_v1.Bundle) (*x509.Certificate, error) {
 	certChain := bundle.GetVerificationMaterial().GetX509CertificateChain().GetCertificates()
@@ -122,6 +136,7 @@ func matchRekorEntryWithEnvelope(tlogEntry *v1.TransparencyLogEntry, env *dsseli
 			len(intotoObj.Content.Envelope.Signatures))
 	}
 
+	// TODO(#487): verify the certs match.
 	for _, sig := range env.Signatures {
 		// The signature in the canonical body is double base64-encoded.
 		encodedEnvSig := base64.StdEncoding.EncodeToString(
@@ -136,6 +151,7 @@ func matchRekorEntryWithEnvelope(tlogEntry *v1.TransparencyLogEntry, env *dsseli
 			return ErrorMismatchSignature
 		}
 	}
+
 	return nil
 }
 
@@ -144,13 +160,24 @@ func matchRekorEntryWithEnvelope(tlogEntry *v1.TransparencyLogEntry, env *dsseli
 // and the signing certificate given the provenance.
 func VerifyProvenanceBundle(ctx context.Context, bundleBytes []byte,
 	trustedRoot *TrustedRoot) (
-	*SignedAttestation, error) {
-	// Extract the SigningCert, Envelope, and RekorEntry from the bundle.
-	var bundle bundle_v1.Bundle
-	if err := protojson.Unmarshal(bundleBytes, &bundle); err != nil {
-		return nil, fmt.Errorf("unmarshaling bundle: %w", err)
+	*SignedAttestation, error,
+) {
+	proposedSignedAtt, err := verifyBundleAndEntryFromBytes(ctx, bundleBytes, trustedRoot, true)
+	if err != nil {
+		return nil, err
 	}
+	if err := verifySignedAttestation(proposedSignedAtt, trustedRoot); err != nil {
+		return nil, err
+	}
+
+	return proposedSignedAtt, nil
+}
 
+// verifyBundleAndEntry validates the rekor entry inn the bundle
+// and that the entry (cert, signatures) matches the data in the bundle.
+func verifyBundleAndEntry(ctx context.Context, bundle *bundle_v1.Bundle,
+	trustedRoot *TrustedRoot, requireCert bool,
+) (*SignedAttestation, error) {
 	// We only expect one TLOG entry. If this changes in the future, we must iterate
 	// for a matching one.
 	if bundle.GetVerificationMaterial() == nil ||
@@ -166,7 +193,7 @@ func VerifyProvenanceBundle(ctx context.Context, bundleBytes []byte,
 	}
 
 	// Extract DSSE envelope.
-	env, err := getEnvelopeFromBundle(&bundle)
+	env, err := getEnvelopeFromBundle(bundle)
 	if err != nil {
 		return nil, err
 	}
@@ -177,20 +204,32 @@ func VerifyProvenanceBundle(ctx context.Context, bundleBytes []byte,
 	}
 
 	// Get certificate from bundle.
-	cert, err := getLeafCertFromBundle(&bundle)
-	if err != nil {
-		return nil, err
+	var cert *x509.Certificate
+	if requireCert {
+		cert, err = getLeafCertFromBundle(bundle)
+		if err != nil {
+			return nil, err
+		}
 	}
 
-	proposedSignedAtt := &SignedAttestation{
+	return &SignedAttestation{
 		SigningCert: cert,
 		Envelope:    env,
 		RekorEntry:  rekorEntry,
-	}
+	}, nil
+}
 
-	if err := verifySignedAttestation(proposedSignedAtt, trustedRoot); err != nil {
-		return nil, err
+// verifyBundleAndEntryFromBytes validates the rekor entry inn the bundle
+// and that the entry (cert, signatures) matches the data in the bundle.
+func verifyBundleAndEntryFromBytes(ctx context.Context, bundleBytes []byte,
+	trustedRoot *TrustedRoot, requireCert bool,
+) (*SignedAttestation, error) {
+	// Extract the SigningCert, Envelope, and RekorEntry from the bundle.
+	var bundle bundle_v1.Bundle
+	if err := protojson.Unmarshal(bundleBytes, &bundle); err != nil {
+		return nil, fmt.Errorf("unmarshaling bundle: %w", err)
 	}
 
-	return proposedSignedAtt, nil
+	return verifyBundleAndEntry(ctx, &bundle,
+		trustedRoot, requireCert)
 }
diff --git a/verifiers/internal/gha/npm.go b/verifiers/internal/gha/npm.go
new file mode 100644
index 000000000..873671f62
--- /dev/null
+++ b/verifiers/internal/gha/npm.go
@@ -0,0 +1,465 @@
+package gha
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
+	"github.com/secure-systems-lab/go-securesystemslib/dsse"
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
+)
+
+const (
+	publishAttestationV01 = "https://github.com/npm/attestation/tree/main/specs/publish/"
+)
+
+var errrorInvalidAttestations = errors.New("invalid npm attestations")
+
+/*
+NOTE: key available at https://registry.npmjs.org/-/npm/v1/keys
+
+			https://docs.npmjs.com/about-registry-signatures
+		{
+		"keys": [
+		{
+			"expires": null,
+			"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA",
+			"keytype": "ecdsa-sha2-nistp256",
+			"scheme": "ecdsa-sha2-nistp256",
+			"key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg=="
+		}
+		]
+	}
+*/
+var npmRegistryPublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg=="
+
+type attestation struct {
+	PredicateType string      `json:"predicateType"`
+	BundleBytes   BundleBytes `json:"bundle"`
+}
+
+type BundleBytes []byte
+
+func (b *BundleBytes) UnmarshalJSON(data []byte) error {
+	*b = data
+	return nil
+}
+
+type Npm struct {
+	ctx                   context.Context
+	root                  *TrustedRoot
+	verifiedProvenanceAtt *SignedAttestation
+	verifiedPublishAtt    *SignedAttestation
+	provenanceAttestation *attestation
+	publishAttestation    *attestation
+}
+
+// TODO(#494): update the builder name.
+var builderGitHubRunnerID = "https://github.com/actions/runner@v0.1"
+
+func (n *Npm) ProvenanceEnvelope() *dsse.Envelope {
+	return n.verifiedProvenanceAtt.Envelope
+}
+
+func (n *Npm) ProvenanceLeafCertificate() *x509.Certificate {
+	return n.verifiedProvenanceAtt.SigningCert
+}
+
+func NpmNew(ctx context.Context, root *TrustedRoot, attestationBytes []byte) (*Npm, error) {
+	var attestations []attestation
+	if err := json.Unmarshal(attestationBytes, &attestations); err != nil {
+		return nil, fmt.Errorf("%w: json.Unmarshal: %v", errrorInvalidAttestations, err)
+	}
+
+	prov, pub, err := extractAttestations(attestations)
+	if err != nil {
+		return nil, err
+	}
+	return &Npm{
+		ctx:                   ctx,
+		root:                  root,
+		provenanceAttestation: prov,
+		publishAttestation:    pub,
+	}, nil
+}
+
+func extractAttestations(attestations []attestation) (*attestation, *attestation, error) {
+	if len(attestations) < 2 {
+		return nil, nil, fmt.Errorf("%w: invalid number of attestations: %v", errrorInvalidAttestations, len(attestations))
+	}
+
+	var provenanceAttestation *attestation
+	var publishAttestation *attestation
+	for i := range attestations {
+		att := attestations[i]
+		// Provenance type verification.
+		if att.PredicateType == slsaprovenance.ProvenanceV02Type {
+			provenanceAttestation = &att
+		}
+		// Publish type verification.
+		if strings.HasPrefix(att.PredicateType, publishAttestationV01) {
+			publishAttestation = &att
+		}
+	}
+
+	if provenanceAttestation == nil || publishAttestation == nil {
+		return nil, nil, fmt.Errorf("%w: invalid attestation types", errrorInvalidAttestations)
+	}
+	return provenanceAttestation, publishAttestation, nil
+}
+
+func (n *Npm) verifyProvenanceAttestationSignature() error {
+	// Re-use the standard bundle verification.
+	signedProvenance, err := VerifyProvenanceBundle(n.ctx, n.provenanceAttestation.BundleBytes, n.root)
+	if err != nil {
+		return err
+	}
+	n.verifiedProvenanceAtt = signedProvenance
+	return nil
+}
+
+func (n *Npm) verifyPublishAttesttationSignature() error {
+	// First verify the bundle and its rekor entry.
+	signedPublish, err := verifyBundleAndEntryFromBytes(n.ctx, n.publishAttestation.BundleBytes, n.root, false)
+	if err != nil {
+		return err
+	}
+
+	// Second, we verify the signature, which uses a static key.
+	// Extract payload.
+	env := signedPublish.Envelope
+	payload, err := utils.PayloadFromEnvelope(env)
+	if err != nil {
+		return err
+	}
+
+	// Extract the signature.
+	if len(env.Signatures) == 0 {
+		return fmt.Errorf("%w: no signatures found in envelope", serrors.ErrorNoValidSignature)
+	}
+
+	// The registry signs with a single, static, non-rotated key.
+	sig := env.Signatures[0].Sig
+	// TODO(#496): verify the keyid, both in DSSE and hint.
+
+	// Verify the signature.
+	payloadHash := sha256.Sum256(payload)
+	rawKey, err := base64.StdEncoding.DecodeString(npmRegistryPublicKey)
+	if err != nil {
+		return fmt.Errorf("DecodeString: %w", err)
+	}
+
+	key, err := x509.ParsePKIXPublicKey(rawKey)
+	if err != nil {
+		return fmt.Errorf("x509.ParsePKIXPublicKey: %w", err)
+	}
+
+	pubKey, ok := key.(*ecdsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("%w: public key not of type ECDSA", err)
+	}
+
+	rsig, err := utils.DecodeSignature(sig)
+	if err != nil {
+		return fmt.Errorf("decodeSigature: %w: %s", serrors.ErrorInvalidEncoding, err)
+	}
+
+	if ecdsa.VerifyASN1(pubKey, payloadHash[:], rsig) {
+		return fmt.Errorf("%w: %s", serrors.ErrorInvalidSignature, sig)
+	}
+
+	// Verification done.
+	n.verifiedPublishAtt = signedPublish
+	return nil
+}
+
+func (n *Npm) verifyIntotoHeaders() error {
+	if err := verifyIntotoTypes(n.verifiedProvenanceAtt,
+		slsaprovenance.ProvenanceV02Type, intoto.PayloadType, false); err != nil {
+		return err
+	}
+	if err := verifyIntotoTypes(n.verifiedPublishAtt,
+		publishAttestationV01, intoto.PayloadType, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func verifyIntotoTypes(att *SignedAttestation, predicateType, payloadType string, prefix bool) error {
+	env := att.Envelope
+	pyld, err := base64.StdEncoding.DecodeString(env.Payload)
+	if err != nil {
+		return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
+	}
+
+	var statement intoto.Statement
+	if err := json.Unmarshal(pyld, &statement); err != nil {
+		return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
+	}
+
+	// Envelope verification.
+	if env.PayloadType != payloadType {
+		return fmt.Errorf("%w: expected payload type '%v', got '%s'",
+			serrors.ErrorInvalidDssePayload, payloadType, env.PayloadType)
+	}
+
+	// Statement verification.
+	if statement.Type != intoto.StatementInTotoV01 {
+		return fmt.Errorf("%w: expected statement type '%v', got '%s'",
+			serrors.ErrorInvalidDssePayload, intoto.StatementInTotoV01, statement.Type)
+	}
+
+	if !prefix && statement.PredicateType != predicateType {
+		return fmt.Errorf("%w: expected predicate type '%v', got '%s'",
+			serrors.ErrorInvalidDssePayload, predicateType, statement.PredicateType)
+	}
+	if prefix && !strings.HasPrefix(statement.PredicateType, predicateType) {
+		return fmt.Errorf("%w: expected predicate type '%v', got '%s'",
+			serrors.ErrorInvalidDssePayload, predicateType, statement.PredicateType)
+	}
+
+	return nil
+}
+
+func (n *Npm) verifiedProvenanceBytes() ([]byte, error) {
+	// TODO(#493): prune the provenance and return only
+	// verified fields.
+	// NOTE: we currently don't verify the materials' commit sha.
+	return []byte{}, nil
+}
+
+func (n *Npm) verifyPackageName(name *string) error {
+	if name == nil {
+		return nil
+	}
+
+	// Verify subject name in provenance.
+	if err := verifyProvenanceSubjectName(n.verifiedProvenanceAtt, *name); err != nil {
+		return err
+	}
+
+	// Verify subject name in publish attestation.
+	if err := verifyPublishSubjectName(n.verifiedPublishAtt, *name); err != nil {
+		return err
+	}
+
+	// Verify predicate name in publish attestation.
+	if err := verifyPublishPredicateName(n.verifiedPublishAtt, *name); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (n *Npm) verifyPackageVersion(version *string) error {
+	if version == nil {
+		return nil
+	}
+
+	// Verify subject version in provenance.
+	if err := verifyProvenanceSubjectVersion(n.verifiedProvenanceAtt, *version); err != nil {
+		return err
+	}
+
+	// Verify subject version in publish attestation.
+	if err := verifyPublishSubjectVersion(n.verifiedPublishAtt, *version); err != nil {
+		return err
+	}
+
+	// Verify predicate version in publish attestation.
+	if err := verifyPublishPredicateVersion(n.verifiedPublishAtt, *version); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func verifyPublishPredicateVersion(att *SignedAttestation, expectedVersion string) error {
+	_, version, err := getPublishPredicateData(att)
+	if err != nil {
+		return err
+	}
+	if version != expectedVersion {
+		return fmt.Errorf("%w: got '%v', expected '%v'", serrors.ErrorMismatchPackageVersion,
+			version, expectedVersion)
+	}
+	return nil
+}
+
+func verifyPublishPredicateName(att *SignedAttestation, expectedName string) error {
+	name, _, err := getPublishPredicateData(att)
+	if err != nil {
+		return err
+	}
+	if name != expectedName {
+		return fmt.Errorf("%w: got '%v', expected '%v'", serrors.ErrorMismatchPackageName,
+			name, expectedName)
+	}
+	return nil
+}
+
+func getPublishPredicateData(att *SignedAttestation) (string, string, error) {
+	env := att.Envelope
+	pyld, err := base64.StdEncoding.DecodeString(env.Payload)
+	if err != nil {
+		return "", "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
+	}
+
+	statement := struct {
+		intoto.StatementHeader
+		Predicate struct {
+			Version string `json:"version"`
+			Name    string `json:"name"`
+		} `json:"predicate"`
+	}{}
+	if err := json.Unmarshal(pyld, &statement); err != nil {
+		return "", "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
+	}
+
+	return statement.Predicate.Name, statement.Predicate.Version, nil
+}
+
+func verifyProvenanceSubjectVersion(att *SignedAttestation, expectedVersion string) error {
+	subject, err := getSubject(att)
+	if err != nil {
+		return err
+	}
+
+	_, subVersion, err := getPackageNameAndVersion(subject)
+	if err != nil {
+		return err
+	}
+
+	if subVersion != expectedVersion {
+		return fmt.Errorf("%w: got '%v', expected '%v'", serrors.ErrorMismatchPackageVersion,
+			subVersion, expectedVersion)
+	}
+
+	return nil
+}
+
+func verifyPublishSubjectVersion(att *SignedAttestation, expectedVersion string) error {
+	_, version, err := getPublishPredicateData(att)
+	if err != nil {
+		return err
+	}
+
+	if version != expectedVersion {
+		return fmt.Errorf("%w: got '%v', expected '%v'", serrors.ErrorMismatchPackageVersion,
+			version, expectedVersion)
+	}
+
+	return nil
+}
+
+func verifyPublishSubjectName(att *SignedAttestation, expectedName string) error {
+	name, _, err := getPublishPredicateData(att)
+	if err != nil {
+		return err
+	}
+
+	return verifyName(name, expectedName)
+}
+
+func verifyProvenanceSubjectName(att *SignedAttestation, expectedName string) error {
+	prov, err := slsaprovenance.ProvenanceFromEnvelope(att.Envelope)
+	if err != nil {
+		return nil
+	}
+
+	subjects, err := prov.Subjects()
+	if err != nil {
+		return fmt.Errorf("%w", serrors.ErrorInvalidDssePayload)
+	}
+	if len(subjects) != 1 {
+		return fmt.Errorf("%w: expected 1 subject, got %v", serrors.ErrorInvalidDssePayload, len(subjects))
+	}
+
+	// Package name starts with a prefix.
+	prefix := "pkg:npm/"
+	if !strings.HasPrefix(subjects[0].Name, prefix) {
+		return fmt.Errorf("%w: %s", serrors.ErrorInvalidPackageName, subjects[0].Name)
+	}
+
+	// URL decode the package name from the attestation.
+	subjectName, err := url.QueryUnescape(subjects[0].Name[len(prefix):])
+	if err != nil {
+		return fmt.Errorf("%w: %s", serrors.ErrorInvalidEncoding, err)
+	}
+
+	return verifyName(subjectName, expectedName)
+}
+
+func verifyName(actual, expected string) error {
+	subName, _, err := getPackageNameAndVersion(actual)
+	if err != nil {
+		return err
+	}
+
+	if subName != expected {
+		return fmt.Errorf("%w: got '%v', expected '%v'", serrors.ErrorMismatchPackageName,
+			subName, expected)
+	}
+
+	return nil
+}
+
+func getPackageNameAndVersion(name string) (string, string, error) {
+	var pkgname, pkgtag string
+	n := name
+	if strings.HasPrefix(name, "@") {
+		n = n[1:]
+	}
+	parts := strings.Split(n, "@")
+	if len(parts) > 2 {
+		return "", "", fmt.Errorf("%w: %v", serrors.ErrorInvalidPackageName, name)
+	}
+
+	pkgname = parts[0]
+	if strings.HasPrefix(name, "@") {
+		pkgname = "@" + pkgname
+	}
+	if len(parts) == 2 {
+		pkgtag = parts[1]
+	}
+
+	return pkgname, pkgtag, nil
+}
+
+func getSubject(att *SignedAttestation) (string, error) {
+	prov, err := slsaprovenance.ProvenanceFromEnvelope(att.Envelope)
+	if err != nil {
+		return "", err
+	}
+
+	subjects, err := prov.Subjects()
+	if err != nil {
+		return "", fmt.Errorf("%w", err)
+	}
+	if len(subjects) != 1 {
+		return "", fmt.Errorf("%w: subject length: %v", serrors.ErrorInvalidSubject, len(subjects))
+	}
+
+	// Package name starts with a prefix.
+	prefix := "pkg:npm/"
+	if !strings.HasPrefix(subjects[0].Name, prefix) {
+		return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidPackageName, subjects[0].Name)
+	}
+
+	// URL decode the package name from the attestation.
+	subject, err := url.QueryUnescape(subjects[0].Name[len(prefix):])
+	if err != nil {
+		return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidEncoding, err)
+	}
+	return subject, err
+}
diff --git a/verifiers/internal/gha/npm_test.go b/verifiers/internal/gha/npm_test.go
new file mode 100644
index 000000000..b9e10fb43
--- /dev/null
+++ b/verifiers/internal/gha/npm_test.go
@@ -0,0 +1,894 @@
+package gha
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
+	dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse"
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance"
+)
+
+func Test_verifyName(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name     string
+		actual   string
+		expected string
+		err      error
+	}{
+		{
+			name:     "scoped with version same",
+			actual:   "@laurentsimon/provenance-npm-test@1.0.0",
+			expected: "@laurentsimon/provenance-npm-test",
+		},
+		{
+			name:     "scoped no version same",
+			actual:   "@laurentsimon/provenance-npm-test",
+			expected: "@laurentsimon/provenance-npm-test",
+		},
+		{
+			name:     "scoped with version different",
+			actual:   "@laurentsimon/provenance-npm-test@1.0.0",
+			expected: "@laurentsimon/provenance-npm-tes",
+			err:      serrors.ErrorMismatchPackageName,
+		},
+		{
+			name:     "scoped not same 1",
+			actual:   "@laurentsimon/provenance-npm-test",
+			expected: "@aurentsimon/provenance-npm-test",
+			err:      serrors.ErrorMismatchPackageName,
+		},
+		{
+			name:     "scoped not same 2",
+			actual:   "@laurentsimon/provenance-npm-test",
+			expected: "@laurentsimon/provenance-npm-tes",
+			err:      serrors.ErrorMismatchPackageName,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyName(tt.actual, tt.expected)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.expected))
+			}
+		})
+	}
+}
+
+func Test_verifyPublishSubjectVersion(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		version string
+		err     error
+	}{
+		{
+			name: "correct version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			version: "1.0.0",
+		},
+		{
+			name: "incorrect subset version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			version: "1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect patch version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			version: "1.0.1",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect minor version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			version: "1.1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect major version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			version: "2.0.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyPublishSubjectVersion(tt.att, tt.version)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyProvenanceSubjectVersion(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		version string
+		err     error
+	}{
+		{
+			name: "correct version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			version: "1.0.0",
+		},
+		{
+			name: "incorrect subset version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			version: "1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect patch version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			version: "1.0.1",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect minor version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			version: "1.1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect major version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			version: "2.0.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyProvenanceSubjectVersion(tt.att, tt.version)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyPublishSubjectName(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		subject string
+		err     error
+	}{
+		{
+			name: "correct name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test",
+		},
+		{
+			name: "incorrect name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			subject: "wrong name",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect scope",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			subject: "laurentsimon/provenance-npm-test",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect with version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test@1.0.0",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyPublishSubjectName(tt.att, tt.subject)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyPublishPredicateName(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		subject string
+		err     error
+	}{
+		{
+			name: "correct name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test-pred",
+		},
+		{
+			name: "incorrect name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			subject: "wrong name",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect scope",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			subject: "laurentsimon/provenance-npm-test-pred",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect with version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test-pred@1.0.0",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyPublishPredicateName(tt.att, tt.subject)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyPublishPredicateVersion(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		version string
+		err     error
+	}{
+		{
+			name: "correct version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			version: "1.0.0",
+		},
+		{
+			name: "incorrect subset version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			version: "1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect patch version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			version: "1.0.1",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect minor version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			version: "1.1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name: "incorrect major version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			version: "2.0.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyPublishPredicateVersion(tt.att, tt.version)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyProvenanceSubjectName(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		att     *SignedAttestation
+		subject string
+		err     error
+	}{
+		{
+			name: "correct name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test",
+		},
+		{
+			name: "incorrect name",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			subject: "wrong name",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect scope",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			subject: "laurentsimon/provenance-npm-test",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name: "incorrect with version",
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			subject: "@laurentsimon/provenance-npm-test@1.0.0",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyProvenanceSubjectName(tt.att, tt.subject)
+
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyPackageName(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+
+	trustedRoot, err := GetTrustedRoot(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		name    string
+		path    string
+		subject string
+		err     error
+	}{
+		{
+			name:    "correct name",
+			path:    "npm-attestations.intoto.sigstore",
+			subject: "@laurentsimon/provenance-npm-test",
+		},
+		{
+			name:    "incorrect name",
+			path:    "npm-attestations.intoto.sigstore",
+			subject: "wrong name",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name:    "incorrect scope",
+			path:    "npm-attestations.intoto.sigstore",
+			subject: "laurentsimon/provenance-npm-test",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+		{
+			name:    "incorrect with version",
+			path:    "npm-attestations.intoto.sigstore",
+			subject: "@laurentsimon/provenance-npm-test@1.0.0",
+			err:     serrors.ErrorMismatchPackageName,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			content, err := os.ReadFile(filepath.Join("testdata", tt.path))
+			if err != nil {
+				panic(fmt.Errorf("os.ReadFile: %w", err))
+			}
+
+			npm, err := NpmNew(ctx, trustedRoot, content)
+			if err != nil {
+				panic(fmt.Errorf("NpmNew: %w", err))
+			}
+			// Set provenance attestation.
+			env, err := getEnvelopeFromBundleBytes(npm.provenanceAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedProvenanceAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			env, err = getEnvelopeFromBundleBytes(npm.publishAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedPublishAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			err = npm.verifyPackageName(&tt.subject)
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyPackageVersion(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+
+	trustedRoot, err := GetTrustedRoot(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		name    string
+		path    string
+		version string
+		err     error
+	}{
+		{
+			name:    "correct name",
+			path:    "npm-attestations.intoto.sigstore",
+			version: "1.0.0",
+		},
+		{
+			name:    "incorrect patch",
+			path:    "npm-attestations.intoto.sigstore",
+			version: "1.0.1",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name:    "incorrect minor",
+			path:    "npm-attestations.intoto.sigstore",
+			version: "1.1.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+		{
+			name:    "incorrect major",
+			path:    "npm-attestations.intoto.sigstore",
+			version: "2.0.0",
+			err:     serrors.ErrorMismatchPackageVersion,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			content, err := os.ReadFile(filepath.Join("testdata", tt.path))
+			if err != nil {
+				panic(fmt.Errorf("os.ReadFile: %w", err))
+			}
+
+			npm, err := NpmNew(ctx, trustedRoot, content)
+			if err != nil {
+				panic(fmt.Errorf("NpmNew: %w", err))
+			}
+			// Set provenance attestation.
+			env, err := getEnvelopeFromBundleBytes(npm.provenanceAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedProvenanceAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			env, err = getEnvelopeFromBundleBytes(npm.publishAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedPublishAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			err = npm.verifyPackageVersion(&tt.version)
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyIntotoTypes(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name          string
+		att           *SignedAttestation
+		predicateType string
+		payloadType   string
+		prefix        bool
+		err           error
+	}{
+		{
+			name:          "prov correct",
+			predicateType: slsaprovenance.ProvenanceV02Type,
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+		},
+		{
+			name:          "prov mismatch payload type",
+			predicateType: slsaprovenance.ProvenanceV02Type,
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+jso",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			err: serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name:          "prov mismatch predicate type",
+			predicateType: slsaprovenance.ProvenanceV02Type + "a",
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJidWlsZFR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGkvZ2hhQHYxIiwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9jbGlAOS41LjAiCiAgICB9CiAgfQp9Cg==",
+				},
+			},
+			err: serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name:          "publish correct",
+			predicateType: publishAttestationV01,
+			prefix:        true,
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+		},
+		{
+			name:          "publish mismatch payload type",
+			predicateType: publishAttestationV01,
+			prefix:        true,
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+jso",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			err: serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name:          "publish mismatch predicate type",
+			predicateType: publishAttestationV01 + "a",
+			prefix:        true,
+			payloadType:   intoto.PayloadType,
+			att: &SignedAttestation{
+				Envelope: &dsselib.Envelope{
+					PayloadType: "application/vnd.in-toto+json",
+					Payload:     "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdC1wcmVkIiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+				},
+			},
+			err: serrors.ErrorInvalidDssePayload,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := verifyIntotoTypes(tt.att, tt.predicateType, tt.payloadType, tt.prefix)
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_verifyIntotoHeaders(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+
+	trustedRoot, err := GetTrustedRoot(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		name    string
+		path    string
+		version string
+		err     error
+	}{
+		{
+			name: "correct",
+			path: "npm-attestations.intoto.sigstore",
+		},
+		{
+			name: "prov incorrect stmt predicate type",
+			path: "npm-stmt-mismatch-prov-predicatetype.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name: "prov incorrect stmt type",
+			path: "npm-stmt-mismatch-prov-type.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name: "prov incorrect att payload type",
+			path: "npm-att-mismatch-prov-payloadtype.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name: "pub incorrect stmt predicate type",
+			path: "npm-stmt-mismatch-pub-predicatetype.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name: "pub incorrect att payload type",
+			path: "npm-att-mismatch-pub-payloadtype.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+		{
+			name: "pub incorrect stmt type",
+			path: "npm-stmt-mismatch-pub-type.intoto.sigstore",
+			err:  serrors.ErrorInvalidDssePayload,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			content, err := os.ReadFile(filepath.Join("testdata", tt.path))
+			if err != nil {
+				panic(fmt.Errorf("os.ReadFile: %w", err))
+			}
+
+			npm, err := NpmNew(ctx, trustedRoot, content)
+			if err != nil {
+				panic(fmt.Errorf("NpmNew: %w", err))
+			}
+			// Set provenance attestation.
+			env, err := getEnvelopeFromBundleBytes(npm.provenanceAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedProvenanceAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			env, err = getEnvelopeFromBundleBytes(npm.publishAttestation.BundleBytes)
+			if err != nil {
+				panic(fmt.Errorf("getEnvelopeFromBundleBytes: %w", err))
+			}
+			npm.verifiedPublishAtt = &SignedAttestation{
+				Envelope: env,
+			}
+
+			err = npm.verifyIntotoHeaders()
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
+
+func Test_NpmNew(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+
+	trustedRoot, err := GetTrustedRoot(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		name    string
+		path    string
+		version string
+		err     error
+	}{
+		{
+			name: "correct",
+			path: "npm-attestations.intoto.sigstore",
+		},
+		{
+			name: "prov incorrect att predicate type",
+			path: "npm-att-mismatch-prov-predicatetype.intoto.sigstore",
+			err:  errrorInvalidAttestations,
+		},
+		{
+			name: "publish incorrect att predicate type",
+			path: "npm-att-mismatch-pub-predicatetype.intoto.sigstore",
+			err:  errrorInvalidAttestations,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			content, err := os.ReadFile(filepath.Join("testdata", tt.path))
+			if err != nil {
+				panic(fmt.Errorf("os.ReadFile: %w", err))
+			}
+
+			_, err = NpmNew(ctx, trustedRoot, content)
+			if !errCmp(err, tt.err) {
+				t.Errorf(cmp.Diff(err, tt.err))
+			}
+		})
+	}
+}
diff --git a/verifiers/internal/gha/provenance.go b/verifiers/internal/gha/provenance.go
index 7aa8c4389..752ff5068 100644
--- a/verifiers/internal/gha/provenance.go
+++ b/verifiers/internal/gha/provenance.go
@@ -8,8 +8,6 @@ import (
 	"os"
 	"strings"
 
-	"golang.org/x/mod/semver"
-
 	dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
@@ -18,6 +16,7 @@ import (
 	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
 	"github.com/slsa-framework/slsa-verifier/v2/options"
 	"github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance"
+	"github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
 
 	// Load provenance types.
 	_ "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance/v0.2"
@@ -71,7 +70,7 @@ func asURI(s string) string {
 }
 
 // Verify source URI in provenance statement.
-func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) error {
+func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string, allowNoMaterialRef bool) error {
 	source := asURI(expectedSourceURI)
 
 	// We expect github.com URIs only.
@@ -85,7 +84,7 @@ func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) e
 	if err != nil {
 		return err
 	}
-	configURI, err := sourceFromURI(fullConfigURI)
+	configURI, err := sourceFromURI(fullConfigURI, false)
 	if err != nil {
 		return err
 	}
@@ -99,7 +98,7 @@ func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) e
 	if err != nil {
 		return err
 	}
-	materialURI, err := sourceFromURI(materialSourceURI)
+	materialURI, err := sourceFromURI(materialSourceURI, allowNoMaterialRef)
 	if err != nil {
 		return err
 	}
@@ -110,6 +109,12 @@ func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) e
 
 	// Last, verify that both fields match.
 	// We use the full URI to match on the tag as well.
+	if allowNoMaterialRef && len(strings.Split(materialSourceURI, "@")) == 1 {
+		// NOTE: this is an exception for npm packages built before GA,
+		// see https://github.com/slsa-framework/slsa-verifier/issues/492.
+		// We don't need to compare the ref since materialSourceURI does not contain it.
+		return nil
+	}
 	if fullConfigURI != materialSourceURI {
 		return fmt.Errorf("%w: material and config URIs do not match: '%s' != '%s'",
 			serrors.ErrorInvalidDssePayload,
@@ -119,13 +124,19 @@ func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) e
 	return nil
 }
 
-func sourceFromURI(uri string) (string, error) {
+// sourceFromURI retrieves the source repository given a repository URI with ref.
+//
+// NOTE: `allowNoRef` is to allow for verification of npm packages
+// generated before GA. Their provenance did not have a ref,
+// see https://github.com/slsa-framework/slsa-verifier/issues/492.
+// `allowNoRef` should be set to `false` for all other cases.
+func sourceFromURI(uri string, allowNoRef bool) (string, error) {
 	if uri == "" {
 		return "", fmt.Errorf("%w: empty uri", serrors.ErrorMalformedURI)
 	}
 
-	r := strings.SplitN(uri, "@", 2)
-	if len(r) < 2 {
+	r := strings.Split(uri, "@")
+	if len(r) < 2 && !allowNoRef {
 		return "", fmt.Errorf("%w: %s", serrors.ErrorMalformedURI,
 			uri)
 	}
@@ -136,18 +147,20 @@ func sourceFromURI(uri string) (string, error) {
 	return r[0], nil
 }
 
-// Verify SHA256 Subject Digest from the provenance statement.
-func verifySha256Digest(prov slsaprovenance.Provenance, expectedHash string) error {
+// Verify Subject Digest from the provenance statement.
+func verifyDigest(prov slsaprovenance.Provenance, expectedHash string) error {
 	subjects, err := prov.Subjects()
 	if err != nil {
 		return err
 	}
 
+	// 8 bit represented in hex, so 8/2=4.
+	l := len(expectedHash) * 4
 	for _, subject := range subjects {
 		digestSet := subject.Digest
-		hash, exists := digestSet["sha256"]
+		hash, exists := digestSet[fmt.Sprintf("sha%v", l)]
 		if !exists {
-			return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no sha256 subject digest")
+			return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, fmt.Sprintf("no sha%v subject digest", l))
 		}
 
 		if hash == expectedHash {
@@ -163,7 +176,8 @@ func verifySha256Digest(prov slsaprovenance.Provenance, expectedHash string) err
 func VerifyProvenanceSignature(ctx context.Context, trustedRoot *TrustedRoot,
 	rClient *client.Rekor,
 	provenance []byte, artifactHash string) (
-	*SignedAttestation, error) {
+	*SignedAttestation, error,
+) {
 	// Collect trusted root material for verification (Rekor pubkeys, SCT pubkeys,
 	// Fulcio root certificates).
 	_, err := GetTrustedRoot(ctx)
@@ -186,7 +200,35 @@ func VerifyProvenanceSignature(ctx context.Context, trustedRoot *TrustedRoot,
 		provenance, rClient, trustedRoot)
 }
 
-func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts) error {
+func VerifyNpmPackageProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts,
+) error {
+	prov, err := slsaprovenance.ProvenanceFromEnvelope(env)
+	if err != nil {
+		return err
+	}
+
+	// Untrusted builder.
+	if provenanceOpts.ExpectedBuilderID == "" {
+		// Verify it's the npm CLI.
+		builderID, err := prov.BuilderID()
+		if err != nil {
+			return err
+		}
+		// TODO(#494): update the builder ID string.
+		if !strings.HasPrefix(builderID, "https://github.com/npm/cli@") {
+			return fmt.Errorf("%w: expected 'https://github.com/npm/cli' in builder.id, got '%s'",
+				serrors.ErrorMismatchBuilderID, builderID)
+		}
+	} else if err := verifyBuilderIDExactMatch(prov, provenanceOpts.ExpectedBuilderID); err != nil {
+		return err
+	}
+	// NOTE: for the non trusted builders, the information may be forgeable.
+	// Also, the GitHub context is not recorded for the default builder.
+	return VerifyProvenanceCommonOptions(prov, provenanceOpts, true)
+}
+
+func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts,
+) error {
 	prov, err := slsaprovenance.ProvenanceFromEnvelope(env)
 	if err != nil {
 		return err
@@ -199,13 +241,19 @@ func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceO
 		return err
 	}
 
+	return VerifyProvenanceCommonOptions(prov, provenanceOpts, false)
+}
+
+func VerifyProvenanceCommonOptions(prov slsaprovenance.Provenance, provenanceOpts *options.ProvenanceOpts,
+	allowNoMaterialRef bool,
+) error {
 	// Verify source.
-	if err := verifySourceURI(prov, provenanceOpts.ExpectedSourceURI); err != nil {
+	if err := verifySourceURI(prov, provenanceOpts.ExpectedSourceURI, allowNoMaterialRef); err != nil {
 		return err
 	}
 
 	// Verify subject digest.
-	if err := verifySha256Digest(prov, provenanceOpts.ExpectedDigest); err != nil {
+	if err := verifyDigest(prov, provenanceOpts.ExpectedDigest); err != nil {
 		return err
 	}
 
@@ -269,7 +317,7 @@ func VerifyBranch(prov slsaprovenance.Provenance, expectedBranch string) error {
 	}
 
 	expectedBranch = "refs/heads/" + expectedBranch
-	if !strings.EqualFold(branch, expectedBranch) {
+	if branch != expectedBranch {
 		return fmt.Errorf("expected branch '%s', got '%s': %w", expectedBranch, branch, serrors.ErrorMismatchBranch)
 	}
 
@@ -283,7 +331,7 @@ func VerifyTag(prov slsaprovenance.Provenance, expectedTag string) error {
 	}
 
 	expectedTag = "refs/tags/" + expectedTag
-	if !strings.EqualFold(tag, expectedTag) {
+	if tag != expectedTag {
 		return fmt.Errorf("expected tag '%s', got '%s': %w", expectedTag, tag, serrors.ErrorMismatchTag)
 	}
 
@@ -291,11 +339,6 @@ func VerifyTag(prov slsaprovenance.Provenance, expectedTag string) error {
 }
 
 func VerifyVersionedTag(prov slsaprovenance.Provenance, expectedTag string) error {
-	// Validate and canonicalize the provenance tag.
-	if !semver.IsValid(expectedTag) {
-		return fmt.Errorf("%s: %w", expectedTag, serrors.ErrorInvalidSemver)
-	}
-
 	// Retrieve, validate and canonicalize the provenance tag.
 	// Note: prerelease is validated as part of patch validation
 	// and must be equal. Build is discarded as per https://semver.org/:
@@ -304,69 +347,7 @@ func VerifyVersionedTag(prov slsaprovenance.Provenance, expectedTag string) erro
 	if err != nil {
 		return err
 	}
-	semTag := semver.Canonical(strings.TrimPrefix(tag, "refs/tags/"))
-	if !semver.IsValid(semTag) {
-		return fmt.Errorf("%s: %w", expectedTag, serrors.ErrorInvalidSemver)
-	}
-
-	// Major should always be the same.
-	expectedMajor := semver.Major(expectedTag)
-	major := semver.Major(semTag)
-	if major != expectedMajor {
-		return fmt.Errorf("%w: major version expected '%s', got '%s'",
-			serrors.ErrorMismatchVersionedTag, expectedMajor, major)
-	}
-
-	expectedMinor, err := minorVersion(expectedTag)
-	if err == nil {
-		// A minor version was provided by the user.
-		minor, err := minorVersion(semTag)
-		if err != nil {
-			return err
-		}
-
-		if minor != expectedMinor {
-			return fmt.Errorf("%w: minor version expected '%s', got '%s'",
-				serrors.ErrorMismatchVersionedTag, expectedMinor, minor)
-		}
-	}
-
-	expectedPatch, err := patchVersion(expectedTag)
-	if err == nil {
-		// A patch version was provided by the user.
-		patch, err := patchVersion(semTag)
-		if err != nil {
-			return err
-		}
-
-		if patch != expectedPatch {
-			return fmt.Errorf("%w: patch version expected '%s', got '%s'",
-				serrors.ErrorMismatchVersionedTag, expectedPatch, patch)
-		}
-	}
-
-	// Match.
-	return nil
-}
-
-func minorVersion(v string) (string, error) {
-	return extractFromVersion(v, 1)
-}
-
-func patchVersion(v string) (string, error) {
-	patch, err := extractFromVersion(v, 2)
-	if err != nil {
-		return "", err
-	}
-	return strings.TrimSuffix(patch, semver.Build(v)), nil
-}
-
-func extractFromVersion(v string, i int) (string, error) {
-	parts := strings.Split(v, ".")
-	if len(parts) <= i {
-		return "", fmt.Errorf("%s: %w", v, serrors.ErrorInvalidSemver)
-	}
-	return parts[i], nil
+	return utils.VerifyVersionedTag(strings.TrimPrefix(tag, "refs/tags/"), expectedTag)
 }
 
 // hasCertInEnvelope checks if a valid x509 certificate is present in the
diff --git a/verifiers/internal/gha/provenance_test.go b/verifiers/internal/gha/provenance_test.go
index 999355ec3..bfa2ffa88 100644
--- a/verifiers/internal/gha/provenance_test.go
+++ b/verifiers/internal/gha/provenance_test.go
@@ -26,7 +26,7 @@ func provenanceFromBytes(payload []byte) (slsaprovenance.Provenance, error) {
 	return slsaprovenance.ProvenanceFromEnvelope(env)
 }
 
-func Test_VerifySha256Subject(t *testing.T) {
+func Test_VerifyDigest(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
 		name         string
@@ -149,7 +149,7 @@ func Test_VerifySha256Subject(t *testing.T) {
 				panic(fmt.Errorf("provenanceFromBytes: %w", err))
 			}
 
-			err = verifySha256Digest(prov, tt.artifactHash)
+			err = verifyDigest(prov, tt.artifactHash)
 			if !errCmp(err, tt.expected) {
 				t.Errorf(cmp.Diff(err, tt.expected))
 			}
@@ -160,10 +160,11 @@ func Test_VerifySha256Subject(t *testing.T) {
 func Test_verifySourceURI(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
-		name      string
-		prov      *intoto.ProvenanceStatement
-		sourceURI string
-		expected  error
+		name               string
+		prov               *intoto.ProvenanceStatement
+		sourceURI          string
+		allowNoMaterialRef bool
+		expected           error
 		// v1 provenance does not include materials
 		skipv1 bool
 	}{
@@ -288,6 +289,45 @@ func Test_verifySourceURI(t *testing.T) {
 			},
 			sourceURI: "https://github.com/some/repo",
 		},
+		{
+			name: "match source no git no material ref",
+			prov: &intoto.ProvenanceStatement{
+				Predicate: slsa02.ProvenancePredicate{
+					Invocation: slsa02.ProvenanceInvocation{
+						ConfigSource: slsa02.ConfigSource{
+							URI: "git+https://github.com/some/repo@v1.2.3",
+						},
+					},
+					Materials: []slsacommon.ProvenanceMaterial{
+						{
+							URI: "git+https://github.com/some/repo",
+						},
+					},
+				},
+			},
+			allowNoMaterialRef: true,
+			sourceURI:          "https://github.com/some/repo",
+		},
+		{
+			name: "match source no git no material ref ref not allowed",
+			prov: &intoto.ProvenanceStatement{
+				Predicate: slsa02.ProvenancePredicate{
+					Invocation: slsa02.ProvenanceInvocation{
+						ConfigSource: slsa02.ConfigSource{
+							URI: "git+https://github.com/some/repo@v1.2.3",
+						},
+					},
+					Materials: []slsacommon.ProvenanceMaterial{
+						{
+							URI: "git+https://github.com/some/repo",
+						},
+					},
+				},
+			},
+			sourceURI: "https://github.com/some/repo",
+			expected:  serrors.ErrorMalformedURI,
+			skipv1:    true,
+		},
 		{
 			name: "match source no git+https",
 			prov: &intoto.ProvenanceStatement{
@@ -412,7 +452,7 @@ func Test_verifySourceURI(t *testing.T) {
 				ProvenanceStatement: tt.prov,
 			}
 
-			err := verifySourceURI(prov02, tt.sourceURI)
+			err := verifySourceURI(prov02, tt.sourceURI, tt.allowNoMaterialRef)
 			if !errCmp(err, tt.expected) {
 				t.Errorf(cmp.Diff(err, tt.expected))
 			}
@@ -433,7 +473,7 @@ func Test_verifySourceURI(t *testing.T) {
 					},
 				},
 			}
-			err = verifySourceURI(prov1, tt.sourceURI)
+			err = verifySourceURI(prov1, tt.sourceURI, tt.allowNoMaterialRef)
 			if !errCmp(err, tt.expected) {
 				t.Errorf(cmp.Diff(err, tt.expected))
 			}
@@ -598,6 +638,12 @@ func Test_VerifyBranch(t *testing.T) {
 			path:   "./testdata/dsse-branch3-ref-v1.intoto.jsonl",
 			branch: "branch3",
 		},
+		{
+			name:     "ref main case-sensitive",
+			path:     "./testdata/dsse-main-ref-v1.intoto.jsonl",
+			branch:   "Main",
+			expected: serrors.ErrorMismatchBranch,
+		},
 
 		{
 			name:     "invalid ref type",
@@ -828,11 +874,22 @@ func Test_VerifyTag(t *testing.T) {
 			path:     "./testdata/dsse-invalid-ref-type-v1.intoto.jsonl",
 			expected: serrors.ErrorInvalidDssePayload,
 		},
+		{
+			name:     "tag vSLSA1 case-sensitive",
+			path:     "./testdata/dsse-vslsa1-tag.intoto.jsonl",
+			tag:      "vSLSA1",
+			expected: serrors.ErrorMismatchTag,
+		},
 		{
 			name: "tag vslsa1",
 			path: "./testdata/dsse-vslsa1-tag-v1.intoto.jsonl",
 			tag:  "vslsa1",
 		},
+		{
+			name: "case sensitive",
+			path: "./testdata/dsse-vslsa1-tag-v1.intoto.jsonl",
+			tag:  "vslsa1",
+		},
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
diff --git a/verifiers/internal/gha/rekor.go b/verifiers/internal/gha/rekor.go
index a3562452c..651f10399 100644
--- a/verifiers/internal/gha/rekor.go
+++ b/verifiers/internal/gha/rekor.go
@@ -40,7 +40,8 @@ const (
 
 func verifyTlogEntryByUUID(ctx context.Context, rekorClient *client.Rekor,
 	entryUUID string, trustedRoot *TrustedRoot) (
-	*models.LogEntryAnon, error) {
+	*models.LogEntryAnon, error,
+) {
 	params := entries.NewGetLogEntryByUUIDParamsWithContext(ctx)
 	params.EntryUUID = entryUUID
 
@@ -79,7 +80,8 @@ func verifyTlogEntryByUUID(ctx context.Context, rekorClient *client.Rekor,
 // is true, the inclusion proof along with the signed tree head.
 func verifyTlogEntry(ctx context.Context, e models.LogEntryAnon,
 	verifyInclusion bool, rekorKeys *cosign.TrustedTransparencyLogPubKeys) (
-	*models.LogEntryAnon, error) {
+	*models.LogEntryAnon, error,
+) {
 	// Verify the root hash against the current Signed Entry Tree Head
 	verifier, err := signature.LoadECDSAVerifier(rekorKeys.Keys[*e.LogID].PubKey.(*ecdsa.PublicKey),
 		crypto.SHA256)
@@ -183,7 +185,8 @@ func getUUIDsByArtifactDigest(rClient *client.Rekor, artifactHash string) ([]str
 // the full intoto attestation.
 // The attestation generated by the slsa-github-generator libraries contain a signing certificate.
 func GetValidSignedAttestationWithCert(rClient *client.Rekor,
-	provenance []byte, trustedRoot *TrustedRoot) (*SignedAttestation, error) {
+	provenance []byte, trustedRoot *TrustedRoot,
+) (*SignedAttestation, error) {
 	// Use intoto attestation to find rekor entry UUIDs.
 	params := entries.NewSearchLogQueryParams()
 	searchLogQuery := models.SearchLogQuery{}
@@ -253,7 +256,8 @@ func GetValidSignedAttestationWithCert(rClient *client.Rekor,
 // SearchValidSignedAttestation searches for a valid signing certificate using the Rekor
 // Redis search index by using the artifact digest.
 func SearchValidSignedAttestation(ctx context.Context, artifactHash string, provenance []byte,
-	rClient *client.Rekor, trustedRoot *TrustedRoot) (*SignedAttestation, error) {
+	rClient *client.Rekor, trustedRoot *TrustedRoot,
+) (*SignedAttestation, error) {
 	// Get Rekor UUIDs by artifact digest.
 	uuids, err := getUUIDsByArtifactDigest(rClient, artifactHash)
 	if err != nil {
diff --git a/verifiers/internal/gha/slsaprovenance/slsaprovenance.go b/verifiers/internal/gha/slsaprovenance/slsaprovenance.go
index f7a3db9c5..940379077 100644
--- a/verifiers/internal/gha/slsaprovenance/slsaprovenance.go
+++ b/verifiers/internal/gha/slsaprovenance/slsaprovenance.go
@@ -65,7 +65,7 @@ func ProvenanceFromEnvelope(env *dsselib.Envelope) (Provenance, error) {
 	// Load the appropriate structure and unmarshal.
 	ptype, ok := ProvenanceMap.Load(pred.PredicateType)
 	if !ok {
-		return nil, fmt.Errorf("%w: %s %s", serrors.ErrorInvalidDssePayload, "unexpected predicate type ", pred.PredicateType)
+		return nil, fmt.Errorf("%w: unexpected predicate type '%s'", serrors.ErrorInvalidDssePayload, pred.PredicateType)
 	}
 	prov := ptype.(func() Provenance)()
 
diff --git a/verifiers/internal/gha/testdata/npm-att-mismatch-prov-payloadtype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-att-mismatch-prov-payloadtype.intoto.sigstore
new file mode 100644
index 000000000..617235b5a
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-att-mismatch-prov-payloadtype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+jsonA",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-att-mismatch-prov-predicatetype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-att-mismatch-prov-predicatetype.intoto.sigstore
new file mode 100644
index 000000000..6e11e918d
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-att-mismatch-prov-predicatetype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenanc/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-att-mismatch-pub-payloadtype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-att-mismatch-pub-payloadtype.intoto.sigstore
new file mode 100644
index 000000000..617235b5a
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-att-mismatch-pub-payloadtype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+jsonA",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-att-mismatch-pub-predicatetype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-att-mismatch-pub-predicatetype.intoto.sigstore
new file mode 100644
index 000000000..5d639cef8
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-att-mismatch-pub-predicatetype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publis/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-attestations.intoto.sigstore b/verifiers/internal/gha/testdata/npm-attestations.intoto.sigstore
new file mode 100644
index 000000000..5b7b6c9bf
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-attestations.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-predicatetype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-predicatetype.intoto.sigstore
new file mode 100644
index 000000000..9b840eda1
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-predicatetype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuYy92MC4yIiwKICAicHJlZGljYXRlIjogewogICAgImJ1aWxkVHlwZSI6ICJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaS9naGFAdjEiLAogICAgImJ1aWxkZXIiOiB7CiAgICAgICJpZCI6ICJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCIKICAgIH0sCiAgICAiaW52b2NhdGlvbiI6IHsKICAgICAgImNvbmZpZ1NvdXJjZSI6IHsKICAgICAgICAidXJpIjogImdpdCtodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3RAcmVmcy9oZWFkcy9tYWluIiwKICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgInNoYTEiOiAiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSIKICAgICAgICB9LAogICAgICAgICJlbnRyeVBvaW50IjogImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIKICAgICAgfSwKICAgICAgInBhcmFtZXRlcnMiOiB7fSwKICAgICAgImVudmlyb25tZW50IjogewogICAgICAgICJHSVRIVUJfQUNUT1JfSUQiOiAiNjQ1MDUwOTkiLAogICAgICAgICJHSVRIVUJfRVZFTlRfTkFNRSI6ICJ3b3JrZmxvd19kaXNwYXRjaCIsCiAgICAgICAgIkdJVEhVQl9SRUYiOiAicmVmcy9oZWFkcy9tYWluIiwKICAgICAgICAiR0lUSFVCX1JFRl9UWVBFIjogImJyYW5jaCIsCiAgICAgICAgIkdJVEhVQl9SRVBPU0lUT1JZIjogImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwKICAgICAgICAiR0lUSFVCX1JFUE9TSVRPUllfSUQiOiAiNjAyMjIzOTQ1IiwKICAgICAgICAiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiAiNjQ1MDUwOTkiLAogICAgICAgICJHSVRIVUJfUlVOX0FUVEVNUFQiOiAiMSIsCiAgICAgICAgIkdJVEhVQl9SVU5fSUQiOiAiNDE4NzQ2NDU3NyIsCiAgICAgICAgIkdJVEhVQl9SVU5fTlVNQkVSIjogIjIiLAogICAgICAgICJHSVRIVUJfU0hBIjogIjE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UiLAogICAgICAgICJHSVRIVUJfV09SS0ZMT1dfUkVGIjogImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgIkdJVEhVQl9XT1JLRkxPV19TSEEiOiAiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSIKICAgICAgfQogICAgfSwKICAgICJtZXRhZGF0YSI6IHsKICAgICAgImJ1aWxkSW52b2NhdGlvbklkIjogIjQxODc0NjQ1NzctMSIsCiAgICAgICJjb21wbGV0ZW5lc3MiOiB7CiAgICAgICAgInBhcmFtZXRlcnMiOiBmYWxzZSwKICAgICAgICAiZW52aXJvbm1lbnQiOiBmYWxzZSwKICAgICAgICAibWF0ZXJpYWxzIjogZmFsc2UKICAgICAgfSwKICAgICAgInJlcHJvZHVjaWJsZSI6IGZhbHNlCiAgICB9LAogICAgIm1hdGVyaWFscyI6IFsKICAgICAgewogICAgICAgICJ1cmkiOiAiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGExIjogIjE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UiCiAgICAgICAgfQogICAgICB9CiAgICBdCiAgfQp9Cg==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-type.intoto.sigstore b/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-type.intoto.sigstore
new file mode 100644
index 000000000..f20be8129
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-stmt-mismatch-prov-type.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50QS92MC4xIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAicGtnOm5wbS8lNDBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdEAxLjAuMCIsCiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTUxMiI6ICIyOWQxOWYyNjIzM2Y0NDQxMzI4NDEyYjM0ZmQ3M2VkMTA0ZWNmZWY2MmYxNDA5Nzg5MGNjY2Y3NDU1YjUyMWI2NWM1YWNmZjg1MTg0OWZhYTg1Yzg1Mzk1YWEyMmQ0MDE0MzZmMDFmM2FmYjYxYjE5Yzc4MGU5MDZjODhjN2YyMCIKICAgICAgfQogICAgfQogIF0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YwLjIiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRUeXBlIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsCiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpQDkuNS4wIgogICAgfSwKICAgICJpbnZvY2F0aW9uIjogewogICAgICAiY29uZmlnU291cmNlIjogewogICAgICAgICJ1cmkiOiAiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdEByZWZzL2hlYWRzL21haW4iLAogICAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgICAic2hhMSI6ICIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIgogICAgICAgIH0sCiAgICAgICAgImVudHJ5UG9pbnQiOiAibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIgogICAgICB9LAogICAgICAicGFyYW1ldGVycyI6IHt9LAogICAgICAiZW52aXJvbm1lbnQiOiB7CiAgICAgICAgIkdJVEhVQl9BQ1RPUl9JRCI6ICI2NDUwNTA5OSIsCiAgICAgICAgIkdJVEhVQl9FVkVOVF9OQU1FIjogIndvcmtmbG93X2Rpc3BhdGNoIiwKICAgICAgICAiR0lUSFVCX1JFRiI6ICJyZWZzL2hlYWRzL21haW4iLAogICAgICAgICJHSVRIVUJfUkVGX1RZUEUiOiAiYnJhbmNoIiwKICAgICAgICAiR0lUSFVCX1JFUE9TSVRPUlkiOiAibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QiLAogICAgICAgICJHSVRIVUJfUkVQT1NJVE9SWV9JRCI6ICI2MDIyMjM5NDUiLAogICAgICAgICJHSVRIVUJfUkVQT1NJVE9SWV9PV05FUl9JRCI6ICI2NDUwNTA5OSIsCiAgICAgICAgIkdJVEhVQl9SVU5fQVRURU1QVCI6ICIxIiwKICAgICAgICAiR0lUSFVCX1JVTl9JRCI6ICI0MTg3NDY0NTc3IiwKICAgICAgICAiR0lUSFVCX1JVTl9OVU1CRVIiOiAiMiIsCiAgICAgICAgIkdJVEhVQl9TSEEiOiAiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSIsCiAgICAgICAgIkdJVEhVQl9XT1JLRkxPV19SRUYiOiAibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIiwKICAgICAgICAiR0lUSFVCX1dPUktGTE9XX1NIQSI6ICIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIgogICAgICB9CiAgICB9LAogICAgIm1ldGFkYXRhIjogewogICAgICAiYnVpbGRJbnZvY2F0aW9uSWQiOiAiNDE4NzQ2NDU3Ny0xIiwKICAgICAgImNvbXBsZXRlbmVzcyI6IHsKICAgICAgICAicGFyYW1ldGVycyI6IGZhbHNlLAogICAgICAgICJlbnZpcm9ubWVudCI6IGZhbHNlLAogICAgICAgICJtYXRlcmlhbHMiOiBmYWxzZQogICAgICB9LAogICAgICAicmVwcm9kdWNpYmxlIjogZmFsc2UKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwKICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgInNoYTEiOiAiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSIKICAgICAgICB9CiAgICAgIH0KICAgIF0KICB9Cn0K",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vYXR0ZXN0YXRpb24vdHJlZS9tYWluL3NwZWNzL3B1Ymxpc2gvdjAuMSIsInByZWRpY2F0ZSI6eyJuYW1lIjoiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwidmVyc2lvbiI6IjEuMC4wIiwicmVnaXN0cnkiOiJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyJ9fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-predicatetype.intoto.sigstore b/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-predicatetype.intoto.sigstore
new file mode 100644
index 000000000..3a6ac5ff8
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-predicatetype.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJzdWJqZWN0IjogWwogICAgewogICAgICAibmFtZSI6ICJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhNTEyIjogIjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL2dpdGh1Yi5jb20vbnBtL2F0dGVzdGF0aW9uL3RyZWUvbWFpbi9zcGVjcy9wdWJsaXMvdjAuMSIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJuYW1lIjogIkBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsCiAgICAidmVyc2lvbiI6ICIxLjAuMCIsCiAgICAicmVnaXN0cnkiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmciCiAgfQp9Cg==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-type.intoto.sigstore b/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-type.intoto.sigstore
new file mode 100644
index 000000000..821037ede
--- /dev/null
+++ b/verifiers/internal/gha/testdata/npm-stmt-mismatch-pub-type.intoto.sigstore
@@ -0,0 +1,92 @@
+[
+  {
+    "predicateType": "https://slsa.dev/provenance/v0.2",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "x509CertificateChain": {
+          "certificates": [
+            {
+              "rawBytes": "MIIDzTCCA1SgAwIBAgIUSUNeEjOTOlxw2mAmVuog6waz+NcwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjE1MTkzMzMyWhcNMjMwMjE1MTk0MzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVWrN2Ayc3U80RBnqrFssCXrFETeyMskQhLAXaOAbaPylLa6GiuhrZUEd+i2Q+kvtlOJN6WvJaoIirGUUw84scKOCAnMwggJvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUgYNyCZHUpkzBfqlfSh2+dV/nqg8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wbwYDVR0RAQH/BGUwY4ZhaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDE2YmFiZmZiOTE1MzgxMWUxOTNjMDE5OTM5MzkxMzU3MzcyYjI1Y2UwJgYKKwYBBAGDvzABBAQYUHVibGlzaCBQYWNrYWdlIHRvIG5wbWpzMC4GCisGAQQBg78wAQUEIGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABhlaRXNMAAAQDAEgwRgIhAOZYHC2AyB4Mm5uV6etiegcdoB5t/3Q6e8pah2BH60urAiEAv9rv6WNIyPfXrP1yzykQldw9iExSBh/brNNjTLzP+wYwCgYIKoZIzj0EAwMDZwAwZAIwT+nOUcGmT+K1gtU/ETiJewRTXtX5bjFh0AEDWzVFlLQKk+CMCr+CmhJgfobd83qwAjAz9Wp4/krIgy+qD7oeCwlUH74MNgWpy2QU5Ox3J61wP2/0O7bhH5fDaGtYUFKZzwA="
+            },
+            {
+              "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+            },
+            {
+              "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+            }
+          ]
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420286",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489612",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCIG/LjJ5tqTgKvbA0F+96CJHIk2X0S+9cBz1Z04BfU7dLAiEA7cpf1Agv0VyEu0wR41nEZ9AZ6GVaYR5rf4AAYIZr4hk="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVI2VkVORFFURlRaMEYzU1VKQlowbFZVMVZPWlVWcVQxUlBiSGgzTW0xQmJWWjFiMmMyZDJGNkswNWpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVJURk5WR3Q2VFhwTmVWZG9ZMDVOYWsxM1RXcEZNVTFVYXpCTmVrMTVWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWV1YzSk9Na0Y1WXpOVk9EQlNRbTV4Y2taemMwTllja1pGVkdWNVRYTnJVV2hNUVZnS1lVOUJZbUZRZVd4TVlUWkhhWFZvY2xwVlJXUXJhVEpSSzJ0MmRHeFBTazQyVjNaS1lXOUphWEpIVlZWM09EUnpZMHRQUTBGdVRYZG5aMHAyVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWbldVNTVDa05hU0ZWd2EzcENabkZzWmxOb01pdGtWaTl1Y1djNGQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQySjNXVVJXVWpCU1FWRklMMEpIVlhkWk5GcG9ZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRhR1JZU214aWJsSjZZVmN4ZGdwaWFUbDNZMjA1TWxwWE5XaGliVTVzVEZjMWQySlRNVEJhV0U0d1RIazFibUZZVW05a1YwbDJaREk1ZVdFeVduTmlNMlI2VEROS2JHSkhWbWhqTWxWMUNtVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUVkNaMjl5UW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVUtURzFHYW1SSGJIWmliazExV2pKc01HRklWbWxrV0U1c1kyMU9kbUp1VW14aWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkZ3BqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxRVdVZERhWE5IUVZGUlFtYzNPSGRCVVUxRlMwUkZNbGx0Um1sYWJWcHBUMVJGTVUxNlozaE5WMVY0Q2s5VVRtcE5SRVUxVDFSTk5VMTZhM2hOZWxVelRYcGplVmxxU1RGWk1sVjNTbWRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVmxWU0ZacFlrZHNlbUZEUWxFS1dWZE9jbGxYWkd4SlNGSjJTVWMxZDJKWGNIcE5RelJIUTJselIwRlJVVUpuTnpoM1FWRlZSVWxIZUdoa1dFcHNZbTVTZW1GWE1YWmlhVGwzWTIwNU1ncGFWelZvWW0xT2JFeFhOWGRpVXpFd1dsaE9NRTFDTUVkRGFYTkhRVkZSUW1jM09IZEJVVmxGUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrTkNDbWwzV1V0TGQxbENRa0ZJVjJWUlNVVkJaMUk1UWtoelFXVlJRak5CVGpBNVRVZHlSM2g0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXNLWTI5QmRrdGxOazlCUVVGQ2FHeGhVbGhPVFVGQlFWRkVRVVZuZDFKblNXaEJUMXBaU0VNeVFYbENORTF0TlhWV05tVjBhV1ZuWTJSdlFqVjBMek5STmdwbE9IQmhhREpDU0RZd2RYSkJhVVZCZGpseWRqWlhUa2w1VUdaWWNsQXhlWHA1YTFGc1pIYzVhVVY0VTBKb0wySnlUazVxVkV4NlVDdDNXWGREWjFsSkNrdHZXa2w2YWpCRlFYZE5SRnAzUVhkYVFVbDNWQ3R1VDFWalIyMVVLMHN4WjNSVkwwVlVhVXBsZDFKVVdIUllOV0pxUm1nd1FVVkVWM3BXUm14TVVVc0theXREVFVOeUswTnRhRXBuWm05aVpEZ3pjWGRCYWtGNk9WZHdOQzlyY2tsbmVTdHhSRGR2WlVOM2JGVklOelJOVG1kWGNIa3lVVlUxVDNnelNqWXhkd3BRTWk4d1R6ZGlhRWcxWmtSaFIzUlpWVVpMV25wM1FUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0iLCJzaWciOiJUVVZWUTBsUlJFcGhhRlJ3VTI1c2RqWkllbFZxTW5reEwxQkNXVXhHZVRob2FFb3JOV1ZCUWxrM2RYazRVbEJ6UjFGSlowcFdkVXd6UjNJNWVXSXlWRkJWUlUxek5rbGxhVFZJVUVoaWVVZHNObWw0WjJRME1YbDJlVEEzVWxFOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYzVhZjNiZThjNzcxYzAwYzVhZGYwNDAxMzQ5YTg1NjM5NjA3Nzg4MzQwNjRhMmYyOTk5YzY4YmZiMWI0Njg4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjg5ZTE2NmNlM2I1Zjk5MTgxZDExYjcyYjg2OTJkODEwYjJlM2NkMTdmZWNiZjBiNzRmNDBmYTRmNmUzNjNkNSJ9fX19"
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtLyU0MGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjI5ZDE5ZjI2MjMzZjQ0NDEzMjg0MTJiMzRmZDczZWQxMDRlY2ZlZjYyZjE0MDk3ODkwY2NjZjc0NTViNTIxYjY1YzVhY2ZmODUxODQ5ZmFhODVjODUzOTVhYTIyZDQwMTQzNmYwMWYzYWZiNjFiMTljNzgwZTkwNmM4OGM3ZjIwIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MSIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjUuMCJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0QHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9LCJlbnRyeVBvaW50IjoibGF1cmVudHNpbW9uL3Byb3ZlbmFuY2UtbnBtLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJHSVRIVUJfQUNUT1JfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNjAyMjIzOTQ1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI2NDUwNTA5OSIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDE4NzQ2NDU3NyIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiMiIsIkdJVEhVQl9TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiIxNmJhYmZmYjkxNTM4MTFlMTkzYzAxOTkzOTM5MTM1NzM3MmIyNWNlIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JZCI6IjQxODc0NjQ1NzctMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjpmYWxzZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdCIsImRpZ2VzdCI6eyJzaGExIjoiMTZiYWJmZmI5MTUzODExZTE5M2MwMTk5MzkzOTEzNTczNzJiMjVjZSJ9fV19fQ==",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEUCIQDJahTpSnlv6HzUj2y1/PBYLFy8hhJ+5eABY7uy8RPsGQIgJVuL3Gr9yb2TPUEMs6Iei5HPHbyGl6ixgd41yvy07RQ=",
+            "keyid": ""
+          }
+        ]
+      }
+    }
+  },
+  {
+    "predicateType": "https://github.com/npm/attestation/tree/main/specs/publish/v0.1",
+    "bundle": {
+      "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+      "verificationMaterial": {
+        "publicKey": {
+          "hint": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+        },
+        "tlogEntries": [
+          {
+            "logIndex": "13420289",
+            "logId": {
+              "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+            },
+            "kindVersion": {
+              "kind": "intoto",
+              "version": "0.0.2"
+            },
+            "integratedTime": "1676489615",
+            "inclusionPromise": {
+              "signedEntryTimestamp": "MEUCICYgQbiFj7t0A9B/p4Hkq5H0gB41InPBFFnhEeuP4Fo0AiEA7fGqVACs5cFpoQGHX8HVDq/jKBWbS0gutPXpcOz6r6g="
+            },
+            "inclusionProof": null,
+            "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7ImtleWlkIjoiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLCJwdWJsaWNLZXkiOiJMUzB0TFMxQ1JVZEpUaUJRVlVKTVNVTWdTMFZaTFMwdExTMEtUVVpyZDBWM1dVaExiMXBKZW1vd1EwRlJXVWxMYjFwSmVtb3dSRUZSWTBSUlowRkZNVTlzWWpONlRVRkdSbmhZUzBocFNXdFJUelZqU2pOWmFHdzFhVFpWVUhBclNXaDFkR1ZDU21KMVNHTkJOVlZ2WjB0dk1FVlhkR3hYZDFjMlMxTmhTMjlVVGtWWlREZEtiRU5SYVZadWEyaENhM1JWWjJjOVBRb3RMUzB0TFVWT1JDQlFWVUpNU1VNZ1MwVlpMUzB0TFMwPSIsInNpZyI6IlRVVlJRMGxETURGaFJqbFFZVWxtSzNOcVkzRlBiVzQwUVZaVU56bFBWMFJuVkZGVk5XVXZiVkp0TVcweVNIWjVRV2xCY0hCNk1FWkxWVzFEVjJwdVUyUnJORzB5VkdGTlpXMXFSRXRqUlcxTVdFSTRWVVpFTlZsYWRETTJaejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjkxNDU3YjdiYzg1NTgwY2Y2NTAxNDM5NDU5ZDYyOWI0YzBlOTUxNmFjNzc3NTllNGQwNzMwZjVlMTUxNjRkMDcifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZmFmZTQwMmJiYzBiMTNhMmFmMmIzMjhjYmNjNmFiZTlmZTA1MGRkNDUzNjNkNTE1YWIyYzk4MjA3NDMwNjVkIn19fX0="
+          }
+        ],
+        "timestampVerificationData": null
+      },
+      "dsseEnvelope": {
+        "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50QS92MC4xIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAicGtnOm5wbS8lNDBsYXVyZW50c2ltb24vcHJvdmVuYW5jZS1ucG0tdGVzdEAxLjAuMCIsCiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTUxMiI6ICIyOWQxOWYyNjIzM2Y0NDQxMzI4NDEyYjM0ZmQ3M2VkMTA0ZWNmZWY2MmYxNDA5Nzg5MGNjY2Y3NDU1YjUyMWI2NWM1YWNmZjg1MTg0OWZhYTg1Yzg1Mzk1YWEyMmQ0MDE0MzZmMDFmM2FmYjYxYjE5Yzc4MGU5MDZjODhjN2YyMCIKICAgICAgfQogICAgfQogIF0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9naXRodWIuY29tL25wbS9hdHRlc3RhdGlvbi90cmVlL21haW4vc3BlY3MvcHVibGlzaC92MC4xIiwKICAicHJlZGljYXRlIjogewogICAgIm5hbWUiOiAiQGxhdXJlbnRzaW1vbi9wcm92ZW5hbmNlLW5wbS10ZXN0IiwKICAgICJ2ZXJzaW9uIjogIjEuMC4wIiwKICAgICJyZWdpc3RyeSI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZyIKICB9Cn0K",
+        "payloadType": "application/vnd.in-toto+json",
+        "signatures": [
+          {
+            "sig": "MEQCIC01aF9PaIf+sjcqOmn4AVT79OWDgTQU5e/mRm1m2HvyAiAppz0FKUmCWjnSdk4m2TaMemjDKcEmLXB8UFD5YZt36g==",
+            "keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
+          }
+        ]
+      }
+    }
+  }
+]
diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go
index c5ce51b41..d2b887899 100644
--- a/verifiers/internal/gha/verifier.go
+++ b/verifiers/internal/gha/verifier.go
@@ -54,15 +54,19 @@ func verifyEnvAndCert(env *dsse.Envelope,
 		return nil, nil, err
 	}
 
-	// Verify the workflow identity.
-	builderID, err := VerifyWorkflowIdentity(workflowInfo, builderOpts,
-		provenanceOpts.ExpectedSourceURI, defaultBuilders)
+	// Verify the builder identity.
+	builderID, err := VerifyBuilderIdentity(workflowInfo, builderOpts, defaultBuilders)
 	if err != nil {
 		return nil, nil, err
 	}
 
+	// Verify the source repository from the certificate.
+	if err := VerifyCertficateSourceRepository(workflowInfo, provenanceOpts.ExpectedSourceURI); err != nil {
+		return nil, nil, err
+	}
+
 	// Verify properties of the SLSA provenance.
-	// Unpack and verify info in the provenance, including the Subject Digest.
+	// Unpack and verify info in the provenance, including the subject Digest.
 	provenanceOpts.ExpectedBuilderID = builderID.String()
 	if err := VerifyProvenance(env, provenanceOpts); err != nil {
 		return nil, nil, err
@@ -80,6 +84,65 @@ func verifyEnvAndCert(env *dsse.Envelope,
 	return r, builderID, nil
 }
 
+func verifyNpmEnvAndCert(env *dsse.Envelope,
+	cert *x509.Certificate,
+	provenanceOpts *options.ProvenanceOpts,
+	builderOpts *options.BuilderOpts,
+	defaultBuilders map[string]bool,
+) (*utils.TrustedBuilderID, error) {
+	/* Verify properties of the signing identity. */
+	// Get the workflow info given the certificate information.
+	workflowInfo, err := GetWorkflowInfoFromCertificate(cert)
+	if err != nil {
+		return nil, err
+	}
+
+	// Verify the workflow identity.
+	trustedBuilderID, err := VerifyBuilderIdentity(workflowInfo, builderOpts, defaultBuilders)
+	// We accept a non-trusted builder for the default npm builder
+	// that uses npm CLI.
+	if err != nil && !errors.Is(err, serrors.ErrorUntrustedReusableWorkflow) {
+		return nil, err
+	}
+
+	// TODO(#493): retrieve certificate information to match
+	// with the provenance.
+	// Today it's not possible due to lack of information in the cert.
+	// Verify the source repository from the certificate.
+	if err := VerifyCertficateSourceRepository(workflowInfo, provenanceOpts.ExpectedSourceURI); err != nil {
+		return nil, err
+	}
+
+	// Verify properties of the SLSA provenance.
+	// Unpack and verify info in the provenance, including the Subject Digest.
+	// WARNING: builderID may be empty if it's not a reusable builder workflow.
+	if trustedBuilderID != nil {
+		provenanceOpts.ExpectedBuilderID = trustedBuilderID.String()
+	} else {
+		if builderOpts == nil || builderOpts.ExpectedID == nil {
+			return nil, fmt.Errorf("builder mistmatch. No builder ID provided by user , got '%v'", builderGitHubRunnerID)
+		}
+		// TODO(#494): update the builder ID name.
+		trustedBuilderID, err = utils.TrustedBuilderIDNew(builderGitHubRunnerID)
+		if err != nil {
+			return nil, err
+		}
+		if err := trustedBuilderID.Matches(*builderOpts.ExpectedID, false); err != nil {
+			return nil, fmt.Errorf("builder mistmatch. %w", err)
+		}
+	}
+
+	if err := VerifyNpmPackageProvenance(env, provenanceOpts); err != nil {
+		return nil, err
+	}
+
+	fmt.Fprintf(os.Stderr, "Verified build using builder %s at commit %s\n",
+		trustedBuilderID.String(),
+		workflowInfo.CallerHash)
+
+	return trustedBuilderID, nil
+}
+
 // VerifyArtifact verifies provenance for an artifact.
 func (v *GHAVerifier) VerifyArtifact(ctx context.Context,
 	provenance []byte, artifactHash string,
@@ -179,3 +242,62 @@ func (v *GHAVerifier) VerifyImage(ctx context.Context,
 	}
 	return nil, nil, fmt.Errorf("%w", serrors.ErrorNoValidSignature)
 }
+
+// VerifyNpmPackage verifies an npm package tarball.
+func (v *GHAVerifier) VerifyNpmPackage(ctx context.Context,
+	attestations []byte, tarballHash string,
+	provenanceOpts *options.ProvenanceOpts,
+	builderOpts *options.BuilderOpts,
+) ([]byte, *utils.TrustedBuilderID, error) {
+	trustedRoot, err := GetTrustedRoot(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	npm, err := NpmNew(ctx, trustedRoot, attestations)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Verify provenance signature.
+	if err := npm.verifyProvenanceAttestationSignature(); err != nil {
+		return nil, nil, err
+	}
+
+	// Verify publish attesttation signature.
+	if err := npm.verifyPublishAttesttationSignature(); err != nil {
+		return nil, nil, err
+	}
+
+	// Verify attestation headers.
+	if err := npm.verifyIntotoHeaders(); err != nil {
+		return nil, nil, err
+	}
+
+	// Verify package names match.
+	if provenanceOpts != nil {
+		if err := npm.verifyPackageName(provenanceOpts.ExpectedPackageName); err != nil {
+			return nil, nil, err
+		}
+
+		if err := npm.verifyPackageVersion(provenanceOpts.ExpectedPackageVersion); err != nil {
+			return nil, nil, err
+		}
+	}
+
+	// Verify certificate information.
+	builder, err := verifyNpmEnvAndCert(npm.ProvenanceEnvelope(),
+		npm.ProvenanceLeafCertificate(),
+		provenanceOpts, builderOpts,
+		defaultBYOBReusableWorkflows)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	prov, err := npm.verifiedProvenanceBytes()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return prov, builder, nil
+}
diff --git a/verifiers/utils/container/container.go b/verifiers/utils/container/container.go
index 2d89ab642..96934eea3 100644
--- a/verifiers/utils/container/container.go
+++ b/verifiers/utils/container/container.go
@@ -2,7 +2,6 @@ package container
 
 import (
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/google/go-containerregistry/pkg/crane"
@@ -18,36 +17,19 @@ func GetImageDigest(image string) (string, error) {
 	return strings.TrimPrefix(digest, "sha256:"), nil
 }
 
-// ValidateArtifactReference verifies that the reference is immutable
-// and has digest `digest`.
-func ValidateArtifactReference(image, expectedDigest string) error {
-	// Check if the image refers to a file.
-	// If it does, we don't expect users to provide an 'imutable'
-	// reference with `@sha256:xxx`.
-	_, err := os.Stat(image)
-	if err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("os.Stat(): %w", err)
-	}
-	if !os.IsNotExist(err) {
-		return nil
-	}
-
-	// For image in a registry, only allow immutable images.
+// GetDigestFromImmutableReference verifies that the reference is immutable
+// and returns the `digest`.
+func GetDigestFromImmutableReference(image string) (string, error) {
+	// Only allow immutable images.
 	ref, err := crname.ParseReference(image)
 	if err != nil {
-		return fmt.Errorf("crane.ParseReference(): %w", err)
+		return "", fmt.Errorf("crane.ParseReference(): %w", err)
 	}
 
 	if !strings.HasPrefix(ref.Identifier(), "sha256:") {
-		return fmt.Errorf("%w: expected '%s@sha256:%s', got '%s'",
-			serrors.ErrorMutableImage, image, expectedDigest, image)
-	}
-
-	digest := strings.TrimPrefix(ref.Identifier(), "sha256:")
-	if expectedDigest != digest {
-		return fmt.Errorf("%w: expected digest '%s', got '%s'",
-			serrors.ErrorInternal, expectedDigest, digest)
+		return "", fmt.Errorf("%w: '%s'",
+			serrors.ErrorMutableImage, image)
 	}
 
-	return nil
+	return strings.TrimPrefix(ref.Identifier(), "sha256:"), nil
 }
diff --git a/verifiers/utils/dsse.go b/verifiers/utils/dsse.go
new file mode 100644
index 000000000..d839d6340
--- /dev/null
+++ b/verifiers/utils/dsse.go
@@ -0,0 +1,45 @@
+package utils
+
+import (
+	"encoding/base64"
+	"fmt"
+
+	dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse"
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+)
+
+func PayloadFromEnvelope(env *dsselib.Envelope) ([]byte, error) {
+	payload, err := base64.StdEncoding.DecodeString(env.Payload)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error())
+	}
+	if payload == nil {
+		return nil, fmt.Errorf("%w: empty payload", serrors.ErrorInvalidFormat)
+	}
+	return payload, nil
+}
+
+func DecodeSignature(s string) ([]byte, error) {
+	var errs []error
+	// First try the std decoding.
+	rsig, err := base64.StdEncoding.DecodeString(s)
+	if err == nil {
+		// No error, return the value.
+		return rsig, nil
+	}
+	errs = append(errs, err)
+
+	// If std decoding failed, try URL decoding.
+	// We try both because we encountered decoding failures
+	// during our tests. The DSSE documentation does not prescribe
+	// which encoding to use: `Either standard or URL-safe encoding is allowed`.
+	// https://github.com/secure-systems-lab/dsse/blob/27ce241dec575998dee8967c3c76d4edd5d6ee73/envelope.md#standard-json-envelope.
+	rsig, err = base64.URLEncoding.DecodeString(s)
+	if err == nil {
+		// No error, return the value.
+		return rsig, nil
+	}
+	errs = append(errs, err)
+
+	return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidEncoding, errs)
+}
diff --git a/verifiers/utils/dsse_test.go b/verifiers/utils/dsse_test.go
new file mode 100644
index 000000000..70d6bc3fd
--- /dev/null
+++ b/verifiers/utils/dsse_test.go
@@ -0,0 +1,55 @@
+package utils
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+)
+
+func Test_DecodeSignature(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name     string
+		encoded  string
+		decoded  string
+		expected error
+	}{
+		{
+			name:    "std encoding",
+			encoded: "YWJjMTIzIT8kKiYoKSctPUB+",
+			decoded: "abc123!?$*&()'-=@~",
+		},
+		{
+			name:    "URL encoding",
+			encoded: "YWJjMTIzIT8kKiYoKSctPUB-",
+			decoded: "abc123!?$*&()'-=@~",
+		},
+		{
+			name:     "invalid",
+			encoded:  "invalid encoding",
+			expected: serrors.ErrorInvalidEncoding,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt // Re-initializing variable so it is not changed while executing the closure below
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			c, err := DecodeSignature(tt.encoded)
+			if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) {
+				t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors()))
+			}
+			if err != nil {
+				return
+			}
+			cs := string(c)
+			if cs != tt.decoded {
+				t.Errorf(cmp.Diff(cs, tt.decoded))
+			}
+		})
+	}
+}
diff --git a/verifiers/utils/source_tag.go b/verifiers/utils/source_tag.go
new file mode 100644
index 000000000..d04669de1
--- /dev/null
+++ b/verifiers/utils/source_tag.go
@@ -0,0 +1,79 @@
+package utils
+
+import (
+	"fmt"
+	"strings"
+
+	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
+	"golang.org/x/mod/semver"
+)
+
+func VerifyVersionedTag(provenanceTag, expectedTag string) error {
+	if !semver.IsValid(expectedTag) {
+		return fmt.Errorf("%s: %w", expectedTag, serrors.ErrorInvalidSemver)
+	}
+
+	semTag := semver.Canonical(provenanceTag)
+	if !semver.IsValid(semTag) {
+		return fmt.Errorf("%s: %w", provenanceTag, serrors.ErrorInvalidSemver)
+	}
+
+	// Major should always be the same.
+	expectedMajor := semver.Major(expectedTag)
+	major := semver.Major(semTag)
+	if major != expectedMajor {
+		return fmt.Errorf("%w: major version expected '%s', got '%s'",
+			serrors.ErrorMismatchVersionedTag, expectedMajor, major)
+	}
+
+	expectedMinor, err := minorVersion(expectedTag)
+	if err == nil {
+		// A minor version was provided by the user.
+		minor, err := minorVersion(semTag)
+		if err != nil {
+			return err
+		}
+
+		if minor != expectedMinor {
+			return fmt.Errorf("%w: minor version expected '%s', got '%s'",
+				serrors.ErrorMismatchVersionedTag, expectedMinor, minor)
+		}
+	}
+
+	expectedPatch, err := patchVersion(expectedTag)
+	if err == nil {
+		// A patch version was provided by the user.
+		patch, err := patchVersion(semTag)
+		if err != nil {
+			return err
+		}
+
+		if patch != expectedPatch {
+			return fmt.Errorf("%w: patch version expected '%s', got '%s'",
+				serrors.ErrorMismatchVersionedTag, expectedPatch, patch)
+		}
+	}
+
+	// Match.
+	return nil
+}
+
+func minorVersion(v string) (string, error) {
+	return extractFromVersion(v, 1)
+}
+
+func patchVersion(v string) (string, error) {
+	patch, err := extractFromVersion(v, 2)
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSuffix(patch, semver.Build(v)), nil
+}
+
+func extractFromVersion(v string, i int) (string, error) {
+	parts := strings.Split(v, ".")
+	if len(parts) <= i {
+		return "", fmt.Errorf("%s: %w", v, serrors.ErrorInvalidSemver)
+	}
+	return parts[i], nil
+}
diff --git a/verifiers/verifier.go b/verifiers/verifier.go
index e8ce53fbc..f131e89e3 100644
--- a/verifiers/verifier.go
+++ b/verifiers/verifier.go
@@ -61,3 +61,17 @@ func VerifyArtifact(ctx context.Context,
 	return verifier.VerifyArtifact(ctx, provenance, artifactHash,
 		provenanceOpts, builderOpts)
 }
+
+func VerifyNpmPackage(ctx context.Context,
+	attestations []byte, tarballHash string,
+	provenanceOpts *options.ProvenanceOpts,
+	builderOpts *options.BuilderOpts,
+) ([]byte, *utils.TrustedBuilderID, error) {
+	verifier, err := getVerifier(builderOpts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return verifier.VerifyNpmPackage(ctx, attestations, tarballHash,
+		provenanceOpts, builderOpts)
+}