docs: update PROJECT_STATE + FEATURE_STATUS post-v1.0.8

Both files were dated v1.0.4 (2026-04-15) — three releases out of
date. Surgical updates rather than a rewrite, since the underlying
feature inventory is mostly unchanged.

PROJECT_STATE.md
- §1 "Version actuelle" : tag v1.0.4 → v1.0.8 (2026-04-26). Phase
  description + next-version hint refreshed (v1.0.9 with item G +
  WebRTC TURN as cibles).
- §2 "Ce qui est livré" : prepended v1.0.8, v1.0.7, v1.0.5–v1.0.6.2
  consolidated entries (with batch labels A/B/B9/C and the
  money-movement plan items A–F). The v0.x sections kept verbatim
  for archive — they document phases that pre-date the launch.
- §3 "Prochaines étapes" : replaced the v0.701 retry/dashboard plan
  (long since shipped) with the v1.0.9 candidate list, ordered by
  effort × impact. Item G subscription pending_payment + WebRTC TURN
  are the two cibles. C6 flake stab + wrappers consolidation +
  multipart S3 + register UX + email tokens header migration listed
  alongside.

FEATURE_STATUS.md
- Header date refreshed to 2026-04-26 / v1.0.8 with the chantier
  summary.
- "Upload de tracks" row : added the v1.0.8 MinIO/S3 wiring detail
  (TRACK_STORAGE_BACKEND flag, chunked upload assembly, signed-URL
  redirect 302).
- "HLS Streaming" feature-flag row : flipped default from `true`
  (v0.101 era) to `false` (v1.0.7 default) — referencing the
  fallback /tracks/:id/stream Range cache bypass landed in
  v1.0.7-rc1 commit `b875efcff`.
- "Appels WebRTC" limitation row : note refreshed — signaling OK,
  NAT traversal still HS without STUN/TURN per FUNCTIONAL_AUDIT 🟡 #1,
  cible bumped from v1.1 to v1.0.9 (matches the v1.0.9 plan above).

The v0.x section in PROJECT_STATE.md (Phases 1–5) intentionally left
as-is — it serves as historical record of what shipped before
launch. Future agents reading the file should focus on §1, §2 v1.0.x,
and §3 for current state.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.github/workflows/ci.yml

@@ -106,6 +106,13 @@ jobs:
             - name: Install dependencies
               run: npm ci
 
+            # Prevents drift between veza-backend-api/openapi.yaml and
+            # apps/web/src/types/generated/. Regenerates then fails if
+            # git diff is non-empty.
+            - name: Check OpenAPI types in sync
+              run: bash scripts/check-types-sync.sh
+              working-directory: apps/web
+
             - name: Lint
               # NOTE: --max-warnings is temporarily raised to 2000 while the
               # team resorbs the ESLint warning backlog (1167 at last count,
@@ -122,6 +129,13 @@ jobs:
               run: npm run build
               working-directory: apps/web
 
+            - name: Bundle size gate
+              run: node scripts/check-bundle-size.mjs
+              working-directory: apps/web
+
+            - name: Audit dependencies
+              run: npm audit --audit-level=critical
+
             - name: Unit tests
               run: npx vitest run --reporter=verbose
               working-directory: apps/web

.github/workflows/frontend-ci.yml

@@ -1,64 +0,0 @@
-name: Frontend CI
-
-on:
-    push:
-        paths:
-            - "apps/web/**"
-            - "veza-backend-api/openapi.yaml"
-            - "veza-backend-api/docs/swagger.yaml"
-            - ".github/workflows/frontend-ci.yml"
-    pull_request:
-        paths:
-            - "apps/web/**"
-            - "veza-backend-api/openapi.yaml"
-            - "veza-backend-api/docs/swagger.yaml"
-            - ".github/workflows/frontend-ci.yml"
-
-env:
-    GIT_SSL_NO_VERIFY: "true"
-    NODE_TLS_REJECT_UNAUTHORIZED: "0"
-
-jobs:
-    test:
-        runs-on: ubuntu-latest
-
-        defaults:
-            run:
-                working-directory: apps/web
-
-        steps:
-            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-            - name: Set up Node
-              uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
-              with:
-                  node-version: "20"
-                  cache: "npm"
-                  cache-dependency-path: apps/web/package-lock.json
-
-            - name: Install dependencies
-              run: npm ci
-
-            # v1.0.8 OpenAPI Phase 0 — prevents drift between
-            # veza-backend-api/openapi.yaml and apps/web/src/types/generated/.
-            # check-types-sync.sh regenerates then fails if git diff is non-empty.
-            - name: Check OpenAPI types in sync
-              run: bash scripts/check-types-sync.sh
-
-            - name: Lint
-              run: npm run lint
-
-            - name: TypeScript check
-              run: npx tsc --noEmit
-
-            - name: Build
-              run: npm run build
-
-            - name: Bundle size gate
-              run: node scripts/check-bundle-size.mjs
-
-            - name: Audit dependencies
-              run: npm audit --audit-level=critical
-
-            - name: Run tests
-              run: npm run test -- --run

CLAUDE.md

@@ -3,7 +3,7 @@
 > **Ce fichier est le system prompt de Claude Code pour le projet Veza.**
 > Il est lu automatiquement à chaque session.
 >
-> **Dernière mise à jour** : 2026-04-14 (v1.0.4, post-audit).
+> **Dernière mise à jour** : 2026-04-26 (v1.0.8, post-orval+E2E-CI session).
 > Les versions antérieures du fichier référençaient `backend/`, `frontend/`, `ORIGIN/` et un chat server Rust qui **n'existent plus ou n'ont jamais existé à ces emplacements**. Voir §Historique à la fin.
 
 ---
@@ -22,7 +22,7 @@ Tu es expert en :
 
 ---
 
-## 🏗️ Architecture réelle du repo (à jour 2026-04-14)
+## 🏗️ Architecture réelle du repo (à jour 2026-04-26)
 
 ```
 veza/
@@ -151,16 +151,20 @@ veza/
 | ------------- | ---------------------------------- | ----------------------------------------------- |
 | Backend API   | Go + Gin + GORM                    | **Go 1.25** (bumped pour golangci-lint v2.11.4) |
 | Stream        | Rust + Axum + Tokio                | Axum 0.8, Tokio 1.35                            |
-| Frontend      | React + Vite + TS strict           | React 18.2, Vite 5, TS 5.9.3                    |
-| State front   | Zustand + React Query 5            |                                                 |
+| Frontend      | React + Vite + TS strict           | React 18.2, **Vite 7.1.5**, TS 5.9.3            |
+| State front   | Zustand 4.5 + React Query 5.17     |                                                 |
+| HTTP client   | Axios 1.13                         |                                                 |
+| OpenAPI typegen | **orval ^7** (services + RQ hooks) | `apps/web/orval.config.ts`. Source unique depuis v1.0.8 B9 — `@openapitools/openapi-generator-cli` désinstallé. |
 | Postgres      | 16                                 | docker-compose pinned                           |
 | Redis         | 7                                  |                                                 |
-| Elasticsearch | 8.11.0                             | docker-compose.dev.yml                          |
+| Elasticsearch | 8.11.0                             | docker-compose.dev.yml uniquement (orphelin prod, search utilise Postgres FTS) |
 | RabbitMQ      | 3-management                       |                                                 |
 | ClamAV        | 1.4                                | SEC-MED-003                                     |
+| MinIO         | RELEASE.2025-09-07T16-13-09Z       | 4 compose files pinned (commit `4310dbb7`)      |
 | Hyperswitch   | 2026.03.11.0                       |                                                 |
 | JWT           | RS256 prod / HS256 fallback dev    | jwt v5                                          |
-| CI            | Forgejo Actions (self-hosted R720) | `.github/workflows/ci.yml` consolidé            |
+| CI            | Forgejo Actions (self-hosted R720) | `.github/workflows/{ci,e2e,go-fuzz,security-scan,trivy-fs}.yml` |
+| E2E           | Playwright 1.57 (`@critical` PR / full push+nightly) | `tests/e2e/playwright.config.ts`, runbook `docs/CI_E2E.md` |
 
 ---
 
@@ -456,6 +460,8 @@ Le repo a des commits parallèles (mainteneur + bots Forgejo). Si `git pull` don
 - **2026-03-03** : release `v1.0.0`.
 - **2026-03-13** : tag `v1.0.2`.
 - **2026-04-14** : tag `v1.0.3` existant, cible `v1.0.4` pour la release post-cleanup.
+- **2026-04-23** : release `v1.0.7` (BFG history rewrite, .git 2.3 GB → 66 MB, transactions marketplace, UserRateLimiter wired).
+- **2026-04-26** : release `v1.0.8` (MinIO storage end-to-end, OpenAPI orval migration, drop `@openapitools/openapi-generator-cli` legacy generator, E2E Playwright workflow + `--ci` seed flag, queue+password handler annotations, full authService → orval).
 
 ---
 

apps/web/package.json

@@ -132,6 +132,7 @@
     "eslint-plugin-react-hooks": "^5.0.0",
     "eslint-plugin-react-refresh": "^0.4.5",
     "eslint-plugin-storybook": "10.3.3",
+    "fast-check": "^4.7.0",
     "husky": "^9.1.7",
     "jsdom": "^24.0.0",
     "msw": "^2.11.2",

docs/FEATURE_STATUS.md

@@ -1,6 +1,6 @@
 # Statut des fonctionnalités — Veza
 
-**Dernière mise à jour** : avril 2026 — v1.0.4 (release cleanup post-audit, CI verte, dette RGPD fermée)
+**Dernière mise à jour** : 2026-04-26 — **v1.0.8** (MinIO end-to-end, OpenAPI orval = single source, E2E Playwright workflow, queue + auth password annotations, authService 9/9).
 
 Ce document décrit le statut réel des fonctionnalités par rapport au code.
 
@@ -12,7 +12,7 @@ Ce document décrit le statut réel des fonctionnalités par rapport au code.
 | 2FA (TOTP)                                              | Oui      | Oui     | Complet                                                                                                                                                                            |
 | OAuth (Google, GitHub, Discord, Spotify)                | Oui      | Oui     | Opérationnel (v0.601) — tous les fournisseurs                                                                                                                                      |
 | Profils utilisateur                                     | Oui      | Oui     | Bannière, liens sociaux, profil privé (v0.103 B1-B3)                                                                                                                               |
-| Upload de tracks                                        | Oui      | Oui     | Complet                                                                                                                                                                            |
+| Upload de tracks                                        | Oui      | Oui     | Complet. v1.0.8 : MinIO/S3 backend wired (`TRACK_STORAGE_BACKEND=s3` flag), chunked upload assemblé puis stream single-shot vers S3, 302 redirect signed URL pour stream/download.   |
 | CRUD Tracks                                             | Oui      | Oui     | Complet — BPM, musical_key, lyrics, tags (v0.201 Lot E)                                                                                                                            |
 | Playlists (CRUD, collaboration)                         | Oui      | Oui     | Complet                                                                                                                                                                            |
 | Chat WebSocket                                          | Oui      | Oui     | Opérationnel — réécrit en Go (v0.502), intégré dans backend API                                                                                                                    |
@@ -45,7 +45,7 @@ Ce document décrit le statut réel des fonctionnalités par rapport au code.
 
 | Feature                  | Flag                                      | Backend                                                                                                                                     |
 | ------------------------ | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
-| HLS Streaming            | `HLS_STREAMING: true` (v0.101)            | Opérationnel (v0.503) — Backend serving routes (master.m3u8, quality playlists, segments), frontend ABR player, HLS_STREAMING feature flag. |
+| HLS Streaming            | `HLS_STREAMING: false` (v1.0.7 default)   | **Off par défaut depuis v1.0.7** (FUNCTIONAL_AUDIT §4 #5 — fallback `/tracks/:id/stream` Range cache bypass v1.0.7-rc1 commit `b875efcff`). Backend serving routes opérationnel quand activé (master.m3u8, quality playlists, segments). Frontend ABR player wired. |
 | Role Management          | `ROLE_MANAGEMENT`                         | Opérationnel si activé                                                                                                                      |
 | Playlist Share           | `PLAYLIST_SHARE: true` (v0.102)           | Opérationnel                                                                                                                                |
 | Playlist Recommendations | `PLAYLIST_RECOMMENDATIONS: true` (v0.102) | Opérationnel                                                                                                                                |
@@ -55,7 +55,7 @@ Ce document décrit le statut réel des fonctionnalités par rapport au code.
 | Feature                       | Limitation                                                                                                 | Version cible            |
 | ----------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------ |
 | **Go Live** (streaming vidéo) | Livré v0.703 — page /live/go-live, stream key, OBS instructions                                            | —                        |
-| **Appels WebRTC**             | Beta — fonctionne mieux sur le même réseau local (TURN/STUN v1.1)                                          | v1.1 (flag WEBRTC_CALLS) |
+| **Appels WebRTC**             | Signaling ✅ ; **NAT traversal HS sans STUN/TURN** (FUNCTIONAL_AUDIT 🟡 #1 — toujours ouvert). Cible v1.0.9 — coturn déploiement à prévoir. | v1.0.9 (flag WEBRTC_CALLS) |
 | **2FA SMS**                   | Option « Envoyer par SMS » pendant la vérification 2FA — requiert infra Twilio + users.phone_number        | v0.104                   |
 | **Passkeys / WebAuthn**       | Login sans mot de passe — requiert go-webauthn, table webauthn_credentials, frontend navigator.credentials | v0.104                   |
 

docs/PROJECT_STATE.md

@@ -6,23 +6,59 @@
 
 ## 1. Version actuelle
 
-| Élément               | Valeur                                      |
-| --------------------- | ------------------------------------------- |
-| **Dernier tag**       | v1.0.4 (2026-04-15)                         |
-| **Branche courante**  | `main`                                      |
-| **Phase**             | Phase 9 — v1.0 Launch — Post-cleanup stable |
-| **Prochaine version** | v1.0.5 ou v1.1.0 selon scope                |
+| Élément               | Valeur                                                     |
+| --------------------- | ---------------------------------------------------------- |
+| **Dernier tag**       | **v1.0.8** (2026-04-26)                                    |
+| **Branche courante**  | `main`                                                     |
+| **Phase**             | Phase 9+ — v1.0 Launch — Stabilisation continue            |
+| **Prochaine version** | v1.0.9 (Item G subscription + WebRTC TURN/STUN cibles)     |
 
-> v1.0.4 est une **release cleanup** post-audit : 7 jours de sprint
-> (J1–J7), ~-220 MB de débris retirés, docs alignées sur la réalité,
-> TODO RGPD `HIGH-007` fermé, CI consolidée verte. Voir `CHANGELOG.md`
-> pour le détail. `AUDIT_REPORT.md` à la racine contient l'audit qui
-> a généré ce sprint.
+> **v1.0.8** (2026-04-26) — Quatre chantiers parallèles :
+> - **Batch A** : MinIO/S3 wired bout-en-bout (upload + read + transcode), ferme le 🟡 stockage local de FUNCTIONAL_AUDIT.
+> - **Batch B** : migration OpenAPI orval — 4 services migrés (dashboard / profile / playlist / track) + authService 9/9 (incluant register / refresh / password / verify migrés post-tag dans une session dédiée d'annotation queue + auth password).
+> - **Batch B9** : suppression de `@openapitools/openapi-generator-cli` — orval = source unique. −198 fichiers / 23k LOC legacy.
+> - **Batch C** : workflow Playwright E2E sur Forgejo Actions (`@critical` PR / full push+nightly), `--ci` seed flag (~5s vs ~60s), runbook `docs/CI_E2E.md`.
+>
+> **v1.0.7** (2026-04-23) — Release post-BFG : `.git` 2.3 GB → 66 MB,
+> transactions marketplace `b5281bec`, UserRateLimiter wired
+> `ebf3276d`, certs/clés rotatées hors git.
+>
+> **v1.0.4** (2026-04-15) — Release cleanup post-audit AUDIT_REPORT v1
+> (~220 MB débris retirés, docs alignées sur la réalité, RGPD
+> HIGH-007 fermé, CI consolidée).
+>
+> Détail commit-par-commit : `CHANGELOG.md`. Audits source :
+> `AUDIT_REPORT.md` v3 + `FUNCTIONAL_AUDIT.md` v2 à la racine.
 
 ---
 
 ## 2. Ce qui est livré
 
+### v1.0.8 (2026-04-26 — Storage / OpenAPI / E2E CI)
+
+- **Batch A — MinIO/S3** : `tracks.storage_backend` column, `S3StorageService.UploadStream` + `GetSignedURL`, `TrackService.UploadTrack` wired S3, chunked upload assembly to S3, signed URL redirect 302 stream/download, transcoder lit signed HTTPS URL, `cmd/migrate_storage` CLI bulk local→S3.
+- **Batch B — OpenAPI orval migration** : install orval@^7 + Axios mutator, swaggo annotations sur 50+ endpoints (track / playlist / user / queue / password). 5 services migrés : `dashboardService`, `profileService`, `playlistService`, `trackService`, `authService` (9/9 fonctions, dont les renames wire-shape `password_confirm` → `password_confirmation`, `refreshToken` → `refresh_token`, `verifyEmail` GET→POST). `services/api/queue.ts` migré.
+- **Batch B9** : suppression `@openapitools/openapi-generator-cli` + `apps/web/src/types/generated/` (198 fichiers / 23k LOC). orval = source unique. Pre-commit drift guard simplifié.
+- **Batch C — E2E Playwright CI** : `.github/workflows/e2e.yml` (`@critical` PR / full push+nightly), `--ci` seed flag (`cmd/tools/seed --ci`, ~5s vs ~60s), `playwright.config.ts` `reuseExistingServer: !CI`, runbook `docs/CI_E2E.md`.
+- **Cleanup** : `fast-check` install (déblo­que pre-commit hermétique), CLAUDE.md stack table à jour, frontend-ci.yml fold dans ci.yml.
+
+### v1.0.7 (2026-04-23 — BFG history rewrite + hardening)
+
+- **BFG pass** : `.git` 2.3 GB → 66 MB (−97%). Stripped : binaires Go, kubectl vendoré (60 MB), audio uploads, 48 PNG racine, `.playwright-mcp/`, `.env*`, certs TLS, builds Incus.
+- **Hardening backend** : `core/marketplace/service.go` `UpdateProductImages` + `SetProductLicenses` wrappés en transaction GORM (commit `b5281bec`). `UserRateLimiter` wired dans `AuthMiddleware.RequireAuth()` (commit `ebf3276d`).
+- **`docs/ENV_VARIABLES.md`** : réécriture complète (172 → ~600 lignes), ~180 env vars surveyées du code.
+- **Orphelins** : `internal/api/handlers/{chat,rbac,rbac_test}.go`, `internal/repository/user_repository.go`, `proto/chat/chat.proto`, `veza-common/src/types/{chat,websocket}.rs`. 19 workflows `.disabled` archivés.
+- **MinIO + mc** pinned aux tags datés (`RELEASE.2025-09-07*`).
+
+### v1.0.5 / v1.0.6 / v1.0.6.1 / v1.0.6.2 (mars-avril 2026)
+
+Money-movement hardening — items A à F du plan v1.0.7 livrés en
+cascade (idempotency keys Hyperswitch, persist `stripe_transfer_id`,
+async Stripe Connect reversal worker, reconciliation sweep, webhook
+raw audit log, ledger-health Prometheus gauges + 3 alertes
+Alertmanager). Détail dans `CHANGELOG.md`. Item G (subscription
+`pending_payment`) deferred v1.0.9.
+
 ### v0.103 (Phase 1 Fondation)
 
 - Auth : OAuth Spotify (A1), Sessions enrichies (A4)
@@ -191,22 +227,24 @@
 
 ## 3. Prochaines étapes
 
-### v0.503 (livrée 2026-02-22)
+### Cible v1.0.9
 
-- SS1 : HLS Streaming E2E (backend routes + frontend ABR player)
-- CH1 : Chat hardening (rate limiter Redis, présence persistante Redis, FTS PostgreSQL)
-- CL1 : Cleanup veza-chat-server, nettoyage CI/CD/config
-- QA1 : Tests, documentation
-- Référence : [V0_503_RELEASE_SCOPE.md](V0_503_RELEASE_SCOPE.md)
+Triés par effort × impact :
 
-### Prochaine version (v0.701)
+- **Item G subscription `pending_payment`** (M, 3j) — `docs/audit-2026-04/v107-plan.md` §G. State machine + recovery endpoint + tests + E2E `@critical`. Le hotfix v1.0.6.2 compense via filter ; G replace le creation path. **TODO marqué dans `subscription/service.go`**.
+- **WebRTC STUN/TURN** (M, 1-2j) — FUNCTIONAL_AUDIT 🟡 #1. Coturn (Incus container ?), env vars, UI fallback si NAT échoue. Le seul 🟡 fonctionnel encore ouvert.
+- **Email tokens query→header** (S, 0.5j) — FUNCTIONAL_AUDIT §4 #7. Sécu (anti-leak Referer/logs). Coupler avec migration `verifyEmail` POST déjà landée v1.0.8.
+- **Register UX** (S, 0.5j) — FUNCTIONAL_AUDIT §4 #8. JWT émis avant l'email send → 403 immédiat tant que non-vérifié. Friction UX.
+- **Multipart S3 chunked upload natif** (M, 1-2j) — plan v1.0.8 D4 deferred. Aujourd'hui : assemble local puis single-shot stream 500 MB. Risque OOM en pic de concurrence.
+- **Consolider `services/api/*.ts` wrappers** (M, 1j) — auth/users/tracks/playlists/search/social. Parallèles aux feature services ; rewire ~30 importers vers feature-direct.
+- **C6 E2E flake stab** (S, 0.5j) — après le 1er run E2E vert, identifier les vrais flakes en CI vs ceux observés en dev.
 
-- Retry automatique des transferts échoués (cron + backoff exponentiel)
-- Dashboard admin des transferts (GET /admin/transfers, retry manuel)
-- Deep health checks (GET /health/deep — DB, Redis, S3, disk)
-- Startup config validation
-- Documentation API Reference
-- Référence : [V0_701_RELEASE_SCOPE.md](V0_701_RELEASE_SCOPE.md)
+### Plus tard (deferred v1.1+)
+
+- Consolidation dual-trigger transcode gRPC + RabbitMQ (FUNCTIONAL §2 parcours 2 #5).
+- Études OOM stockage si scale x10.
+- Backfill `seller_transfers.stripe_transfer_id` pour les rows pré-v1.0.7 (CHANGELOG ops task #38).
+- Sandbox Hyperswitch → prod réel (mode `live`).
 
 ---
 

package-lock.json

@@ -104,6 +104,7 @@
         "eslint-plugin-react-hooks": "^5.0.0",
         "eslint-plugin-react-refresh": "^0.4.5",
         "eslint-plugin-storybook": "10.3.3",
+        "fast-check": "^4.7.0",
         "husky": "^9.1.7",
         "jsdom": "^24.0.0",
         "msw": "^2.11.2",
@@ -11226,6 +11227,29 @@
         "@types/yauzl": "^2.9.1"
       }
     },
+    "node_modules/fast-check": {
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/fast-check/-/fast-check-4.7.0.tgz",
+      "integrity": "sha512-NsZRtqvSSoCP0HbNjUD+r1JH8zqZalyp6gLY9e7OYs7NK9b6AHOs2baBFeBG7bVNsuoukh89x2Yg3rPsul8ziQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/dubzzz"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fast-check"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "pure-rand": "^8.0.0"
+      },
+      "engines": {
+        "node": ">=12.17.0"
+      }
+    },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -16732,6 +16756,23 @@
         "url": "https://github.com/sponsors/colinhacks"
       }
     },
+    "node_modules/pure-rand": {
+      "version": "8.4.0",
+      "resolved": "https://registry.npmjs.org/pure-rand/-/pure-rand-8.4.0.tgz",
+      "integrity": "sha512-IoM8YF/jY0hiugFo/wOWqfmarlE6J0wc6fDK1PhftMk7MGhVZl88sZimmqBBFomLOCSmcCCpsfj7wXASCpvK9A==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/dubzzz"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fast-check"
+        }
+      ],
+      "license": "MIT"
+    },
     "node_modules/qs": {
       "version": "6.14.2",
       "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",