Merge branch 'nodejs:main' into main

Author: g-francesca

apps/site/pages/en/learn/getting-started/security-best-practices.md

@@ -26,6 +26,12 @@ guidelines on how to secure a Node.js application.
 
 ## Threat List
 
+The Node.js [threat model][] defines what is or is not considered a
+_vulnerability in Node.js itself_. Some of the topics below are not
+vulnerabilities in Node.js core according to that model, but they are still
+important _application-level_ threats that you should account for when building
+and operating Node.js software.
+
 ### Denial of Service of HTTP server (CWE-400)
 
 This is an attack where the application becomes unavailable for the purpose it
@@ -188,6 +194,13 @@ of requests.
 
 ### Malicious Third-Party Modules (CWE-1357)
 
+According to the Node.js [threat model][], scenarios that require a malicious
+third-party module are **not** considered vulnerabilities in Node.js core,
+because Node.js treats the code it is asked to run (including dependencies)
+as trusted. However, malicious or compromised dependencies remain one of the
+most critical _application-level_ risks for Node.js users and should be
+treated as such.
+
 Currently, in Node.js, any package can access powerful resources such as
 network access.
 Furthermore, because they also have access to the file system, they can send
@@ -198,9 +211,17 @@ arbitrary code by using `eval()`(or its equivalents).
 All code with file system write access may achieve the same thing by writing to
 new or existing files that are loaded.
 
-Node.js has an experimental[¹][experimental-features]
-[policy mechanism][] to declare the loaded resource as untrusted or trusted.
-However, this policy is not enabled by default.
+**Examples**
+
+- An attacker compromises the maintainer account of a popular logging library
+  and ships a new minor version that exfiltrates environment variables
+  (for example, database passwords or access tokens) to a remote server when
+  the logger is initialized.
+- A typosquatting package with a name similar to a well-known framework is
+  published to the npm registry. When installed, it runs a postinstall script
+  that sends SSH keys from the developer's machine to an attacker-controlled
+  endpoint.
+
 Be sure to pin dependency versions and run automatic checks for vulnerabilities
 using common workflows or npm scripts.
 Before installing a package make sure that this package is maintained and
@@ -314,6 +335,13 @@ be replaced.
 
 ### Prototype Pollution Attacks (CWE-1321)
 
+Per the Node.js [threat model][], prototype pollution that relies on an
+attacker controlling user input is **not** considered a vulnerability in
+Node.js core, because Node.js trusts the inputs provided by application code.
+Nonetheless, prototype pollution is a serious class of vulnerabilities for
+Node.js applications and third-party libraries, and you should implement
+defenses at the application and dependency level.
+
 Prototype pollution refers to the possibility of modifying or injecting properties
 into Javascript language items by abusing the usage of \_\_proto\__,
 \_constructor_, _prototype_, and other properties inherited from built-in
@@ -342,6 +370,17 @@ language.
 - [CVE-2022-21824][] (Node.js)
 - [CVE-2018-3721][] (3rd Party library: Lodash)
 
+Additional scenarios include:
+
+- A web API merges untrusted JSON request bodies into a shared configuration
+  object without validation. By sending a payload with a `__proto__` property,
+  an attacker adds unexpected properties to many objects in the process,
+  leading to logic bugs or denial of service.
+- A template rendering service accepts user-controlled options and passes them
+  directly into a deep merge utility. By polluting `Object.prototype`, an
+  attacker causes all future templates to behave unexpectedly, potentially
+  bypassing security checks that rely on object property presence.
+
 **Mitigations**
 
 - Avoid [insecure recursive merges][], see [CVE-2018-16487][].
@@ -355,6 +394,13 @@ language.
 
 ### Uncontrolled Search Path Element (CWE-427)
 
+The Node.js [threat model][] considers the file system in the environment
+accessible to Node.js as trusted. As a result, issues that rely solely on
+controlling files in those locations are **not** considered vulnerabilities in
+Node.js core. They are, however, relevant to the security of your overall
+deployment and supply chain, so you should harden your environment and use
+the mechanisms below to reduce risk.
+
 Node.js loads modules following the [Module Resolution Algorithm][].
 Therefore, it assumes the directory in which a module is requested
 (require) is trusted.
@@ -370,53 +416,28 @@ Assuming the following directory structure:
 If server.js uses `require('./auth')` it will follow the module resolution
 algorithm and load _auth_ instead of _auth.js_.
 
-**Mitigations**
+## Node.js Permission Model
 
-Using the experimental[¹][experimental-features]
-[policy mechanism with integrity checking][] can avoid the above threat.
-For the directory described above, one can use the following `policy.json`
-
-```json
-{
-  "resources": {
-    "./app/auth.js": {
-      "integrity": "sha256-iuGZ6SFVFpMuHUcJciQTIKpIyaQVigMZlvg9Lx66HV8="
-    },
-    "./app/server.js": {
-      "dependencies": {
-        "./auth": "./app/auth.js"
-      },
-      "integrity": "sha256-NPtLCQ0ntPPWgfVEgX46ryTNpdvTWdQPoZO3kHo0bKI="
-    }
-  }
-}
-```
+Node.js provides a **permission model**
+that can be used to restrict what a given process is allowed to do at runtime.
+This model complements the Node.js [threat model][].
 
-Therefore, when requiring the _auth_ module, the system will validate the
-integrity and throw an error if doesn’t match the expected one.
+When enabled (for example, using the `--permission` flag), the
+permission model lets you selectively allow or deny access to sensitive
+capabilities such as:
 
-```console
-» node --experimental-policy=policy.json app/server.js
-node:internal/policy/sri:65
-      throw new ERR_SRI_PARSE(str, str[prevIndex], prevIndex);
-      ^
-
-SyntaxError [ERR_SRI_PARSE]: Subresource Integrity string "sha256-iuGZ6SFVFpMuHUcJciQTIKpIyaQVigMZlvg9Lx66HV8=%" had an unexpected "%" at position 51
-    at new NodeError (node:internal/errors:393:5)
-    at Object.parse (node:internal/policy/sri:65:13)
-    at processEntry (node:internal/policy/manifest:581:38)
-    at Manifest.assertIntegrity (node:internal/policy/manifest:588:32)
-    at Module._compile (node:internal/modules/cjs/loader:1119:21)
-    at Module._extensions..js (node:internal/modules/cjs/loader:1213:10)
-    at Module.load (node:internal/modules/cjs/loader:1037:32)
-    at Module._load (node:internal/modules/cjs/loader:878:12)
-    at Module.require (node:internal/modules/cjs/loader:1061:19)
-    at require (node:internal/modules/cjs/helpers:99:18) {
-  code: 'ERR_SRI_PARSE'
-}
-```
+- File system reads and writes.
+- Network access (inbound and outbound).
+- Child process creation.
+- Use of native addons and other powerful APIs.
+
+This can help contain the impact of malicious or compromised dependencies,
+untrusted configuration, or unexpected behavior in your own code, since even
+trusted code will be prevented from performing actions outside the permissions
+you have explicitly granted.
 
-Note, it's always recommended the use of `--policy-integrity` to avoid policy mutations.
+Refer to the [Node.js permissions documentation][] for up-to-date flags and
+options.
 
 ## Experimental Features in Production
 
@@ -431,6 +452,8 @@ The [OpenSSF][] is leading several initiatives that can be very useful, especial
 - [OpenSSF Scorecard][] Scorecard evaluates open source projects using a series of automated security risk checks. You can use it to proactively assess vulnerabilities and dependencies in your code base and make informed decisions about accepting vulnerabilities.
 - [OpenSSF Best Practices Badge Program][] Projects can voluntarily self-certify by describing how they comply with each best practice. This will generate a badge that can be added to the project.
 
+You can also collaborate with other projects and security experts through the [OpenJS Security Collaboration Space][].
+
 [threat model]: https://github.com/nodejs/node/security/policy#the-nodejs-threat-model
 [security guidance issue]: https://github.com/nodejs/security-wg/issues/488
 [nodejs guideline]: https://github.com/goldbergyoni/nodebestpractices
@@ -445,6 +468,7 @@ The [OpenSSF][] is leading several initiatives that can be very useful, especial
 [unpublish the package]: https://docs.npmjs.com/unpublishing-packages-from-the-registry
 [CWE-444]: https://cwe.mitre.org/data/definitions/444.html
 [RFC7230]: https://datatracker.ietf.org/doc/html/rfc7230#section-3
+[Node.js permissions documentation]: https://nodejs.org/api/permissions.html#permission-model
 [policy mechanism]: https://nodejs.org/api/permissions.html#policies
 [typosquatting]: https://en.wikipedia.org/wiki/Typosquatting
 [Mitigations for lockfile poisoning]: https://blog.ulisesgascon.com/lockfile-posioned
@@ -457,9 +481,9 @@ The [OpenSSF][] is leading several initiatives that can be very useful, especial
 [CVE-2018-16487]: https://www.cve.org/CVERecord?id=CVE-2018-16487
 [scrypt]: https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback
 [Module Resolution Algorithm]: https://nodejs.org/api/modules.html#modules_all_together
-[policy mechanism with integrity checking]: https://nodejs.org/api/permissions.html#integrity-checks
 [experimental-features]: #experimental-features-in-production
 [`Socket`]: https://socket.dev/
 [OpenSSF]: https://openssf.org/
 [OpenSSF Scorecard]: https://securityscorecards.dev/
 [OpenSSF Best Practices Badge Program]: https://bestpractices.coreinfrastructure.org/en
+[OpenJS Security Collaboration Space]: https://github.com/openjs-foundation/security-collab-space

packages/ui-components/src/Icons/PartnerLogos/DigitalOcean/Logo.tsx

@@ -18,9 +18,7 @@ const DigitalOcean: FC<SVGProps<SVGSVGElement>> = props => (
                 <path
                   id="XMLID_49_"
                   fill="currentColor"
-                  d="M52.1,102.1l0-19.6c20.8,0,36.8-20.6,28.9-42.4C78,32,71.6,25.5,63.5,22.6
-                  c-21.8-7.9-42.4,8.1-42.4,28.9c0,0,0,0,0,0l-19.6,0c0-33.1,32-58.9,66.7-48.1c15.2,4.7,27.2,16.8,31.9,31.9
-                  C110.9,70.1,85.2,102.1,52.1,102.1z"
+                  d="M52.1,102.1l0-19.6c20.8,0,36.8-20.6,28.9-42.4C78,32,71.6,25.5,63.5,22.6 c-21.8-7.9-42.4,8.1-42.4,28.9c0,0,0,0,0,0l-19.6,0c0-33.1,32-58.9,66.7-48.1c15.2,4.7,27.2,16.8,31.9,31.9 C110.9,70.1,85.2,102.1,52.1,102.1z"
                 />
               </g>
               <polygon
@@ -52,15 +50,12 @@ const DigitalOcean: FC<SVGProps<SVGSVGElement>> = props => (
         <path
           id="XMLID_2635_"
           fill="currentColor"
-          d="M181.5,30.2c-5.8-4-13-6.1-21.4-6.1h-18.3v58.1h18.3c8.4,0,15.6-2.1,21.4-6.4
-          c3.2-2.2,5.7-5.4,7.4-9.3c1.7-3.9,2.6-8.5,2.6-13.7c0-5.1-0.9-9.7-2.6-13.6C187.2,35.4,184.7,32.3,181.5,30.2z M152.5,34h5.8
-          c6.4,0,11.7,1.3,15.7,3.7c4.4,2.7,6.7,7.8,6.7,15.1c0,7.6-2.3,12.9-6.7,15.8h0c-3.8,2.5-9.1,3.8-15.6,3.8h-5.8V34z"
+          d="M181.5,30.2c-5.8-4-13-6.1-21.4-6.1h-18.3v58.1h18.3c8.4,0,15.6-2.1,21.4-6.4 c3.2-2.2,5.7-5.4,7.4-9.3c1.7-3.9,2.6-8.5,2.6-13.7c0-5.1-0.9-9.7-2.6-13.6C187.2,35.4,184.7,32.3,181.5,30.2z M152.5,34h5.8 c6.4,0,11.7,1.3,15.7,3.7c4.4,2.7,6.7,7.8,6.7,15.1c0,7.6-2.3,12.9-6.7,15.8h0c-3.8,2.5-9.1,3.8-15.6,3.8h-5.8V34z"
         />
         <path
           id="XMLID_2634_"
           fill="currentColor"
-          d="M204.3,23.4c-1.8,0-3.3,0.6-4.5,1.8c-1.2,1.2-1.9,2.7-1.9,4.4c0,1.8,0.6,3.3,1.9,4.5
-          c1.2,1.2,2.7,1.9,4.5,1.9c1.8,0,3.3-0.6,4.5-1.9c1.2-1.2,1.9-2.8,1.9-4.5c0-1.8-0.6-3.3-1.9-4.4C207.6,24,206,23.4,204.3,23.4z"
+          d="M204.3,23.4c-1.8,0-3.3,0.6-4.5,1.8c-1.2,1.2-1.9,2.7-1.9,4.4c0,1.8,0.6,3.3,1.9,4.5 c1.2,1.2,2.7,1.9,4.5,1.9c1.8,0,3.3-0.6,4.5-1.9c1.2-1.2,1.9-2.8,1.9-4.5c0-1.8-0.6-3.3-1.9-4.4C207.6,24,206,23.4,204.3,23.4z"
         />
         <rect
           id="XMLID_2564_"
@@ -73,11 +68,7 @@ const DigitalOcean: FC<SVGProps<SVGSVGElement>> = props => (
         <path
           id="XMLID_2561_"
           fill="currentColor"
-          d="M246.8,44.7c-3.1-2.8-6.6-4.4-10.3-4.4c-5.7,0-10.4,2-14.1,5.8c-3.7,3.8-5.5,8.8-5.5,14.7
-          c0,5.8,1.8,10.7,5.5,14.7c3.7,3.8,8.4,5.8,14.1,5.8c4,0,7.4-1.1,10.2-3.3V79c0,3.4-0.9,6-2.7,7.9c-1.8,1.8-4.3,2.7-7.4,2.7
-          c-4.8,0-7.7-1.9-11.4-6.8l-7,6.7l0.2,0.3c1.5,2.1,3.8,4.2,6.9,6.2c3.1,2,6.9,3,11.5,3c6.1,0,11.1-1.9,14.7-5.6
-          c3.7-3.7,5.5-8.7,5.5-14.9V41.3h-10.1V44.7z M244.1,68.9c-1.8,2-4.1,3-7.1,3c-3,0-5.3-1-7-3c-1.8-2-2.7-4.7-2.7-8
-          c0-3.3,0.9-6.1,2.7-8.1c1.8-2,4.1-3.1,7-3.1c3,0,5.3,1,7.1,3.1c1.8,2,2.7,4.8,2.7,8.1C246.8,64.2,245.8,66.9,244.1,68.9z"
+          d="M246.8,44.7c-3.1-2.8-6.6-4.4-10.3-4.4c-5.7,0-10.4,2-14.1,5.8c-3.7,3.8-5.5,8.8-5.5,14.7 c0,5.8,1.8,10.7,5.5,14.7c3.7,3.8,8.4,5.8,14.1,5.8c4,0,7.4-1.1,10.2-3.3V79c0,3.4-0.9,6-2.7,7.9c-1.8,1.8-4.3,2.7-7.4,2.7 c-4.8,0-7.7-1.9-11.4-6.8l-7,6.7l0.2,0.3c1.5,2.1,3.8,4.2,6.9,6.2c3.1,2,6.9,3,11.5,3c6.1,0,11.1-1.9,14.7-5.6 c3.7-3.7,5.5-8.7,5.5-14.9V41.3h-10.1V44.7z M244.1,68.9c-1.8,2-4.1,3-7.1,3c-3,0-5.3-1-7-3c-1.8-2-2.7-4.7-2.7-8 c0-3.3,0.9-6.1,2.7-8.1c1.8-2,4.1-3.1,7-3.1c3,0,5.3,1,7.1,3.1c1.8,2,2.7,4.8,2.7,8.1C246.8,64.2,245.8,66.9,244.1,68.9z"
         />
         <rect
           id="XMLID_2560_"
@@ -90,14 +81,12 @@ const DigitalOcean: FC<SVGProps<SVGSVGElement>> = props => (
         <path
           id="XMLID_2552_"
           fill="currentColor"
-          d="M271,23.4c-1.8,0-3.3,0.6-4.5,1.8c-1.2,1.2-1.9,2.7-1.9,4.4c0,1.8,0.6,3.3,1.9,4.5
-          c1.2,1.2,2.7,1.9,4.5,1.9c1.8,0,3.3-0.6,4.5-1.9c1.2-1.2,1.9-2.8,1.9-4.5c0-1.8-0.6-3.3-1.9-4.4C274.3,24,272.7,23.4,271,23.4z"
+          d="M271,23.4c-1.8,0-3.3,0.6-4.5,1.8c-1.2,1.2-1.9,2.7-1.9,4.4c0,1.8,0.6,3.3,1.9,4.5 c1.2,1.2,2.7,1.9,4.5,1.9c1.8,0,3.3-0.6,4.5-1.9c1.2-1.2,1.9-2.8,1.9-4.5c0-1.8-0.6-3.3-1.9-4.4C274.3,24,272.7,23.4,271,23.4z"
         />
         <path
           id="XMLID_2509_"
           fill="currentColor"
-          d="M298.6,30.3h-10.1v11.1h-5.9v9.4h5.9v17c0,5.3,1.1,9.1,3.2,11.3c2.1,2.2,5.8,3.3,11.1,3.3
-          c1.7,0,3.4-0.1,5-0.2l0.5,0v-9.4l-3.5,0.2c-2.5,0-4.1-0.4-4.9-1.3c-0.8-0.9-1.2-2.7-1.2-5.4V50.7h9.6v-9.4h-9.6V30.3z"
+          d="M298.6,30.3h-10.1v11.1h-5.9v9.4h5.9v17c0,5.3,1.1,9.1,3.2,11.3c2.1,2.2,5.8,3.3,11.1,3.3 c1.7,0,3.4-0.1,5-0.2l0.5,0v-9.4l-3.5,0.2c-2.5,0-4.1-0.4-4.9-1.3c-0.8-0.9-1.2-2.7-1.2-5.4V50.7h9.6v-9.4h-9.6V30.3z"
         />
         <rect
           id="XMLID_2508_"
@@ -110,51 +99,32 @@ const DigitalOcean: FC<SVGProps<SVGSVGElement>> = props => (
         <path
           id="XMLID_2470_"
           fill="currentColor"
-          d="M470.9,67.6c-1.8,2.1-3.7,3.9-5.2,4.8v0c-1.4,0.9-3.2,1.4-5.3,1.4c-3,0-5.5-1.1-7.5-3.4
-          c-2-2.3-3-5.2-3-8.7s1-6.4,2.9-8.6c2-2.3,4.4-3.4,7.4-3.4c3.3,0,6.8,2.1,9.8,5.6l6.8-6.5l0,0c-4.4-5.8-10.1-8.5-16.9-8.5
-          c-5.7,0-10.6,2.1-14.6,6.1c-4,4-6,9.2-6,15.3s2,11.2,6,15.3c4,4.1,8.9,6.1,14.6,6.1c7.5,0,13.5-3.2,17.5-9.1L470.9,67.6z"
+          d="M470.9,67.6c-1.8,2.1-3.7,3.9-5.2,4.8v0c-1.4,0.9-3.2,1.4-5.3,1.4c-3,0-5.5-1.1-7.5-3.4 c-2-2.3-3-5.2-3-8.7s1-6.4,2.9-8.6c2-2.3,4.4-3.4,7.4-3.4c3.3,0,6.8,2.1,9.8,5.6l6.8-6.5l0,0c-4.4-5.8-10.1-8.5-16.9-8.5 c-5.7,0-10.6,2.1-14.6,6.1c-4,4-6,9.2-6,15.3s2,11.2,6,15.3c4,4.1,8.9,6.1,14.6,6.1c7.5,0,13.5-3.2,17.5-9.1L470.9,67.6z"
         />
         <path
           id="XMLID_2460_"
           fill="currentColor"
-          d="M513.2,47c-1.5-2-3.5-3.7-5.9-4.9c-2.5-1.2-5.3-1.8-8.5-1.8c-5.8,0-10.5,2.1-14,6.3
-          c-3.4,4.2-5.2,9.3-5.2,15.4c0,6.2,1.9,11.3,5.7,15.3c3.7,3.9,8.8,5.9,14.9,5.9c6.9,0,12.7-2.8,16.9-8.4l0.2-0.3l-6.7-6.5l0,0
-          c-0.6,0.8-1.5,1.6-2.3,2.4c-1,1-2,1.7-3,2.2c-1.5,0.8-3.3,1.1-5.2,1.1c-2.9,0-5.2-0.8-7-2.5c-1.7-1.5-2.7-3.6-2.9-6.2h27.3
-          l0.1-3.8c0-2.7-0.4-5.2-1.1-7.6C515.8,51.3,514.7,49.1,513.2,47z M490.7,56.7c0.5-2,1.4-3.6,2.7-4.9c1.4-1.4,3.2-2.1,5.4-2.1
-          c2.5,0,4.4,0.7,5.7,2.1c1.2,1.3,1.9,2.9,2.1,4.8H490.7z"
+          d="M513.2,47c-1.5-2-3.5-3.7-5.9-4.9c-2.5-1.2-5.3-1.8-8.5-1.8c-5.8,0-10.5,2.1-14,6.3 c-3.4,4.2-5.2,9.3-5.2,15.4c0,6.2,1.9,11.3,5.7,15.3c3.7,3.9,8.8,5.9,14.9,5.9c6.9,0,12.7-2.8,16.9-8.4l0.2-0.3l-6.7-6.5l0,0 c-0.6,0.8-1.5,1.6-2.3,2.4c-1,1-2,1.7-3,2.2c-1.5,0.8-3.3,1.1-5.2,1.1c-2.9,0-5.2-0.8-7-2.5c-1.7-1.5-2.7-3.6-2.9-6.2h27.3 l0.1-3.8c0-2.7-0.4-5.2-1.1-7.6C515.8,51.3,514.7,49.1,513.2,47z M490.7,56.7c0.5-2,1.4-3.6,2.7-4.9c1.4-1.4,3.2-2.1,5.4-2.1 c2.5,0,4.4,0.7,5.7,2.1c1.2,1.3,1.9,2.9,2.1,4.8H490.7z"
         />
         <path
           id="XMLID_2456_"
           fill="currentColor"
-          d="M552.8,44.4L552.8,44.4c-3.1-2.7-7.4-4-12.8-4c-3.4,0-6.6,0.8-9.5,2.2
-          c-2.7,1.4-5.3,3.6-7,6.6l0.1,0.1l6.6,6.3c2.7-4.3,5.7-5.8,9.7-5.8c2.2,0,3.9,0.6,5.3,1.7c1.4,1.1,2,2.6,2,4.4v2
-          c-2.6-0.8-5.1-1.2-7.6-1.2c-5.1,0-9.3,1.2-12.4,3.6c-3.1,2.4-4.7,5.9-4.7,10.2c0,3.8,1.3,7,4,9.3c2.7,2.2,6,3.4,9.9,3.4
-          c3.9,0,7.6-1.6,10.9-4.3v3.4h10.1V55.9C557.6,51,556,47.1,552.8,44.4z M534.5,66.6c1.2-0.8,2.8-1.2,4.9-1.2c2.5,0,5.1,0.5,7.8,1.5
-          v4C545,73,542,74,538.3,74c-1.8,0-3.2-0.4-4.1-1.2c-0.9-0.8-1.4-1.7-1.4-3C532.8,68.5,533.4,67.4,534.5,66.6z"
+          d="M552.8,44.4L552.8,44.4c-3.1-2.7-7.4-4-12.8-4c-3.4,0-6.6,0.8-9.5,2.2 c-2.7,1.4-5.3,3.6-7,6.6l0.1,0.1l6.6,6.3c2.7-4.3,5.7-5.8,9.7-5.8c2.2,0,3.9,0.6,5.3,1.7c1.4,1.1,2,2.6,2,4.4v2 c-2.6-0.8-5.1-1.2-7.6-1.2c-5.1,0-9.3,1.2-12.4,3.6c-3.1,2.4-4.7,5.9-4.7,10.2c0,3.8,1.3,7,4,9.3c2.7,2.2,6,3.4,9.9,3.4 c3.9,0,7.6-1.6,10.9-4.3v3.4h10.1V55.9C557.6,51,556,47.1,552.8,44.4z M534.5,66.6c1.2-0.8,2.8-1.2,4.9-1.2c2.5,0,5.1,0.5,7.8,1.5 v4C545,73,542,74,538.3,74c-1.8,0-3.2-0.4-4.1-1.2c-0.9-0.8-1.4-1.7-1.4-3C532.8,68.5,533.4,67.4,534.5,66.6z"
         />
         <path
           id="XMLID_2454_"
           fill="currentColor"
-          d="M597.2,45.2c-2.9-3.2-6.9-4.8-12-4.8c-4.1,0-7.4,1.2-9.9,3.5v-2.5h-10.1v41h10.3V59.7
-          c0-3.1,0.7-5.6,2.2-7.3c1.5-1.8,3.4-2.6,6.1-2.6c2.3,0,4.1,0.8,5.4,2.3c1.3,1.6,2,3.7,2,6.4v23.7h10.3V58.5
-          C601.5,52.9,600.1,48.4,597.2,45.2z"
+          d="M597.2,45.2c-2.9-3.2-6.9-4.8-12-4.8c-4.1,0-7.4,1.2-9.9,3.5v-2.5h-10.1v41h10.3V59.7 c0-3.1,0.7-5.6,2.2-7.3c1.5-1.8,3.4-2.6,6.1-2.6c2.3,0,4.1,0.8,5.4,2.3c1.3,1.6,2,3.7,2,6.4v23.7h10.3V58.5 C601.5,52.9,600.1,48.4,597.2,45.2z"
         />
         <path
           id="XMLID_2450_"
           fill="currentColor"
-          d="M343.6,44.4L343.6,44.4c-3.1-2.7-7.4-4-12.8-4c-3.4,0-6.6,0.8-9.5,2.2
-          c-2.7,1.4-5.3,3.6-7,6.6l0.1,0.1l6.6,6.3c2.7-4.3,5.7-5.8,9.7-5.8c2.2,0,3.9,0.6,5.3,1.7c1.4,1.1,2,2.6,2,4.4v2
-          c-2.6-0.8-5.1-1.2-7.6-1.2c-5.1,0-9.3,1.2-12.4,3.6c-3.1,2.4-4.7,5.9-4.7,10.2c0,3.8,1.3,7,4,9.3c2.7,2.2,6,3.4,9.9,3.4
-          c3.9,0,7.6-1.6,10.9-4.3v3.4h10.1V55.9C348.3,51,346.7,47.1,343.6,44.4z M325.3,66.6c1.2-0.8,2.8-1.2,4.9-1.2
-          c2.5,0,5.1,0.5,7.8,1.5v4c-2.2,2.1-5.2,3.1-8.9,3.1c-1.8,0-3.2-0.4-4.1-1.2c-0.9-0.8-1.4-1.7-1.4-3
-          C323.6,68.5,324.1,67.4,325.3,66.6z"
+          d="M343.6,44.4L343.6,44.4c-3.1-2.7-7.4-4-12.8-4c-3.4,0-6.6,0.8-9.5,2.2 c-2.7,1.4-5.3,3.6-7,6.6l0.1,0.1l6.6,6.3c2.7-4.3,5.7-5.8,9.7-5.8c2.2,0,3.9,0.6,5.3,1.7c1.4,1.1,2,2.6,2,4.4v2 c-2.6-0.8-5.1-1.2-7.6-1.2c-5.1,0-9.3,1.2-12.4,3.6c-3.1,2.4-4.7,5.9-4.7,10.2c0,3.8,1.3,7,4,9.3c2.7,2.2,6,3.4,9.9,3.4 c3.9,0,7.6-1.6,10.9-4.3v3.4h10.1V55.9C348.3,51,346.7,47.1,343.6,44.4z M325.3,66.6c1.2-0.8,2.8-1.2,4.9-1.2 c2.5,0,5.1,0.5,7.8,1.5v4c-2.2,2.1-5.2,3.1-8.9,3.1c-1.8,0-3.2-0.4-4.1-1.2c-0.9-0.8-1.4-1.7-1.4-3 C323.6,68.5,324.1,67.4,325.3,66.6z"
         />
         <path
           id="XMLID_2371_"
           fill="currentColor"
-          d="M404.2,83.1c-16.5,0-30-13.4-30-30s13.4-30,30-30c16.5,0,30,13.4,30,30
-          S420.7,83.1,404.2,83.1z M404.2,33.8c-10.7,0-19.4,8.7-19.4,19.4s8.7,19.4,19.4,19.4c10.7,0,19.4-8.7,19.4-19.4
-          S414.9,33.8,404.2,33.8z"
+          d="M404.2,83.1c-16.5,0-30-13.4-30-30s13.4-30,30-30c16.5,0,30,13.4,30,30 S420.7,83.1,404.2,83.1z M404.2,33.8c-10.7,0-19.4,8.7-19.4,19.4s8.7,19.4,19.4,19.4c10.7,0,19.4-8.7,19.4-19.4 S414.9,33.8,404.2,33.8z"
         />
       </g>
     </g>