update build

Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>
This commit is contained in:
Frank Jogeleit 2024-04-06 10:17:23 +02:00
parent 2bb8059d00
commit 74e0e96181

345
dist/index.js vendored
View file

@ -2658,6 +2658,7 @@ var preservedUrlFields = [
"protocol", "protocol",
"query", "query",
"search", "search",
"hash",
]; ];
// Create handlers that pass events from native requests // Create handlers that pass events from native requests
@ -3091,7 +3092,7 @@ RedirectableRequest.prototype._processResponse = function (response) {
redirectUrl.protocol !== "https:" || redirectUrl.protocol !== "https:" ||
redirectUrl.host !== currentHost && redirectUrl.host !== currentHost &&
!isSubdomain(redirectUrl.host, currentHost)) { !isSubdomain(redirectUrl.host, currentHost)) {
removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers); removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
} }
// Evaluate the beforeRedirect callback // Evaluate the beforeRedirect callback
@ -10772,6 +10773,132 @@ function onConnectTimeout (socket) {
module.exports = buildConnector module.exports = buildConnector
/***/ }),
/***/ 4462:
/***/ ((module) => {
"use strict";
/** @type {Record<string, string | undefined>} */
const headerNameLowerCasedRecord = {}
// https://developer.mozilla.org/docs/Web/HTTP/Headers
const wellknownHeaderNames = [
'Accept',
'Accept-Encoding',
'Accept-Language',
'Accept-Ranges',
'Access-Control-Allow-Credentials',
'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods',
'Access-Control-Allow-Origin',
'Access-Control-Expose-Headers',
'Access-Control-Max-Age',
'Access-Control-Request-Headers',
'Access-Control-Request-Method',
'Age',
'Allow',
'Alt-Svc',
'Alt-Used',
'Authorization',
'Cache-Control',
'Clear-Site-Data',
'Connection',
'Content-Disposition',
'Content-Encoding',
'Content-Language',
'Content-Length',
'Content-Location',
'Content-Range',
'Content-Security-Policy',
'Content-Security-Policy-Report-Only',
'Content-Type',
'Cookie',
'Cross-Origin-Embedder-Policy',
'Cross-Origin-Opener-Policy',
'Cross-Origin-Resource-Policy',
'Date',
'Device-Memory',
'Downlink',
'ECT',
'ETag',
'Expect',
'Expect-CT',
'Expires',
'Forwarded',
'From',
'Host',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Keep-Alive',
'Last-Modified',
'Link',
'Location',
'Max-Forwards',
'Origin',
'Permissions-Policy',
'Pragma',
'Proxy-Authenticate',
'Proxy-Authorization',
'RTT',
'Range',
'Referer',
'Referrer-Policy',
'Refresh',
'Retry-After',
'Sec-WebSocket-Accept',
'Sec-WebSocket-Extensions',
'Sec-WebSocket-Key',
'Sec-WebSocket-Protocol',
'Sec-WebSocket-Version',
'Server',
'Server-Timing',
'Service-Worker-Allowed',
'Service-Worker-Navigation-Preload',
'Set-Cookie',
'SourceMap',
'Strict-Transport-Security',
'Supports-Loading-Mode',
'TE',
'Timing-Allow-Origin',
'Trailer',
'Transfer-Encoding',
'Upgrade',
'Upgrade-Insecure-Requests',
'User-Agent',
'Vary',
'Via',
'WWW-Authenticate',
'X-Content-Type-Options',
'X-DNS-Prefetch-Control',
'X-Frame-Options',
'X-Permitted-Cross-Domain-Policies',
'X-Powered-By',
'X-Requested-With',
'X-XSS-Protection'
]
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
const key = wellknownHeaderNames[i]
const lowerCasedKey = key.toLowerCase()
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
lowerCasedKey
}
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
module.exports = {
wellknownHeaderNames,
headerNameLowerCasedRecord
}
/***/ }), /***/ }),
/***/ 8045: /***/ 8045:
@ -11604,6 +11731,7 @@ const { InvalidArgumentError } = __nccwpck_require__(8045)
const { Blob } = __nccwpck_require__(4300) const { Blob } = __nccwpck_require__(4300)
const nodeUtil = __nccwpck_require__(3837) const nodeUtil = __nccwpck_require__(3837)
const { stringify } = __nccwpck_require__(3477) const { stringify } = __nccwpck_require__(3477)
const { headerNameLowerCasedRecord } = __nccwpck_require__(4462)
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v)) const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
@ -11813,6 +11941,15 @@ function parseKeepAliveTimeout (val) {
return m ? parseInt(m[1], 10) * 1000 : null return m ? parseInt(m[1], 10) * 1000 : null
} }
/**
* Retrieves a header name and returns its lowercase value.
* @param {string | Buffer} value Header name
* @returns {string}
*/
function headerNameToString (value) {
return headerNameLowerCasedRecord[value] || value.toLowerCase()
}
function parseHeaders (headers, obj = {}) { function parseHeaders (headers, obj = {}) {
// For H2 support // For H2 support
if (!Array.isArray(headers)) return headers if (!Array.isArray(headers)) return headers
@ -12084,6 +12221,7 @@ module.exports = {
isIterable, isIterable,
isAsyncIterable, isAsyncIterable,
isDestroyed, isDestroyed,
headerNameToString,
parseRawHeaders, parseRawHeaders,
parseHeaders, parseHeaders,
parseKeepAliveTimeout, parseKeepAliveTimeout,
@ -16220,6 +16358,9 @@ function httpRedirectFetch (fetchParams, response) {
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
request.headersList.delete('authorization') request.headersList.delete('authorization')
// https://fetch.spec.whatwg.org/#authentication-entries
request.headersList.delete('proxy-authorization', true)
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement. // "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
request.headersList.delete('cookie') request.headersList.delete('cookie')
request.headersList.delete('host') request.headersList.delete('host')
@ -18728,14 +18869,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(3983
const assert = __nccwpck_require__(9491) const assert = __nccwpck_require__(9491)
const { isUint8Array } = __nccwpck_require__(9830) const { isUint8Array } = __nccwpck_require__(9830)
let supportedHashes = []
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
/** @type {import('crypto')|undefined} */ /** @type {import('crypto')|undefined} */
let crypto let crypto
try { try {
crypto = __nccwpck_require__(6113) crypto = __nccwpck_require__(6113)
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
/* c8 ignore next 3 */
} catch { } catch {
} }
function responseURL (response) { function responseURL (response) {
@ -19263,66 +19408,56 @@ function bytesMatch (bytes, metadataList) {
return true return true
} }
// 3. If parsedMetadata is the empty set, return true. // 3. If response is not eligible for integrity validation, return false.
// TODO
// 4. If parsedMetadata is the empty set, return true.
if (parsedMetadata.length === 0) { if (parsedMetadata.length === 0) {
return true return true
} }
// 4. Let metadata be the result of getting the strongest // 5. Let metadata be the result of getting the strongest
// metadata from parsedMetadata. // metadata from parsedMetadata.
const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo)) const strongest = getStrongestMetadata(parsedMetadata)
// get the strongest algorithm const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
const strongest = list[0].algo
// get all entries that use the strongest algorithm; ignore weaker
const metadata = list.filter((item) => item.algo === strongest)
// 5. For each item in metadata: // 6. For each item in metadata:
for (const item of metadata) { for (const item of metadata) {
// 1. Let algorithm be the alg component of item. // 1. Let algorithm be the alg component of item.
const algorithm = item.algo const algorithm = item.algo
// 2. Let expectedValue be the val component of item. // 2. Let expectedValue be the val component of item.
let expectedValue = item.hash const expectedValue = item.hash
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
// "be liberal with padding". This is annoying, and it's not even in the spec. // "be liberal with padding". This is annoying, and it's not even in the spec.
if (expectedValue.endsWith('==')) {
expectedValue = expectedValue.slice(0, -2)
}
// 3. Let actualValue be the result of applying algorithm to bytes. // 3. Let actualValue be the result of applying algorithm to bytes.
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64') let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
if (actualValue.endsWith('==')) { if (actualValue[actualValue.length - 1] === '=') {
if (actualValue[actualValue.length - 2] === '=') {
actualValue = actualValue.slice(0, -2) actualValue = actualValue.slice(0, -2)
} else {
actualValue = actualValue.slice(0, -1)
}
} }
// 4. If actualValue is a case-sensitive match for expectedValue, // 4. If actualValue is a case-sensitive match for expectedValue,
// return true. // return true.
if (actualValue === expectedValue) { if (compareBase64Mixed(actualValue, expectedValue)) {
return true
}
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
if (actualBase64URL.endsWith('==')) {
actualBase64URL = actualBase64URL.slice(0, -2)
}
if (actualBase64URL === expectedValue) {
return true return true
} }
} }
// 6. Return false. // 7. Return false.
return false return false
} }
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
// https://www.w3.org/TR/CSP2/#source-list-syntax // https://www.w3.org/TR/CSP2/#source-list-syntax
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1 // https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
/** /**
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@ -19336,8 +19471,6 @@ function parseMetadata (metadata) {
// 2. Let empty be equal to true. // 2. Let empty be equal to true.
let empty = true let empty = true
const supportedHashes = crypto.getHashes()
// 3. For each token returned by splitting metadata on spaces: // 3. For each token returned by splitting metadata on spaces:
for (const token of metadata.split(' ')) { for (const token of metadata.split(' ')) {
// 1. Set empty to false. // 1. Set empty to false.
@ -19347,7 +19480,11 @@ function parseMetadata (metadata) {
const parsedToken = parseHashWithOptions.exec(token) const parsedToken = parseHashWithOptions.exec(token)
// 3. If token does not parse, continue to the next token. // 3. If token does not parse, continue to the next token.
if (parsedToken === null || parsedToken.groups === undefined) { if (
parsedToken === null ||
parsedToken.groups === undefined ||
parsedToken.groups.algo === undefined
) {
// Note: Chromium blocks the request at this point, but Firefox // Note: Chromium blocks the request at this point, but Firefox
// gives a warning that an invalid integrity was given. The // gives a warning that an invalid integrity was given. The
// correct behavior is to ignore these, and subsequently not // correct behavior is to ignore these, and subsequently not
@ -19356,11 +19493,11 @@ function parseMetadata (metadata) {
} }
// 4. Let algorithm be the hash-algo component of token. // 4. Let algorithm be the hash-algo component of token.
const algorithm = parsedToken.groups.algo const algorithm = parsedToken.groups.algo.toLowerCase()
// 5. If algorithm is a hash function recognized by the user // 5. If algorithm is a hash function recognized by the user
// agent, add the parsed token to result. // agent, add the parsed token to result.
if (supportedHashes.includes(algorithm.toLowerCase())) { if (supportedHashes.includes(algorithm)) {
result.push(parsedToken.groups) result.push(parsedToken.groups)
} }
} }
@ -19373,6 +19510,82 @@ function parseMetadata (metadata) {
return result return result
} }
/**
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
*/
function getStrongestMetadata (metadataList) {
// Let algorithm be the algo component of the first item in metadataList.
// Can be sha256
let algorithm = metadataList[0].algo
// If the algorithm is sha512, then it is the strongest
// and we can return immediately
if (algorithm[3] === '5') {
return algorithm
}
for (let i = 1; i < metadataList.length; ++i) {
const metadata = metadataList[i]
// If the algorithm is sha512, then it is the strongest
// and we can break the loop immediately
if (metadata.algo[3] === '5') {
algorithm = 'sha512'
break
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
} else if (algorithm[3] === '3') {
continue
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
// the strongest
} else if (metadata.algo[3] === '3') {
algorithm = 'sha384'
}
}
return algorithm
}
function filterMetadataListByAlgorithm (metadataList, algorithm) {
if (metadataList.length === 1) {
return metadataList
}
let pos = 0
for (let i = 0; i < metadataList.length; ++i) {
if (metadataList[i].algo === algorithm) {
metadataList[pos++] = metadataList[i]
}
}
metadataList.length = pos
return metadataList
}
/**
* Compares two base64 strings, allowing for base64url
* in the second string.
*
* @param {string} actualValue always base64
* @param {string} expectedValue base64 or base64url
* @returns {boolean}
*/
function compareBase64Mixed (actualValue, expectedValue) {
if (actualValue.length !== expectedValue.length) {
return false
}
for (let i = 0; i < actualValue.length; ++i) {
if (actualValue[i] !== expectedValue[i]) {
if (
(actualValue[i] === '+' && expectedValue[i] === '-') ||
(actualValue[i] === '/' && expectedValue[i] === '_')
) {
continue
}
return false
}
}
return true
}
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) { function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
// TODO // TODO
@ -19788,7 +20001,8 @@ module.exports = {
urlHasHttpsScheme, urlHasHttpsScheme,
urlIsHttpHttpsScheme, urlIsHttpHttpsScheme,
readAllBytes, readAllBytes,
normalizeMethodRecord normalizeMethodRecord,
parseMetadata
} }
@ -21875,12 +22089,17 @@ function parseLocation (statusCode, headers) {
// https://tools.ietf.org/html/rfc7231#section-6.4.4 // https://tools.ietf.org/html/rfc7231#section-6.4.4
function shouldRemoveHeader (header, removeContent, unknownOrigin) { function shouldRemoveHeader (header, removeContent, unknownOrigin) {
return ( if (header.length === 4) {
(header.length === 4 && header.toString().toLowerCase() === 'host') || return util.headerNameToString(header) === 'host'
(removeContent && header.toString().toLowerCase().indexOf('content-') === 0) || }
(unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') || if (removeContent && util.headerNameToString(header).startsWith('content-')) {
(unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie') return true
) }
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
const name = util.headerNameToString(header)
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
}
return false
} }
// https://tools.ietf.org/html/rfc7231#section-6.4 // https://tools.ietf.org/html/rfc7231#section-6.4
@ -29330,7 +29549,7 @@ module.exports = parseParams
/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
"use strict"; "use strict";
// Axios v1.6.5 Copyright (c) 2024 Matt Zabriskie and contributors // Axios v1.6.8 Copyright (c) 2024 Matt Zabriskie and contributors
const FormData$1 = __nccwpck_require__(4334); const FormData$1 = __nccwpck_require__(4334);
@ -29342,7 +29561,7 @@ const util = __nccwpck_require__(3837);
const followRedirects = __nccwpck_require__(7707); const followRedirects = __nccwpck_require__(7707);
const zlib = __nccwpck_require__(9796); const zlib = __nccwpck_require__(9796);
const stream = __nccwpck_require__(2781); const stream = __nccwpck_require__(2781);
const EventEmitter = __nccwpck_require__(2361); const events = __nccwpck_require__(2361);
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
@ -29354,7 +29573,6 @@ const util__default = /*#__PURE__*/_interopDefaultLegacy(util);
const followRedirects__default = /*#__PURE__*/_interopDefaultLegacy(followRedirects); const followRedirects__default = /*#__PURE__*/_interopDefaultLegacy(followRedirects);
const zlib__default = /*#__PURE__*/_interopDefaultLegacy(zlib); const zlib__default = /*#__PURE__*/_interopDefaultLegacy(zlib);
const stream__default = /*#__PURE__*/_interopDefaultLegacy(stream); const stream__default = /*#__PURE__*/_interopDefaultLegacy(stream);
const EventEmitter__default = /*#__PURE__*/_interopDefaultLegacy(EventEmitter);
function bind(fn, thisArg) { function bind(fn, thisArg) {
return function wrap() { return function wrap() {
@ -30786,9 +31004,6 @@ const defaults = {
const isFormData = utils$1.isFormData(data); const isFormData = utils$1.isFormData(data);
if (isFormData) { if (isFormData) {
if (!hasJSONContentType) {
return data;
}
return hasJSONContentType ? JSON.stringify(formDataToJSON(data)) : data; return hasJSONContentType ? JSON.stringify(formDataToJSON(data)) : data;
} }
@ -31354,7 +31569,7 @@ function buildFullPath(baseURL, requestedURL) {
return requestedURL; return requestedURL;
} }
const VERSION = "1.6.5"; const VERSION = "1.6.8";
function parseProtocol(url) { function parseProtocol(url) {
const match = /^([-+\w]{1,25})(:?\/\/|:)/.exec(url); const match = /^([-+\w]{1,25})(:?\/\/|:)/.exec(url);
@ -31867,12 +32082,12 @@ const supportedProtocols = platform.protocols.map(protocol => {
* *
* @returns {Object<string, any>} * @returns {Object<string, any>}
*/ */
function dispatchBeforeRedirect(options) { function dispatchBeforeRedirect(options, responseDetails) {
if (options.beforeRedirects.proxy) { if (options.beforeRedirects.proxy) {
options.beforeRedirects.proxy(options); options.beforeRedirects.proxy(options);
} }
if (options.beforeRedirects.config) { if (options.beforeRedirects.config) {
options.beforeRedirects.config(options); options.beforeRedirects.config(options, responseDetails);
} }
} }
@ -31997,7 +32212,7 @@ const httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
} }
// temporary internal emitter until the AxiosRequest class will be implemented // temporary internal emitter until the AxiosRequest class will be implemented
const emitter = new EventEmitter__default["default"](); const emitter = new events.EventEmitter();
const onFinished = () => { const onFinished = () => {
if (config.cancelToken) { if (config.cancelToken) {
@ -32987,7 +33202,7 @@ function dispatchRequest(config) {
}); });
} }
const headersToObject = (thing) => thing instanceof AxiosHeaders$1 ? thing.toJSON() : thing; const headersToObject = (thing) => thing instanceof AxiosHeaders$1 ? { ...thing } : thing;
/** /**
* Config-specific merge-function which creates a new config-object * Config-specific merge-function which creates a new config-object
@ -33202,7 +33417,31 @@ class Axios {
* *
* @returns {Promise} The Promise to be fulfilled * @returns {Promise} The Promise to be fulfilled
*/ */
request(configOrUrl, config) { async request(configOrUrl, config) {
try {
return await this._request(configOrUrl, config);
} catch (err) {
if (err instanceof Error) {
let dummy;
Error.captureStackTrace ? Error.captureStackTrace(dummy = {}) : (dummy = new Error());
// slice off the Error: ... line
const stack = dummy.stack ? dummy.stack.replace(/^.+\n/, '') : '';
if (!err.stack) {
err.stack = stack;
// match without the 2 top stack lines
} else if (stack && !String(err.stack).endsWith(stack.replace(/^.+\n.+\n/, ''))) {
err.stack += '\n' + stack;
}
}
throw err;
}
}
_request(configOrUrl, config) {
/*eslint no-param-reassign:0*/ /*eslint no-param-reassign:0*/
// Allow for axios('example/url'[, config]) a la fetch API // Allow for axios('example/url'[, config]) a la fetch API
if (typeof configOrUrl === 'string') { if (typeof configOrUrl === 'string') {