From 02807b685b4341d5293ba3146de456fd820f7746 Mon Sep 17 00:00:00 2001 From: Chau Giang Date: Mon, 27 Nov 2023 19:29:51 +0700 Subject: [PATCH 01/18] fix: remove optional chainning for compatible with Nodejs12 and below (#2470) --- lib/api/readable.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/api/readable.js b/lib/api/readable.js index 89913eaa621..5269dfae50c 100644 --- a/lib/api/readable.js +++ b/lib/api/readable.js @@ -180,7 +180,7 @@ module.exports = class BodyReadable extends Readable { this .on('close', function () { signalListenerCleanup() - if (signal?.aborted) { + if (signal && signal.aborted) { reject(signal.reason || Object.assign(new Error('The operation was aborted'), { name: 'AbortError' })) } else { resolve(null) From 6298bfada98b1e8c6a23a62eb9c7e325f16f518a Mon Sep 17 00:00:00 2001 From: tsctx <91457664+tsctx@users.noreply.github.com> Date: Mon, 27 Nov 2023 22:45:22 +0900 Subject: [PATCH 02/18] fix: remove `node:` prefix (#2471) --- lib/handler/RetryHandler.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/handler/RetryHandler.js b/lib/handler/RetryHandler.js index a8112b36ee4..306948bf8cb 100644 --- a/lib/handler/RetryHandler.js +++ b/lib/handler/RetryHandler.js @@ -1,4 +1,4 @@ -const assert = require('node:assert') +const assert = require('assert') const { kRetryHandlerDefaultRetry } = require('../core/symbols') const { RequestRetryError } = require('../core/errors') From c182c32183c77330bda0d1a433fedebc149f1e6c Mon Sep 17 00:00:00 2001 From: tsctx <91457664+tsctx@users.noreply.github.com> Date: Mon, 27 Nov 2023 23:39:24 +0900 Subject: [PATCH 03/18] perf: avoid Headers initialization (#2468) --- lib/cache/symbols.js | 2 +- lib/core/symbols.js | 3 ++- lib/fetch/headers.js | 5 ++++- lib/fetch/request.js | 11 +++++------ lib/fetch/response.js | 4 ++-- 5 files changed, 14 insertions(+), 11 deletions(-) diff --git a/lib/cache/symbols.js b/lib/cache/symbols.js index f9b19740af8..40448d6001e 100644 --- a/lib/cache/symbols.js +++ b/lib/cache/symbols.js @@ -1,5 +1,5 @@ 'use strict' module.exports = { - kConstruct: Symbol('constructable') + kConstruct: require('../core/symbols').kConstruct } diff --git a/lib/core/symbols.js b/lib/core/symbols.js index 1d5dc4e3db0..68d8566fac0 100644 --- a/lib/core/symbols.js +++ b/lib/core/symbols.js @@ -58,5 +58,6 @@ module.exports = { kHTTP1BuildRequest: Symbol('http1 build request'), kHTTP2CopyHeaders: Symbol('http2 copy headers'), kHTTPConnVersion: Symbol('http connection version'), - kRetryHandlerDefaultRetry: Symbol('retry agent default retry') + kRetryHandlerDefaultRetry: Symbol('retry agent default retry'), + kConstruct: Symbol('constructable') } diff --git a/lib/fetch/headers.js b/lib/fetch/headers.js index 69acaaad996..2f1c0be5a47 100644 --- a/lib/fetch/headers.js +++ b/lib/fetch/headers.js @@ -2,7 +2,7 @@ 'use strict' -const { kHeadersList } = require('../core/symbols') +const { kHeadersList, kConstruct } = require('../core/symbols') const { kGuard } = require('./symbols') const { kEnumerableProperty } = require('../core/util') const { @@ -240,6 +240,9 @@ class HeadersList { // https://fetch.spec.whatwg.org/#headers-class class Headers { constructor (init = undefined) { + if (init === kConstruct) { + return + } this[kHeadersList] = new HeadersList() // The new Headers(init) constructor steps are: diff --git a/lib/fetch/request.js b/lib/fetch/request.js index 3b813aa77df..51896f58435 100644 --- a/lib/fetch/request.js +++ b/lib/fetch/request.js @@ -28,13 +28,12 @@ const { kHeaders, kSignal, kState, kGuard, kRealm } = require('./symbols') const { webidl } = require('./webidl') const { getGlobalOrigin } = require('./global') const { URLSerializer } = require('./dataURL') -const { kHeadersList } = require('../core/symbols') +const { kHeadersList, kConstruct } = require('../core/symbols') const assert = require('assert') const { getMaxListeners, setMaxListeners, getEventListeners, defaultMaxListeners } = require('events') let TransformStream = globalThis.TransformStream -const kInit = Symbol('init') const kAbortController = Symbol('abortController') const requestFinalizer = new FinalizationRegistry(({ signal, abort }) => { @@ -45,7 +44,7 @@ const requestFinalizer = new FinalizationRegistry(({ signal, abort }) => { class Request { // https://fetch.spec.whatwg.org/#dom-request constructor (input, init = {}) { - if (input === kInit) { + if (input === kConstruct) { return } @@ -398,7 +397,7 @@ class Request { // 30. Set this’s headers to a new Headers object with this’s relevant // Realm, whose header list is request’s header list and guard is // "request". - this[kHeaders] = new Headers() + this[kHeaders] = new Headers(kConstruct) this[kHeaders][kHeadersList] = request.headersList this[kHeaders][kGuard] = 'request' this[kHeaders][kRealm] = this[kRealm] @@ -725,10 +724,10 @@ class Request { // 3. Let clonedRequestObject be the result of creating a Request object, // given clonedRequest, this’s headers’s guard, and this’s relevant Realm. - const clonedRequestObject = new Request(kInit) + const clonedRequestObject = new Request(kConstruct) clonedRequestObject[kState] = clonedRequest clonedRequestObject[kRealm] = this[kRealm] - clonedRequestObject[kHeaders] = new Headers() + clonedRequestObject[kHeaders] = new Headers(kConstruct) clonedRequestObject[kHeaders][kHeadersList] = clonedRequest.headersList clonedRequestObject[kHeaders][kGuard] = this[kHeaders][kGuard] clonedRequestObject[kHeaders][kRealm] = this[kHeaders][kRealm] diff --git a/lib/fetch/response.js b/lib/fetch/response.js index 23cf55c51dc..5d23475f14e 100644 --- a/lib/fetch/response.js +++ b/lib/fetch/response.js @@ -23,7 +23,7 @@ const { webidl } = require('./webidl') const { FormData } = require('./formdata') const { getGlobalOrigin } = require('./global') const { URLSerializer } = require('./dataURL') -const { kHeadersList } = require('../core/symbols') +const { kHeadersList, kConstruct } = require('../core/symbols') const assert = require('assert') const { types } = require('util') @@ -144,7 +144,7 @@ class Response { // 2. Set this’s headers to a new Headers object with this’s relevant // Realm, whose header list is this’s response’s header list and guard // is "response". - this[kHeaders] = new Headers() + this[kHeaders] = new Headers(kConstruct) this[kHeaders][kGuard] = 'response' this[kHeaders][kHeadersList] = this[kState].headersList this[kHeaders][kRealm] = this[kRealm] From 56efa962f682bb24836ae66c52203ff3ec131ba7 Mon Sep 17 00:00:00 2001 From: tsctx <91457664+tsctx@users.noreply.github.com> Date: Tue, 28 Nov 2023 00:11:15 +0900 Subject: [PATCH 04/18] fix: handle SharedArrayBuffer correctly (#2466) * fix: handle SharedArrayBuffer correctly * format * test: add * fix: test * fixup * use ArrayBuffer.isView * fixup * fixup * test: add Request * fixup --- lib/fetch/response.js | 6 +----- test/fetch/request.js | 7 +++++++ test/fetch/response.js | 7 +++++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/fetch/response.js b/lib/fetch/response.js index 5d23475f14e..73386123e33 100644 --- a/lib/fetch/response.js +++ b/lib/fetch/response.js @@ -514,11 +514,7 @@ webidl.converters.XMLHttpRequestBodyInit = function (V) { return webidl.converters.Blob(V, { strict: false }) } - if ( - types.isAnyArrayBuffer(V) || - types.isTypedArray(V) || - types.isDataView(V) - ) { + if (types.isArrayBuffer(V) || types.isTypedArray(V) || types.isDataView(V)) { return webidl.converters.BufferSource(V) } diff --git a/test/fetch/request.js b/test/fetch/request.js index 4f66de4ec73..db2c8e868b6 100644 --- a/test/fetch/request.js +++ b/test/fetch/request.js @@ -504,4 +504,11 @@ test('keys to object prototypes method', (t) => { t.ok(typeof request.method === 'string') }) +// https://github.com/nodejs/undici/issues/2465 +test('Issue#2465', async (t) => { + t.plan(1) + const request = new Request('http://localhost', { body: new SharedArrayBuffer(0), method: 'POST' }) + t.equal(await request.text(), '[object SharedArrayBuffer]') +}) + teardown(() => process.exit()) diff --git a/test/fetch/response.js b/test/fetch/response.js index 2342f0927ff..422c7ef2e02 100644 --- a/test/fetch/response.js +++ b/test/fetch/response.js @@ -248,3 +248,10 @@ test('constructing Response with third party FormData body', async (t) => { t.equal(contentType[0], 'multipart/form-data; boundary') t.ok((await res.text()).startsWith(`--${contentType[1]}`)) }) + +// https://github.com/nodejs/undici/issues/2465 +test('Issue#2465', async (t) => { + t.plan(1) + const response = new Response(new SharedArrayBuffer(0)) + t.equal(await response.text(), '[object SharedArrayBuffer]') +}) From 0437f69d186e7144e726f0657e5cda08b418606b Mon Sep 17 00:00:00 2001 From: Szymon Gebler Date: Mon, 27 Nov 2023 20:12:31 +0100 Subject: [PATCH 05/18] Add `null` to `signal` in `RequestInit` (#2455) --- test/types/fetch.test-d.ts | 2 +- types/fetch.d.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/types/fetch.test-d.ts b/test/types/fetch.test-d.ts index e11296aa85c..59fb49fc3e8 100644 --- a/test/types/fetch.test-d.ts +++ b/test/types/fetch.test-d.ts @@ -42,7 +42,7 @@ expectType(requestInit.headers) expectType(requestInit.body) expectType(requestInit.redirect) expectType(requestInit.integrity) -expectType(requestInit.signal) +expectType(requestInit.signal) expectType(requestInit.credentials) expectType(requestInit.mode) expectType(requestInit.referrer); diff --git a/types/fetch.d.ts b/types/fetch.d.ts index fa4619c9182..440f2b00397 100644 --- a/types/fetch.d.ts +++ b/types/fetch.d.ts @@ -108,7 +108,7 @@ export interface RequestInit { body?: BodyInit redirect?: RequestRedirect integrity?: string - signal?: AbortSignal + signal?: AbortSignal | null credentials?: RequestCredentials mode?: RequestMode referrer?: string From c5d73ca7186e30c6849ef39be29519fbc289a488 Mon Sep 17 00:00:00 2001 From: tsctx <91457664+tsctx@users.noreply.github.com> Date: Wed, 29 Nov 2023 03:25:47 +0900 Subject: [PATCH 06/18] fix: correctly handle data URL with hashes. (#2475) * fix: correctly handle data URL with hashes. * fix: lint * test: better name * suggestion change * perf: avoid substring * fixup * test: better --- lib/fetch/dataURL.js | 13 +++++-------- test/fetch/data-uri.js | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/lib/fetch/dataURL.js b/lib/fetch/dataURL.js index 6df4fcc8cc6..7b6a606106d 100644 --- a/lib/fetch/dataURL.js +++ b/lib/fetch/dataURL.js @@ -119,17 +119,14 @@ function dataURLProcessor (dataURL) { * @param {boolean} excludeFragment */ function URLSerializer (url, excludeFragment = false) { - const href = url.href - if (!excludeFragment) { - return href + return url.href } - const hash = href.lastIndexOf('#') - if (hash === -1) { - return href - } - return href.slice(0, hash) + const href = url.href + const hashLength = url.hash.length + + return hashLength === 0 ? href : href.substring(0, href.length - hashLength) } // https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points diff --git a/test/fetch/data-uri.js b/test/fetch/data-uri.js index d4ca7ebab56..6191bfe6aa5 100644 --- a/test/fetch/data-uri.js +++ b/test/fetch/data-uri.js @@ -191,3 +191,24 @@ test('https://domain.com/?', (t) => { const serialized = URLSerializer(new URL(domain)) t.equal(serialized, domain) }) + +// https://github.com/nodejs/undici/issues/2474 +test('hash url', (t) => { + t.plan(1) + const domain = 'https://domain.com/#a#b' + const url = new URL(domain) + const serialized = URLSerializer(url, true) + t.equal(serialized, url.href.substring(0, url.href.length - url.hash.length)) +}) + +// https://github.com/nodejs/undici/issues/2474 +test('data url that includes the hash', async (t) => { + t.plan(1) + const dataURL = 'data:,node#js#' + try { + const res = await fetch(dataURL) + t.equal(await res.text(), 'node') + } catch (error) { + t.fail(`failed to fetch ${dataURL}`) + } +}) From 19c69a045467182403815d854ecbf936574d3300 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torstein=20Bj=C3=B8rnstad?= Date: Wed, 29 Nov 2023 16:58:49 +0100 Subject: [PATCH 07/18] fix: check response for timinginfo allow flag (#2477) * fix: check response for timinginfo allow flag * Update test/fetch/resource-timing.js --------- Co-authored-by: Khafra --- lib/fetch/index.js | 2 +- test/fetch/resource-timing.js | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/fetch/index.js b/lib/fetch/index.js index c109a01bf1f..17c3d87ea62 100644 --- a/lib/fetch/index.js +++ b/lib/fetch/index.js @@ -286,7 +286,7 @@ function finalizeAndReportTiming (response, initiatorType = 'other') { } // 8. If response’s timing allow passed flag is not set, then: - if (!timingInfo.timingAllowPassed) { + if (!response.timingAllowPassed) { // 1. Set timingInfo to a the result of creating an opaque timing info for timingInfo. timingInfo = createOpaqueTimingInfo({ startTime: timingInfo.startTime diff --git a/test/fetch/resource-timing.js b/test/fetch/resource-timing.js index 25b3bcaafbb..d266f28bdc8 100644 --- a/test/fetch/resource-timing.js +++ b/test/fetch/resource-timing.js @@ -46,3 +46,27 @@ test('should create a PerformanceResourceTiming after each fetch request', { ski t.teardown(server.close.bind(server)) }) + +test('should include encodedBodySize in performance entry', { skip }, (t) => { + t.plan(4) + const obs = new PerformanceObserver(list => { + const [entry] = list.getEntries() + t.equal(entry.encodedBodySize, 2) + t.equal(entry.decodedBodySize, 2) + t.equal(entry.transferSize, 2 + 300) + + obs.disconnect() + performance.clearResourceTimings() + }) + + obs.observe({ entryTypes: ['resource'] }) + + const server = createServer((req, res) => { + res.end('ok') + }).listen(0, async () => { + const body = await fetch(`http://localhost:${server.address().port}`) + t.strictSame('ok', await body.text()) + }) + + t.teardown(server.close.bind(server)) +}) From ed15e984df1645517ffe0f482685633267f46f0c Mon Sep 17 00:00:00 2001 From: MzUgM <108896003+MzUgM@users.noreply.github.com> Date: Thu, 30 Nov 2023 03:29:45 +0000 Subject: [PATCH 08/18] Make call to onBodySent conditional in RetryHandler (#2478) * failing test RequestHandler does not have `onBodySent` but `RetryHandler` always sends to `onBodySent` which causes a problem for users who use `RetryHandler` via `request()` * is this a fix? * refactor: clean up test case --- lib/api/api-request.js | 1 + lib/handler/RetryHandler.js | 2 +- test/retry-handler.js | 78 +++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) diff --git a/lib/api/api-request.js b/lib/api/api-request.js index f130ecc9867..d4281ce2449 100644 --- a/lib/api/api-request.js +++ b/lib/api/api-request.js @@ -177,3 +177,4 @@ function request (opts, callback) { } module.exports = request +module.exports.RequestHandler = RequestHandler diff --git a/lib/handler/RetryHandler.js b/lib/handler/RetryHandler.js index 306948bf8cb..371044719fd 100644 --- a/lib/handler/RetryHandler.js +++ b/lib/handler/RetryHandler.js @@ -95,7 +95,7 @@ class RetryHandler { } onBodySent (chunk) { - return this.handler.onBodySent(chunk) + if (this.handler.onBodySent) return this.handler.onBodySent(chunk) } static [kRetryHandlerDefaultRetry] (err, { state, opts }, cb) { diff --git a/test/retry-handler.js b/test/retry-handler.js index ef2c47eeb33..a4577a6a3e1 100644 --- a/test/retry-handler.js +++ b/test/retry-handler.js @@ -5,6 +5,7 @@ const { once } = require('node:events') const tap = require('tap') const { RetryHandler, Client } = require('..') +const { RequestHandler } = require('../lib/api/api-request') tap.test('Should retry status code', t => { let counter = 0 @@ -542,3 +543,80 @@ tap.test('Should handle 206 partial content - bad-etag', t => { }) }) }) + +tap.test('retrying a request with a body', t => { + let counter = 0 + const server = createServer() + const dispatchOptions = { + retryOptions: { + retry: (err, { state, opts }, done) => { + counter++ + + if ( + err.statusCode === 500 || + err.message.includes('other side closed') + ) { + setTimeout(done, 500) + return + } + + return done(err) + } + }, + method: 'POST', + path: '/', + headers: { + 'content-type': 'application/json' + }, + body: JSON.stringify({ hello: 'world' }) + } + + t.plan(1) + + server.on('request', (req, res) => { + switch (counter) { + case 0: + req.destroy() + return + case 1: + res.writeHead(500) + res.end('failed') + return + case 2: + res.writeHead(200) + res.end('hello world!') + return + default: + t.fail() + } + }) + + server.listen(0, () => { + const client = new Client(`http://localhost:${server.address().port}`) + const handler = new RetryHandler(dispatchOptions, { + dispatch: client.dispatch.bind(client), + handler: new RequestHandler(dispatchOptions, (err, data) => { + t.error(err) + }) + }) + + t.teardown(async () => { + await client.close() + server.close() + + await once(server, 'close') + }) + + client.dispatch( + { + method: 'POST', + path: '/', + headers: { + 'content-type': 'application/json' + }, + body: JSON.stringify({ hello: 'world' }) + }, + handler + ) + }) +}) From 28759f406ff808afa7a102e9e248291123ef59cb Mon Sep 17 00:00:00 2001 From: tsctx <91457664+tsctx@users.noreply.github.com> Date: Thu, 30 Nov 2023 19:40:27 +0900 Subject: [PATCH 09/18] refactor: better integrity check (#2462) * refactor: better integrity check * better --- lib/fetch/request.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fetch/request.js b/lib/fetch/request.js index 51896f58435..6fe4dff64c4 100644 --- a/lib/fetch/request.js +++ b/lib/fetch/request.js @@ -301,7 +301,7 @@ class Request { } // 23. If init["integrity"] exists, then set request’s integrity metadata to it. - if (init.integrity !== undefined && init.integrity != null) { + if (init.integrity != null) { request.integrity = String(init.integrity) } From 08183ea1d25964de9eac3b9944b0c933fe693e6f Mon Sep 17 00:00:00 2001 From: Matt Way Date: Thu, 30 Nov 2023 22:33:10 +1000 Subject: [PATCH 10/18] fix: Added support for inline URL username:password proxy auth (#2473) * added support for inline URL username:password * Update lib/proxy-agent.js --------- Co-authored-by: Robert Nagy --- lib/proxy-agent.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/proxy-agent.js b/lib/proxy-agent.js index c710948cc5b..e3c0f6f3d46 100644 --- a/lib/proxy-agent.js +++ b/lib/proxy-agent.js @@ -65,6 +65,9 @@ class ProxyAgent extends DispatcherBase { this[kProxyTls] = opts.proxyTls this[kProxyHeaders] = opts.headers || {} + const resolvedUrl = new URL(opts.uri) + const { origin, port, host, username, password } = resolvedUrl + if (opts.auth && opts.token) { throw new InvalidArgumentError('opts.auth cannot be used in combination with opts.token') } else if (opts.auth) { @@ -72,11 +75,10 @@ class ProxyAgent extends DispatcherBase { this[kProxyHeaders]['proxy-authorization'] = `Basic ${opts.auth}` } else if (opts.token) { this[kProxyHeaders]['proxy-authorization'] = opts.token + } else if (username && password) { + this[kProxyHeaders]['proxy-authorization'] = `Basic ${Buffer.from(`${decodeURIComponent(username)}:${decodeURIComponent(password)}`).toString('base64')}` } - const resolvedUrl = new URL(opts.uri) - const { origin, port, host } = resolvedUrl - const connect = buildConnector({ ...opts.proxyTls }) this[kConnectEndpoint] = buildConnector({ ...opts.requestTls }) this[kClient] = clientFactory(resolvedUrl, { connect }) @@ -100,7 +102,7 @@ class ProxyAgent extends DispatcherBase { }) if (statusCode !== 200) { socket.on('error', () => {}).destroy() - callback(new RequestAbortedError('Proxy response !== 200 when HTTP Tunneling')) + callback(new RequestAbortedError(`Proxy response (${statusCode}) !== 200 when HTTP Tunneling`)) } if (opts.protocol !== 'https:') { callback(null, socket) From 80979edc78c458e87786e25194bc64ed0a2184b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:33:26 +0100 Subject: [PATCH 11/18] build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 (#2472) Bumps [jsdom](https://github.com/jsdom/jsdom) from 22.1.0 to 23.0.0. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md) - [Commits](https://github.com/jsdom/jsdom/compare/22.1.0...23.0.0) --- updated-dependencies: - dependency-name: jsdom dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f30f5070ff2..d79d0841df7 100644 --- a/package.json +++ b/package.json @@ -115,7 +115,7 @@ "husky": "^8.0.1", "import-fresh": "^3.3.0", "jest": "^29.0.2", - "jsdom": "^22.1.0", + "jsdom": "^23.0.0", "jsfuzz": "^1.0.15", "mocha": "^10.0.0", "mockttp": "^3.9.2", From ea2f606e6b101fcbc578a407c8d4f9d10d17756e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:33:39 +0100 Subject: [PATCH 12/18] build(deps-dev): bump sinon from 16.1.3 to 17.0.1 (#2405) Bumps [sinon](https://github.com/sinonjs/sinon) from 16.1.3 to 17.0.1. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v16.1.3...v17.0.1) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d79d0841df7..f092c147ee1 100644 --- a/package.json +++ b/package.json @@ -124,7 +124,7 @@ "proxy": "^1.0.2", "proxyquire": "^2.1.3", "semver": "^7.5.4", - "sinon": "^16.1.0", + "sinon": "^17.0.1", "snazzy": "^9.0.0", "standard": "^17.0.0", "table": "^6.8.0", From a393a86d09581945ce4e601d2359023e901b2dd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:33:54 +0100 Subject: [PATCH 13/18] build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#2396) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/08b4669551908b1024bb425080c797723083c031...0864cf19026789058feabb7e87baa5f140aac736) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 91688cfced3..8b46ffa7c63 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif From 1f6d1597648d332c0705befec74387631d5df9ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:34:00 +0100 Subject: [PATCH 14/18] build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#2395) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d...8f152de45cc393bb48ce5d89d36b731f54556e65) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/bench.yml | 4 ++-- .github/workflows/fuzz.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/publish-undici-types.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index 200e72def08..281bdc62246 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -17,7 +17,7 @@ jobs: persist-credentials: false ref: ${{ github.base_ref }} - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: lts/* - name: Install Modules @@ -34,7 +34,7 @@ jobs: with: persist-credentials: false - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: lts/* - name: Install Modules diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index de608ceddfd..ff8d4b601c4 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -16,7 +16,7 @@ jobs: persist-credentials: false - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: lts/* diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7c3cf6f74c4..2eb2b6b5ed8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: persist-credentials: false - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: lts/* - run: npm install diff --git a/.github/workflows/publish-undici-types.yml b/.github/workflows/publish-undici-types.yml index 3579907a992..3f8fea32ce5 100644 --- a/.github/workflows/publish-undici-types.yml +++ b/.github/workflows/publish-undici-types.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: '16.x' registry-url: 'https://registry.npmjs.org' From 97881779e6ba41d2fdbfe27b5c9cc0563dc60134 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:34:13 +0100 Subject: [PATCH 15/18] build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 (#2392) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/cba0d00b1fc9a034e1e642ea0f1103c282990604...1b05615854632b887b69ae1be8cbefe72d3ae423) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0ef4cda43b5..3c44e6607fa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f29ceb3ad53..0e356c7c203 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0 + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: egress-policy: audit From 169c157f9a576e4422a20060f57db1dc4693b373 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:34:29 +0100 Subject: [PATCH 16/18] build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389) Bumps [formdata-node](https://github.com/octet-stream/form-data) from 4.4.1 to 6.0.3. - [Release notes](https://github.com/octet-stream/form-data/releases) - [Changelog](https://github.com/octet-stream/form-data/blob/main/CHANGELOG.md) - [Commits](https://github.com/octet-stream/form-data/compare/v4.4.1...v6.0.3) --- updated-dependencies: - dependency-name: formdata-node dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f092c147ee1..fe1b2ef7134 100644 --- a/package.json +++ b/package.json @@ -110,7 +110,7 @@ "dns-packet": "^5.4.0", "docsify-cli": "^4.4.3", "form-data": "^4.0.0", - "formdata-node": "^4.3.1", + "formdata-node": "^6.0.3", "https-pem": "^3.0.0", "husky": "^8.0.1", "import-fresh": "^3.3.0", From fcdfe878d792c4347b81179bc31a2d1b1f06e8fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 13:35:26 +0100 Subject: [PATCH 17/18] build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2302) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...a8a3f3ad30e3422c9c7b888a15615d19a852ae32) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/fuzz.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index ff8d4b601c4..29d7490194d 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -29,7 +29,7 @@ jobs: run: | npm run fuzz - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 if: ${{ failure() }} with: name: undici-fuzz-results-${{ github.sha }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8b46ffa7c63..f52ad55549c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -43,7 +43,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif From 9a14e5f32a118fa93e769cc15ae8de9de552f2e4 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Thu, 30 Nov 2023 16:40:41 +0100 Subject: [PATCH 18/18] Bumped v5.28.2 Signed-off-by: Matteo Collina --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fe1b2ef7134..2b64daf41e2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "undici", - "version": "5.28.1", + "version": "5.28.2", "description": "An HTTP/1.1 client, written from scratch for Node.js", "homepage": "https://undici.nodejs.org", "bugs": {