@automattic/request-promise-native 1.1.0

package/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 15
+  

package/.github/workflows/npmpublish.yml

@@ -0,0 +1,23 @@
+# This workflow will publish this package to npm on each release created.
+# NPM_TOKEN secret needs to be created via https://www.npmjs.com/settings/a8c/tokens/ (choose automation token) and stored in this repository.
+#
+# See https://docs.github.com/en/actions/guides/publishing-nodejs-packages#publishing-packages-to-the-npm-registry
+
+name: Publish to npm
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  publish-npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "latest"
+          registry-url: https://registry.npmjs.org/
+      - run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

package/.github/workflows/test.yml

@@ -0,0 +1,30 @@
+name: Test with mocha
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        # https://nodejs.org/en/about/previous-releases#release-schedule
+        # https://github.com/actions/setup-node?tab=readme-ov-file#supported-version-syntax
+        node-version: [18.x, 20.x, 22.x, 23.x]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    - name: Build and test
+      run: |
+        npm ci
+        npm t

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2020, Nicolai Kamenzky and contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md

@@ -0,0 +1,82 @@
+Request-Promise-Native
+======================
+
+[![Test with mocha](https://github.com/Automattic/request-promise-native/actions/workflows/test.yml/badge.svg)](https://github.com/Automattic/request-promise-native/actions/workflows/test.yml)
+
+# Deprecated!
+
+As of Feb 11th 2020, [`request`](https://github.com/request/request) is fully deprecated. No new changes are expected to land. In fact, none have landed for some time. This package is also deprecated because it depends on `request`. We're only keeping the library's dependencies up to date.
+
+Fyi, here is the [reasoning of `request`'s deprecation](https://github.com/request/request/issues/3142) and a [list of alternative libraries](https://github.com/request/request/issues/3143).
+
+---
+
+This package is similar to [`request-promise`](https://www.npmjs.com/package/request-promise) but uses native ES6+ promises.
+
+Please refer to the [`request-promise` documentation](https://www.npmjs.com/package/request-promise). Everything applies to `request-promise-native` except the following:
+- Instead of using Bluebird promises this library uses native ES6+ promises.
+- Native ES6+ promises may have fewer features than Bluebird promises do. In particular, the `.finally(...)` method was not included until Node v10.
+
+## Installation
+
+This module is installed via npm:
+
+```
+npm i --save "request-promise-native@npm:@automattic/request-promise-native@latest"
+```
+
+
+## Migration from `request-promise` to `request-promise-native`
+
+1. Go through the [migration instructions](https://github.com/request/request-promise#migration-from-v3-to-v4) to upgrade to `request-promise` v4.
+2. Ensure that you don't use Bluebird-specific features on the promise returned by your request calls. In particular, you can't use `.finally(...)` anymore.
+3. You are done.
+
+## Contributing
+
+To set up your development environment:
+
+1. clone the repo to your desktop,
+2. in the shell `cd` to the main folder,
+3. hit `npm install`,
+4. hit `npm install gulp -g` if you haven't installed gulp globally yet, and
+5. run `gulp dev`. (Or run `node ./node_modules/.bin/gulp dev` if you don't want to install gulp globally.)
+
+`gulp dev` watches all source files and if you save some changes it will lint the code and execute all tests. The test coverage report can be viewed from `./coverage/lcov-report/index.html`.
+
+If you want to debug a test you should use `gulp test-without-coverage` to run all tests without obscuring the code by the test coverage instrumentation.
+
+## Change History
+
+- v1.0.9 (2020-07-21)
+    - Security fix: bumped `request-promise-core` which bumps `lodash` to `^4.17.19` following [this advisory](https://www.npmjs.com/advisories/1523).
+- v1.0.8 (2019-11-03)
+    - Security fix: bumped `request-promise-core` which bumps `lodash` to `^4.17.15`. See [vulnerabilty reports](https://snyk.io/vuln/search?q=lodash&type=npm).
+      *(Thanks to @aw-davidson for reporting this in issue [#49](https://github.com/request/request-promise-native/issues/49).)*
+- v1.0.7 (2019-02-14)
+    - Corrected mistakenly set `tough-cookie` version, now `^2.3.3`
+      *(Thanks to @evocateur for pointing this out.)*
+    - If you installed `request-promise-native@1.0.6` please make sure after the upgrade that `request` and `request-promise-native` use the same physical copy of `tough-cookie`.
+- v1.0.6 (2019-02-14)
+    - Using stricter `tough-cookie@~2.3.3` to avoid installing `tough-cookie@3` which introduces breaking changes
+      *(Thanks to @jasonmit for pull request [#33](https://github.com/request/request-promise-native/pull/33/))*
+    - Security fix: bumped `lodash` to `^4.17.11`, see [vulnerabilty reports](https://snyk.io/vuln/search?q=lodash&type=npm)
+- v1.0.5 (2017-09-22)
+    - Upgraded `tough-cookie` to a version without regex DoS vulnerability
+      *(Thanks to @sophieklm for [pull request #13](https://github.com/request/request-promise-native/pull/13))*
+- v1.0.4 (2017-05-07)
+    - Fix that allows to use `tough-cookie` for [cookie creation](https://github.com/request/request-promise#include-a-cookie)
+- v1.0.3 (2016-08-08)
+    - Renamed internally used package `@request/promise-core` to `request-promise-core` because there where [too](https://github.com/request/request-promise/issues/137) [many](https://github.com/request/request-promise/issues/141) issues with the scoped package name
+- v1.0.2 (2016-07-18)
+    - Fix for using with module bundlers like Webpack and Browserify
+- v1.0.1 (2016-07-17)
+    - Fixed `@request/promise-core` version for safer versioning
+- v1.0.0 (2016-07-15)
+    - Initial version similar to [`request-promise`](https://www.npmjs.com/package/request-promise) v4
+
+## License (ISC)
+
+In case you never heard about the [ISC license](http://en.wikipedia.org/wiki/ISC_license) it is functionally equivalent to the MIT license.
+
+See the [LICENSE file](LICENSE) for details.

package/errors.js

@@ -0,0 +1,3 @@
+'use strict';
+
+module.exports = require('request-promise-core/errors');

package/lib/rp.js

@@ -0,0 +1,26 @@
+'use strict';
+
+var configure = require('request-promise-core/configure/request2'),
+    stealthyRequire = require('stealthy-require');
+
+// Load Request freshly - so that users can require an unaltered request instance!
+var request = stealthyRequire(require.cache, function () {
+    return require('request');
+},
+function () {
+    require('tough-cookie');
+}, module);
+
+
+configure({
+    request: request,
+    PromiseImpl: Promise,
+    expose: [
+        'then',
+        'catch',
+        'promise'
+    ]
+});
+
+
+module.exports = request;

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@automattic/request-promise-native",
+  "version": "1.1.0",
+  "description": "The simplified HTTP request client 'request' with Promise support. Powered by native ES6 promises.",
+  "keywords": [
+    "xhr",
+    "http",
+    "https",
+    "promise",
+    "request",
+    "then",
+    "thenable",
+    "native"
+  ],
+  "main": "./lib/rp.js",
+  "scripts": {
+    "test": "mocha test/spec"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/request/request-promise-native.git"
+  },
+  "author": "Nicolai Kamenzky (https://github.com/analog-nico)",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/request/request-promise-native/issues"
+  },
+  "homepage": "https://github.com/request/request-promise-native#readme",
+  "engines": {
+    "node": ">=18.x"
+  },
+  "dependencies": {
+    "request": "^2.88.2",
+    "request-promise-core": "1.1.4",
+    "stealthy-require": "^1.1.1",
+    "tough-cookie": "^5.1.0"
+  },
+  "overrides": {
+    "request": {
+      "tough-cookie": "^5.1.0",
+      "uuid": "^7.0.0"
+    }
+  },
+  "devDependencies": {
+    "body-parser": "~1.20.3",
+    "chai": "^4.5.0",
+    "chalk": "~5.4.1",
+    "lodash": "~4.17.21",
+    "mocha": "^11.1.0",
+    "rimraf": "~6.0.1",
+    "run-sequence": "~2.2.1"
+  }
+}