npm - @qqbrowser/openclaw-qbot - Versions diffs - 0.10.18 → 0.10.20 - Mend

@qqbrowser/openclaw-qbot 0.10.18 → 0.10.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/node_modules/body-parser/lib/types/json.js CHANGED Viewed

@@ -12,9 +12,9 @@
  * @private
  */
-var debug = require('debug')('body-parser:json')
-var read = require('../read')
-var { normalizeOptions } = require('../utils')
+const debug = require('debug')('body-parser:json')
+const read = require('../read')
+const { normalizeOptions } = require('../utils')
 /**
  * Module exports.
@@ -33,10 +33,10 @@ module.exports = json
  *            %x0A /              ; Line feed or New line
  *            %x0D )              ; Carriage return
  */
-var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
+const FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
-var JSON_SYNTAX_CHAR = '#'
-var JSON_SYNTAX_REGEXP = /#+/g
+const JSON_SYNTAX_CHAR = '#'
+const JSON_SYNTAX_REGEXP = /#+/g
 /**
  * Create a middleware to parse JSON bodies.
@@ -48,23 +48,61 @@ var JSON_SYNTAX_REGEXP = /#+/g
 function json (options) {
   const normalizedOptions = normalizeOptions(options, 'application/json')
-  var reviver = options?.reviver
-  var strict = options?.strict !== false
+  const parse = createJsonParser(options)
-  function parse (body) {
-    if (body.length === 0) {
-      // special-case empty json body, as it's a common client-side mistake
-      // TODO: maybe make this configurable or part of "strict" option
-      return {}
-    }
+  const readOptions = {
+    ...normalizedOptions,
+    // assert charset per RFC 7159 sec 8.1
+    isValidCharset: (charset) => charset.slice(0, 4) === 'utf-'
+  }
-    if (strict) {
-      var first = firstchar(body)
+  return function jsonParser (req, res, next) {
+    read(req, res, next, parse, debug, readOptions)
+  }
+}
+/**
+ * Create a JSON parse function
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @private
+ */
+function createJsonParser (options) {
+  const reviver = options?.reviver
+  const strict = options?.strict !== false
+  if (strict) {
+    return function parse (body) {
+      if (body.length === 0) {
+        // special-case empty json body, as it's a common client-side mistake
+        // TODO: maybe make this configurable or part of "strict" option
+        return {}
+      }
+      const first = firstchar(body)
       if (first !== '{' && first !== '[') {
         debug('strict violation')
         throw createStrictSyntaxError(body, first)
       }
+      try {
+        debug('parse json')
+        return JSON.parse(body, reviver)
+      } catch (e) {
+        throw normalizeJsonSyntaxError(e, {
+          message: e.message,
+          stack: e.stack
+        })
+      }
+    }
+  }
+  return function parse (body) {
+    if (body.length === 0) {
+      // special-case empty json body, as it's a common client-side mistake
+      // TODO: maybe make this configurable or part of "strict" option
+      return {}
     }
     try {
@@ -77,16 +115,6 @@ function json (options) {
       })
     }
   }
-  const readOptions = {
-    ...normalizedOptions,
-    // assert charset per RFC 7159 sec 8.1
-    isValidCharset: (charset) => charset.slice(0, 4) === 'utf-'
-  }
-  return function jsonParser (req, res, next) {
-    read(req, res, next, parse, debug, readOptions)
-  }
 }
 /**
@@ -98,8 +126,8 @@ function json (options) {
  * @private
  */
 function createStrictSyntaxError (str, char) {
-  var index = str.indexOf(char)
-  var partial = ''
+  const index = str.indexOf(char)
+  let partial = ''
   if (index !== -1) {
     partial = str.substring(0, index) + JSON_SYNTAX_CHAR.repeat(str.length - index)
@@ -125,7 +153,7 @@ function createStrictSyntaxError (str, char) {
  * @private
  */
 function firstchar (str) {
-  var match = FIRST_CHAR_REGEXP.exec(str)
+  const match = FIRST_CHAR_REGEXP.exec(str)
   return match
     ? match[1]
@@ -141,10 +169,10 @@ function firstchar (str) {
  * @private
  */
 function normalizeJsonSyntaxError (error, obj) {
-  var keys = Object.getOwnPropertyNames(error)
+  const keys = Object.getOwnPropertyNames(error)
-  for (var i = 0; i < keys.length; i++) {
-    var key = keys[i]
+  for (let i = 0; i < keys.length; i++) {
+    const key = keys[i]
     if (key !== 'stack' && key !== 'message') {
       delete error[key]
     }

package/node_modules/body-parser/lib/types/raw.js CHANGED Viewed

@@ -10,9 +10,9 @@
  * Module dependencies.
  */
-var debug = require('debug')('body-parser:raw')
-var read = require('../read')
-var { normalizeOptions, passthrough } = require('../utils')
+const debug = require('debug')('body-parser:raw')
+const read = require('../read')
+const { normalizeOptions, passthrough } = require('../utils')
 /**
  * Module exports.

package/node_modules/body-parser/lib/types/text.js CHANGED Viewed

@@ -10,9 +10,9 @@
  * Module dependencies.
  */
-var debug = require('debug')('body-parser:text')
-var read = require('../read')
-var { normalizeOptions, passthrough } = require('../utils')
+const debug = require('debug')('body-parser:text')
+const read = require('../read')
+const { normalizeOptions, passthrough } = require('../utils')
 /**
  * Module exports.

package/node_modules/body-parser/lib/types/urlencoded.js CHANGED Viewed

@@ -12,11 +12,11 @@
  * @private
  */
-var createError = require('http-errors')
-var debug = require('debug')('body-parser:urlencoded')
-var read = require('../read')
-var qs = require('qs')
-var { normalizeOptions } = require('../utils')
+const createError = require('http-errors')
+const debug = require('debug')('body-parser:urlencoded')
+const read = require('../read')
+const qs = require('qs')
+const { normalizeOptions } = require('../utils')
 /**
  * Module exports.
@@ -39,13 +39,7 @@ function urlencoded (options) {
   }
   // create the appropriate query parser
-  var queryparse = createQueryParser(options)
-  function parse (body, encoding) {
-    return body.length
-      ? queryparse(body, encoding)
-      : {}
-  }
+  const parse = createQueryParser(options)
   const readOptions = {
     ...normalizedOptions,
@@ -66,13 +60,13 @@ function urlencoded (options) {
  * @private
  */
 function createQueryParser (options) {
-  var extended = Boolean(options?.extended)
-  var parameterLimit = options?.parameterLimit !== undefined
+  const extended = Boolean(options?.extended)
+  let parameterLimit = options?.parameterLimit !== undefined
     ? options?.parameterLimit
     : 1000
-  var charsetSentinel = options?.charsetSentinel
-  var interpretNumericEntities = options?.interpretNumericEntities
-  var depth = extended ? (options?.depth !== undefined ? options?.depth : 32) : 0
+  const charsetSentinel = options?.charsetSentinel
+  const interpretNumericEntities = options?.interpretNumericEntities
+  const depth = extended ? (options?.depth !== undefined ? options?.depth : 32) : 0
   if (isNaN(parameterLimit) || parameterLimit < 1) {
     throw new TypeError('option parameterLimit must be a positive number')
@@ -86,8 +80,10 @@ function createQueryParser (options) {
     parameterLimit = parameterLimit | 0
   }
-  return function queryparse (body, encoding) {
-    var paramCount = parameterCount(body, parameterLimit)
+  return function parse (body, encoding) {
+    if (!body.length) return {}
+    const paramCount = parameterCount(body, parameterLimit)
     if (paramCount === undefined) {
       debug('too many parameters')
@@ -96,7 +92,7 @@ function createQueryParser (options) {
       })
     }
-    var arrayLimit = extended ? Math.max(100, paramCount) : paramCount
+    const arrayLimit = extended ? Math.max(100, paramCount) : paramCount
     debug('parse ' + (extended ? 'extended ' : '') + 'urlencoding')
     try {

package/node_modules/body-parser/lib/utils.js CHANGED Viewed

@@ -4,9 +4,9 @@
  * Module dependencies.
  */
-var bytes = require('bytes')
-var contentType = require('content-type')
-var typeis = require('type-is')
+const bytes = require('bytes')
+const contentType = require('content-type')
+const typeis = require('type-is')
 /**
  * Module exports.
@@ -25,11 +25,9 @@ module.exports = {
  * @private
  */
 function getCharset (req) {
-  try {
-    return (contentType.parse(req).parameters.charset || '').toLowerCase()
-  } catch {
-    return undefined
-  }
+  const header = req.headers['content-type']
+  if (!header) return undefined
+  return contentType.parse(header).parameters.charset?.toLowerCase()
 }
 /**
@@ -59,20 +57,24 @@ function normalizeOptions (options, defaultType) {
     throw new TypeError('defaultType must be provided')
   }
-  var inflate = options?.inflate !== false
-  var limit = typeof options?.limit !== 'number'
-    ? bytes.parse(options?.limit || '100kb')
-    : options?.limit
-  var type = options?.type || defaultType
-  var verify = options?.verify || false
-  var defaultCharset = options?.defaultCharset || 'utf-8'
+  const inflate = options?.inflate !== false
+  const limit = typeof options?.limit === 'undefined' || options?.limit === null
+    ? 102400 // 100kb default
+    : bytes.parse(options.limit)
+  const type = options?.type || defaultType
+  const verify = options?.verify || false
+  const defaultCharset = options?.defaultCharset || 'utf-8'
+  if (limit === null) {
+    throw new TypeError(`option limit "${String(options.limit)}" is invalid`)
+  }
   if (verify !== false && typeof verify !== 'function') {
     throw new TypeError('option verify must be function')
   }
   // create the appropriate type checking function
-  var shouldParse = typeof type !== 'function'
+  const shouldParse = typeof type !== 'function'
     ? typeChecker(type)
     : type

package/node_modules/body-parser/node_modules/content-type/dist/index.js ADDED Viewed

@@ -0,0 +1,170 @@
+"use strict";
+/*!
+ * content-type
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.format = format;
+exports.parse = parse;
+const TEXT_REGEXP = /^[\u0009\u0020-\u007e\u0080-\u00ff]*$/;
+const TOKEN_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/;
+/**
+ * RegExp to match chars that must be quoted-pair in RFC 9110 sec 5.6.4
+ */
+const QUOTE_REGEXP = /[\\"]/g;
+/**
+ * RegExp to match type in RFC 9110 sec 8.3.1
+ *
+ * media-type = type "/" subtype
+ * type       = token
+ * subtype    = token
+ */
+const TYPE_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+\/[!#$%&'*+.^_`|~0-9A-Za-z-]+$/;
+/**
+ * Null object perf optimization. Faster than `Object.create(null)` and `{ __proto__: null }`.
+ */
+const NullObject = /* @__PURE__ */ (() => {
+    const C = function () { };
+    C.prototype = Object.create(null);
+    return C;
+})();
+/**
+ * Format an object into a `Content-Type` header.
+ */
+function format(obj) {
+    const { type, parameters } = obj;
+    if (!type || !TYPE_REGEXP.test(type)) {
+        throw new TypeError(`Invalid type: ${type}`);
+    }
+    let result = type;
+    if (parameters) {
+        for (const param of Object.keys(parameters)) {
+            if (!TOKEN_REGEXP.test(param)) {
+                throw new TypeError(`Invalid parameter name: ${param}`);
+            }
+            result += `; ${param}=${qstring(parameters[param])}`;
+        }
+    }
+    return result;
+}
+/**
+ * Parse a `Content-Type` header.
+ */
+function parse(header, options) {
+    const len = header.length;
+    let index = skipOWS(header, 0, len);
+    const valueStart = index;
+    index = skipValue(header, index, len);
+    const valueEnd = trailingOWS(header, valueStart, index);
+    const type = header.slice(valueStart, valueEnd).toLowerCase();
+    const parameters = options?.parameters === false
+        ? new NullObject()
+        : parseParameters(header, index, len);
+    return { type, parameters };
+}
+const SP = 32; // " "
+const HTAB = 9; // "\t"
+const SEMI = 59; // ";"
+const EQ = 61; // "="
+const DQUOTE = 34; // '"'
+const BSLASH = 92; // "\\"
+/**
+ * Parses the parameters of a `Content-Type` header starting at the given index.
+ */
+function parseParameters(header, index, len) {
+    const parameters = new NullObject();
+    parameter: while (index < len) {
+        index = skipOWS(header, index + 1 /* Skip over ; */, len);
+        const keyStart = index;
+        while (index < len) {
+            const code = header.charCodeAt(index);
+            if (code === SEMI)
+                continue parameter;
+            if (code === EQ) {
+                const keyEnd = trailingOWS(header, keyStart, index);
+                const key = header.slice(keyStart, keyEnd).toLowerCase();
+                index = skipOWS(header, index + 1, len);
+                if (index < len && header.charCodeAt(index) === DQUOTE) {
+                    index++;
+                    let value = "";
+                    while (index < len) {
+                        const code = header.charCodeAt(index++);
+                        if (code === DQUOTE) {
+                            index = skipValue(header, index, len);
+                            if (parameters[key] === undefined)
+                                parameters[key] = value;
+                            break;
+                        }
+                        if (code === BSLASH && index < len) {
+                            value += header[index++];
+                            continue;
+                        }
+                        value += String.fromCharCode(code);
+                    }
+                    continue parameter;
+                }
+                const valueStart = index;
+                index = skipValue(header, index, len);
+                if (parameters[key] === undefined) {
+                    const valueEnd = trailingOWS(header, valueStart, index);
+                    parameters[key] = header.slice(valueStart, valueEnd);
+                }
+                continue parameter;
+            }
+            index++;
+        }
+    }
+    return parameters;
+}
+/**
+ * Skip over characters until a semicolon.
+ */
+function skipValue(str, index, len) {
+    while (index < len) {
+        const char = str.charCodeAt(index);
+        if (char === SEMI)
+            break;
+        index++;
+    }
+    return index;
+}
+/**
+ * Skip optional whitespace (OWS) in an HTTP header value.
+ *
+ * OWS is defined in RFC 9110 sec 5.6.3 as SP (" ") or HTAB ("\t").
+ */
+function skipOWS(header, index, len) {
+    while (index < len) {
+        const char = header.charCodeAt(index);
+        if (char !== SP && char !== HTAB)
+            break;
+        index++;
+    }
+    return index;
+}
+/**
+ * Trim optional whitespace (OWS) from the end of a substring.
+ *
+ * OWS is defined in RFC 9110 sec 5.6.3 as SP (" ") or HTAB ("\t").
+ */
+function trailingOWS(header, start, end) {
+    while (end > start) {
+        const char = header.charCodeAt(end - 1);
+        if (char !== SP && char !== HTAB)
+            break;
+        end--;
+    }
+    return end;
+}
+/**
+ * Serialize a parameter value.
+ */
+function qstring(str) {
+    if (TOKEN_REGEXP.test(str))
+        return str;
+    if (TEXT_REGEXP.test(str))
+        return `"${str.replace(QUOTE_REGEXP, "\\$&")}"`;
+    throw new TypeError(`Invalid parameter value: ${str}`);
+}
+//# sourceMappingURL=index.js.map

package/node_modules/body-parser/node_modules/content-type/package.json ADDED Viewed

@@ -0,0 +1,52 @@
+{
+  "name": "content-type",
+  "version": "2.0.0",
+  "description": "Create and parse HTTP Content-Type header",
+  "keywords": [
+    "content-type",
+    "http",
+    "req",
+    "res",
+    "rfc7231",
+    "rfc9110"
+  ],
+  "repository": "jshttp/content-type",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/express"
+  },
+  "license": "MIT",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "type": "commonjs",
+  "exports": "./dist/index.js",
+  "main": "./dist/index.js",
+  "typings": "./dist/index.d.ts",
+  "files": [
+    "dist/"
+  ],
+  "scripts": {
+    "bench": "vitest bench",
+    "build": "ts-scripts build",
+    "format": "ts-scripts format",
+    "prepare": "ts-scripts install && npm run build",
+    "specs": "ts-scripts specs",
+    "test": "ts-scripts test"
+  },
+  "devDependencies": {
+    "@borderless/ts-scripts": "^0.15.0",
+    "@vitest/coverage-v8": "^3.0.5",
+    "typescript": "^5.7.3",
+    "vitest": "^3.2.4"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "ts-scripts": {
+    "dist": [
+      "dist"
+    ],
+    "project": [
+      "tsconfig.build.json"
+    ]
+  }
+}

package/node_modules/body-parser/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "body-parser",
   "description": "Node.js body parsing middleware",
-  "version": "2.2.2",
+  "version": "2.3.0",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
     "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
@@ -12,28 +12,41 @@
     "type": "opencollective",
     "url": "https://opencollective.com/express"
   },
+  "type": "commonjs",
+  "exports": {
+    ".": "./index.js",
+    "./package.json": "./package.json",
+    "./json": "./lib/types/json.js",
+    "./raw": "./lib/types/raw.js",
+    "./text": "./lib/types/text.js",
+    "./urlencoded": "./lib/types/urlencoded.js",
+    "./lib/*": "./lib/*.js",
+    "./lib/*.js": "./lib/*.js",
+    "./lib/types/*": "./lib/types/*.js",
+    "./lib/types/*.js": "./lib/types/*.js"
+  },
   "dependencies": {
     "bytes": "^3.1.2",
-    "content-type": "^1.0.5",
+    "content-type": "^2.0.0",
     "debug": "^4.4.3",
-    "http-errors": "^2.0.0",
-    "iconv-lite": "^0.7.0",
+    "http-errors": "^2.0.1",
+    "iconv-lite": "^0.7.2",
     "on-finished": "^2.4.1",
-    "qs": "^6.14.1",
-    "raw-body": "^3.0.1",
-    "type-is": "^2.0.1"
+    "qs": "^6.15.2",
+    "raw-body": "^3.0.2",
+    "type-is": "^2.1.0"
   },
   "devDependencies": {
     "eslint": "^8.57.1",
     "eslint-config-standard": "^14.1.1",
-    "eslint-plugin-import": "^2.31.0",
+    "eslint-plugin-import": "^2.32.0",
     "eslint-plugin-markdown": "^3.0.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^6.6.0",
     "eslint-plugin-standard": "^4.1.0",
-    "mocha": "^11.1.0",
+    "mocha": "^11.7.6",
     "nyc": "^17.1.0",
-    "supertest": "^7.0.0"
+    "supertest": "^7.2.2"
   },
   "files": [
     "lib/",

package/node_modules/form-data/lib/form_data.js CHANGED Viewed

@@ -15,6 +15,18 @@ var setToStringTag = require('es-set-tostringtag');
 var hasOwn = require('hasown');
 var populate = require('./populate.js');
+/**
+ * Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field
+ * name or filename can not break out of its header line to inject headers or
+ * smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding.
+ *
+ * @param {string} str - the parameter value to escape
+ * @returns {string} the escaped value
+ */
+function escapeHeaderParam(str) {
+  return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22');
+}
 /**
  * Create readable "multipart/form-data" streams.
  * Can be used to submit forms
@@ -180,7 +192,7 @@ FormData.prototype._multiPartHeader = function (field, value, options) {
   var contents = '';
   var headers = {
     // add custom disposition as third element or keep it two elements if not
-    'Content-Disposition': ['form-data', 'name="' + field + '"'].concat(contentDisposition || []),
+    'Content-Disposition': ['form-data', 'name="' + escapeHeaderParam(field) + '"'].concat(contentDisposition || []),
     // if no content type. allow it to be empty array
     'Content-Type': [].concat(contentType || [])
   };
@@ -234,7 +246,7 @@ FormData.prototype._getContentDisposition = function (value, options) { // eslin
   }
   if (filename) {
-    return 'filename="' + filename + '"';
+    return 'filename="' + escapeHeaderParam(filename) + '"';
   }
 };

package/node_modules/form-data/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "author": "Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)",
   "name": "form-data",
   "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.",
-  "version": "4.0.5",
+  "version": "4.0.6",
   "repository": {
     "type": "git",
     "url": "git://github.com/form-data/form-data.git"
@@ -43,12 +43,12 @@
     "asynckit": "^0.4.0",
     "combined-stream": "^1.0.8",
     "es-set-tostringtag": "^2.1.0",
-    "hasown": "^2.0.2",
-    "mime-types": "^2.1.12"
+    "hasown": "^2.0.4",
+    "mime-types": "^2.1.35"
   },
   "devDependencies": {
-    "@ljharb/eslint-config": "^21.4.0",
-    "auto-changelog": "^2.5.0",
+    "@ljharb/eslint-config": "^22.2.3",
+    "auto-changelog": "^2.6.0",
     "browserify": "^13.3.0",
     "browserify-istanbul": "^2.0.0",
     "coveralls": "^3.1.1",
@@ -60,7 +60,7 @@
     "in-publish": "^2.0.1",
     "is-node-modern": "^1.0.0",
     "istanbul": "^0.4.5",
-    "js-randomness-predictor": "^1.5.5",
+    "js-randomness-predictor": "^3.6.0",
     "obake": "^0.1.2",
     "pkgfiles": "^2.3.2",
     "pre-commit": "^1.2.2",
@@ -68,7 +68,7 @@
     "request": "~2.87.0",
     "rimraf": "^2.7.1",
     "semver": "^6.3.1",
-    "tape": "^5.9.0"
+    "tape": "^5.10.1"
   },
   "license": "MIT",
   "auto-changelog": {