npm - @quantiya/codevibe-claude-plugin - Versions diffs - 1.0.36 → 1.0.38 - Mend

@quantiya/codevibe-claude-plugin 1.0.36 → 1.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/node_modules/qs/test/parse.js CHANGED Viewed

@@ -213,6 +213,18 @@ test('parse()', function (t) {
         st.end();
     });
+    t.test('ignores prototype keys when depth = 0 and allowPrototypes is false', function (st) {
+        st.deepEqual(qs.parse('toString=foo', { depth: 0 }), {});
+        st.deepEqual(qs.parse('hasOwnProperty=bar', { depth: 0 }), {});
+        st.deepEqual(qs.parse('toString=foo&a=b', { depth: 0 }), { a: 'b' });
+        st.end();
+    });
+    t.test('allows prototype keys when depth = 0 and allowPrototypes is true', function (st) {
+        st.deepEqual(qs.parse('toString=foo', { depth: 0, allowPrototypes: true }), { toString: 'foo' });
+        st.end();
+    });
     t.test('uses original key when depth = false', function (st) {
         st.deepEqual(qs.parse('a[0]=b&a[1]=c', { depth: false }), { 'a[0]': 'b', 'a[1]': 'c' });
         st.deepEqual(qs.parse('a[0][0]=b&a[0][1]=c&a[1]=d&e=2', { depth: false }), { 'a[0][0]': 'b', 'a[0][1]': 'c', 'a[1]': 'd', e: '2' });
@@ -235,11 +247,11 @@ test('parse()', function (t) {
         st.deepEqual(qs.parse('a=b&a[0]=c'), { a: ['b', 'c'] });
         st.deepEqual(qs.parse('a[1]=b&a=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
         st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
         st.deepEqual(qs.parse('a=b&a[1]=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
         st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
         st.end();
@@ -261,11 +273,11 @@ test('parse()', function (t) {
     });
     t.test('limits specific array indices to arrayLimit', function (st) {
-        st.deepEqual(qs.parse('a[20]=a', { arrayLimit: 20 }), { a: ['a'] });
-        st.deepEqual(qs.parse('a[21]=a', { arrayLimit: 20 }), { a: { 21: 'a' } });
+        st.deepEqual(qs.parse('a[19]=a', { arrayLimit: 20 }), { a: ['a'] });
+        st.deepEqual(qs.parse('a[20]=a', { arrayLimit: 20 }), { a: { 20: 'a' } });
-        st.deepEqual(qs.parse('a[20]=a'), { a: ['a'] });
-        st.deepEqual(qs.parse('a[21]=a'), { a: { 21: 'a' } });
+        st.deepEqual(qs.parse('a[19]=a'), { a: ['a'] });
+        st.deepEqual(qs.parse('a[20]=a'), { a: { 20: 'a' } });
         st.end();
     });
@@ -364,7 +376,7 @@ test('parse()', function (t) {
         );
         st.deepEqual(
             qs.parse('a[]=b&a[]&a[]=c&a[]=', { strictNullHandling: true, arrayLimit: 0 }),
-            { a: ['b', null, 'c', ''] },
+            { a: { 0: 'b', 1: null, 2: 'c', 3: '' } },
             'with arrayLimit 0 + array brackets: null then empty string works'
         );
@@ -375,7 +387,7 @@ test('parse()', function (t) {
         );
         st.deepEqual(
             qs.parse('a[]=b&a[]=&a[]=c&a[]', { strictNullHandling: true, arrayLimit: 0 }),
-            { a: ['b', '', 'c', null] },
+            { a: { 0: 'b', 1: '', 2: 'c', 3: null } },
             'with arrayLimit 0 + array brackets: empty string then null works'
         );
@@ -483,7 +495,7 @@ test('parse()', function (t) {
     t.test('allows overriding array limit', function (st) {
         st.deepEqual(qs.parse('a[0]=b', { arrayLimit: -1 }), { a: { 0: 'b' } });
-        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: 0 }), { a: ['b'] });
+        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: 0 }), { a: { 0: 'b' } });
         st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: -1 }), { a: { '-1': 'b' } });
         st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: 0 }), { a: { '-1': 'b' } });
@@ -784,25 +796,25 @@ test('parse()', function (t) {
     t.test('add keys to objects', function (st) {
         st.deepEqual(
-            qs.parse('a[b]=c&a=d'),
+            qs.parse('a[b]=c&a=d', { strictMerge: false }),
             { a: { b: 'c', d: true } },
             'can add keys to objects'
         );
         st.deepEqual(
-            qs.parse('a[b]=c&a=toString'),
+            qs.parse('a[b]=c&a=toString', { strictMerge: false }),
             { a: { b: 'c' } },
             'can not overwrite prototype'
         );
         st.deepEqual(
-            qs.parse('a[b]=c&a=toString', { allowPrototypes: true }),
+            qs.parse('a[b]=c&a=toString', { strictMerge: false, allowPrototypes: true }),
             { a: { b: 'c', toString: true } },
             'can overwrite prototype with allowPrototypes true'
         );
         st.deepEqual(
-            qs.parse('a[b]=c&a=toString', { plainObjects: true }),
+            qs.parse('a[b]=c&a=toString', { strictMerge: false, plainObjects: true }),
             { __proto__: null, a: { __proto__: null, b: 'c', toString: true } },
             'can overwrite prototype with plainObjects true'
         );
@@ -810,6 +822,34 @@ test('parse()', function (t) {
         st.end();
     });
+    t.test('strictMerge wraps object and primitive into an array', function (st) {
+        st.deepEqual(
+            qs.parse('a[b]=c&a=d'),
+            { a: [{ b: 'c' }, 'd'] },
+            'object then primitive produces array'
+        );
+        st.deepEqual(
+            qs.parse('a=d&a[b]=c'),
+            { a: ['d', { b: 'c' }] },
+            'primitive then object produces array'
+        );
+        st.deepEqual(
+            qs.parse('a[b]=c&a=toString'),
+            { a: [{ b: 'c' }, 'toString'] },
+            'prototype-colliding value is preserved in array'
+        );
+        st.deepEqual(
+            qs.parse('a[b]=c&a=toString', { plainObjects: true }),
+            { __proto__: null, a: [{ __proto__: null, b: 'c' }, 'toString'] },
+            'plainObjects preserved in array wrapping'
+        );
+        st.end();
+    });
     t.test('dunder proto is ignored', function (st) {
         var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
         var result = qs.parse(payload, { allowPrototypes: true });
@@ -996,6 +1036,20 @@ test('parse()', function (t) {
         st.end();
     });
+    t.test('handles a custom decoder returning `null`, with a string key of `null`', function (st) {
+        st.deepEqual(
+            qs.parse('null=1&ToNull=2', {
+                decoder: function (str, defaultDecoder, charset) {
+                    return str === 'ToNull' ? null : defaultDecoder(str, defaultDecoder, charset);
+                }
+            }),
+            { 'null': '1' },
+            '"null" key is not overridden by `null` decoder result'
+        );
+        st.end();
+    });
     t.test('does not interpret numeric entities in iso-8859-1 when `interpretNumericEntities` is absent', function (st) {
         st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1' }), { foo: '&#9786;' });
         st.end();
@@ -1032,6 +1086,15 @@ test('parse()', function (t) {
         };
         st.deepEqual(qs.parse('KeY=vAlUe', { decoder: decoder }), { key: 'VALUE' });
+        var noopDecoder = function () { return 'x'; };
+        noopDecoder();
+        st['throws'](
+            function () { decoder('x', noopDecoder, 'utf-8', 'unknown'); },
+            'this should never happen! type: unknown',
+            'decoder throws for unexpected type'
+        );
         st.end();
     });
@@ -1061,6 +1124,14 @@ test('parse()', function (t) {
                 new RangeError('Parameter limit exceeded. Only 3 parameters allowed.'),
                 'throws error when parameter limit is exceeded'
             );
+            sst['throws'](
+                function () {
+                    qs.parse('a=1&b=2', { parameterLimit: 1, throwOnLimitExceeded: true });
+                },
+                new RangeError('Parameter limit exceeded. Only 1 parameter allowed.'),
+                'throws error with singular "parameter" when parameterLimit is 1'
+            );
             sst.end();
         });
@@ -1082,6 +1153,12 @@ test('parse()', function (t) {
             sst.end();
         });
+        st.test('allows unlimited parameters when parameterLimit is Infinity and throwOnLimitExceeded is true', function (sst) {
+            var result = qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: Infinity, throwOnLimitExceeded: true });
+            sst.deepEqual(result, { a: '1', b: '2', c: '3', d: '4', e: '5', f: '6' }, 'parses all parameters without truncation or throwing');
+            sst.end();
+        });
         st.end();
     });
@@ -1104,6 +1181,7 @@ test('parse()', function (t) {
         });
         st.test('throws error when array limit exceeded', function (sst) {
+            // 4 elements exceeds limit of 3
             sst['throws'](
                 function () {
                     qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3, throwOnLimitExceeded: true });
@@ -1114,6 +1192,14 @@ test('parse()', function (t) {
             sst.end();
         });
+        st.test('does not throw when at limit', function (sst) {
+            // 3 elements = limit of 3, should not throw
+            var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3, throwOnLimitExceeded: true });
+            sst.ok(Array.isArray(result.a), 'result is an array');
+            sst.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+            sst.end();
+        });
         st.test('converts array to object if length is greater than limit', function (sst) {
             var result = qs.parse('a[1]=1&a[2]=2&a[3]=3&a[4]=4&a[5]=5&a[6]=6', { arrayLimit: 5 });
@@ -1121,6 +1207,59 @@ test('parse()', function (t) {
             sst.end();
         });
+        st.test('throws error when indexed notation exceeds arrayLimit with throwOnLimitExceeded', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a[1001]=b', { arrayLimit: 1000, throwOnLimitExceeded: true });
+                },
+                new RangeError('Array limit exceeded. Only 1000 elements allowed in an array.'),
+                'throws error for a single index exceeding arrayLimit'
+            );
+            sst['throws'](
+                function () {
+                    qs.parse('a[0]=1&a[1]=2&a[2]=3&a[10]=4', { arrayLimit: 6, throwOnLimitExceeded: true, allowSparse: true });
+                },
+                new RangeError('Array limit exceeded. Only 6 elements allowed in an array.'),
+                'throws error when a sparse index exceeds arrayLimit'
+            );
+            sst['throws'](
+                function () {
+                    qs.parse('a[2]=b', { arrayLimit: 1, throwOnLimitExceeded: true });
+                },
+                new RangeError('Array limit exceeded. Only 1 element allowed in an array.'),
+                'throws error with singular "element" when arrayLimit is 1'
+            );
+            sst.end();
+        });
+        st.test('does not throw for indexed notation within arrayLimit with throwOnLimitExceeded', function (sst) {
+            var result = qs.parse('a[4]=b', { arrayLimit: 5, throwOnLimitExceeded: true, allowSparse: true });
+            sst.ok(Array.isArray(result.a), 'result is an array');
+            sst.equal(result.a.length, 5, 'array has correct length');
+            sst.equal(result.a[4], 'b', 'value at index 4 is correct');
+            sst.end();
+        });
+        st.test('silently converts to object for indexed notation exceeding arrayLimit without throwOnLimitExceeded', function (sst) {
+            var result = qs.parse('a[1001]=b', { arrayLimit: 1000 });
+            sst.deepEqual(result, { a: { 1001: 'b' } }, 'converts to object without throwing');
+            sst.end();
+        });
+        st.test('throws when duplicate bracket keys exceed arrayLimit with throwOnLimitExceeded', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5, throwOnLimitExceeded: true });
+                },
+                new RangeError('Array limit exceeded. Only 5 elements allowed in an array.'),
+                'throws error when duplicate bracket notation exceeds array limit'
+            );
+            sst.end();
+        });
         st.end();
     });
@@ -1172,6 +1311,34 @@ test('`duplicates` option', function (t) {
         'duplicates: last'
     );
+    t.test('bracket notation always combines regardless of duplicates', function (st) {
+        st.deepEqual(
+            qs.parse('a=1&a=2&b[]=1&b[]=2', { duplicates: 'last' }),
+            { a: '2', b: ['1', '2'] },
+            'duplicates last: unbracketed takes last, bracketed combines'
+        );
+        st.deepEqual(
+            qs.parse('b[]=1&b[]=2', { duplicates: 'last' }),
+            { b: ['1', '2'] },
+            'duplicates last: bracketed always combines'
+        );
+        st.deepEqual(
+            qs.parse('b[]=1&b[]=2', { duplicates: 'first' }),
+            { b: ['1', '2'] },
+            'duplicates first: bracketed always combines'
+        );
+        st.deepEqual(
+            qs.parse('a=1&a=2&b[]=1&b[]=2', { duplicates: 'first' }),
+            { a: '1', b: ['1', '2'] },
+            'duplicates first: unbracketed takes first, bracketed combines'
+        );
+        st.end();
+    });
     t.end();
 });
@@ -1274,3 +1441,214 @@ test('qs strictDepth option - non-throw cases', function (t) {
         st.end();
     });
 });
+test('DOS', function (t) {
+    var arr = [];
+    for (var i = 0; i < 105; i++) {
+        arr[arr.length] = 'x';
+    }
+    var attack = 'a[]=' + arr.join('&a[]=');
+    var result = qs.parse(attack, { arrayLimit: 100 });
+    t.notOk(Array.isArray(result.a), 'arrayLimit is respected: result is an object, not an array');
+    t.equal(Object.keys(result.a).length, 105, 'all values are preserved');
+    t.end();
+});
+test('arrayLimit boundary conditions', function (t) {
+    // arrayLimit is the max number of elements allowed in an array
+    t.test('exactly at the limit stays as array', function (st) {
+        // 3 elements = limit of 3
+        var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3 });
+        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+    t.test('one over the limit converts to object', function (st) {
+        // 4 elements exceeds limit of 3
+        var result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3 });
+        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
+        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
+        st.end();
+    });
+    t.test('arrayLimit 1 with one value', function (st) {
+        // 1 element = limit of 1
+        var result = qs.parse('a[]=1', { arrayLimit: 1 });
+        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
+        st.deepEqual(result.a, ['1'], 'value preserved as array');
+        st.end();
+    });
+    t.test('arrayLimit 1 with two values converts to object', function (st) {
+        // 2 elements exceeds limit of 1
+        var result = qs.parse('a[]=1&a[]=2', { arrayLimit: 1 });
+        st.notOk(Array.isArray(result.a), 'result is not an array');
+        st.deepEqual(result.a, { 0: '1', 1: '2' }, 'all values preserved as object');
+        st.end();
+    });
+    t.end();
+});
+test('comma + arrayLimit', function (t) {
+    t.test('comma-separated values within arrayLimit stay as array', function (st) {
+        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 5 });
+        st.ok(Array.isArray(result.a), 'result is an array');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+    t.test('comma-separated values exceeding arrayLimit convert to object', function (st) {
+        var result = qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3 });
+        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
+        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
+        st.end();
+    });
+    t.test('comma-separated values exceeding arrayLimit with throwOnLimitExceeded throws', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3, throwOnLimitExceeded: true });
+            },
+            new RangeError('Array limit exceeded. Only 3 elements allowed in an array.'),
+            'throws error when comma-split exceeds array limit'
+        );
+        st['throws'](
+            function () {
+                qs.parse('a=1,2,3', { comma: true, arrayLimit: 1, throwOnLimitExceeded: true });
+            },
+            new RangeError('Array limit exceeded. Only 1 element allowed in an array.'),
+            'throws error with singular "element" when arrayLimit is 1'
+        );
+        st.end();
+    });
+    t.test('comma-separated values at exactly arrayLimit stay as array', function (st) {
+        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 3 });
+        st.ok(Array.isArray(result.a), 'result is an array when exactly at limit');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+    t.end();
+});
+test('mixed array and object notation', function (t) {
+    t.test('array brackets with object key - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[]=b&a[c]=d'),
+            { a: { 0: 'b', c: 'd' } },
+            'mixing [] and [key] converts to object'
+        );
+        st.end();
+    });
+    t.test('array index with object key - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[0]=b&a[c]=d'),
+            { a: { 0: 'b', c: 'd' } },
+            'mixing [0] and [key] produces object'
+        );
+        st.end();
+    });
+    t.test('plain value with array brackets - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a[]=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            'plain value combined with [] stays as array under limit'
+        );
+        st.end();
+    });
+    t.test('array brackets with plain value - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[]=b&a=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            '[] combined with plain value stays as array under limit'
+        );
+        st.end();
+    });
+    t.test('plain value with array index - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a[0]=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            'plain value combined with [0] stays as array under limit'
+        );
+        st.end();
+    });
+    t.test('multiple plain values with duplicates combine', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a=c&a=d', { arrayLimit: 20 }),
+            { a: ['b', 'c', 'd'] },
+            'duplicate plain keys combine into array'
+        );
+        st.end();
+    });
+    t.test('multiple plain values exceeding limit', function (st) {
+        // 3 elements (indices 0-2), max index 2 > limit 1
+        st.deepEqual(
+            qs.parse('a=b&a=c&a=d', { arrayLimit: 1 }),
+            { a: { 0: 'b', 1: 'c', 2: 'd' } },
+            'duplicate plain keys convert to object when exceeding limit'
+        );
+        st.end();
+    });
+    t.test('mixed notation produces consistent results when arrayLimit is exceeded', function (st) {
+        var expected = { a: { 0: 'b', 1: 'c', 2: 'd' } };
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: -1 }),
+            expected,
+            'arrayLimit -1'
+        );
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 0 }),
+            expected,
+            'arrayLimit 0'
+        );
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 1 }),
+            expected,
+            'arrayLimit 1'
+        );
+        st.end();
+    });
+    t.test('uses existing array length for currentArrayLength when parsing object input with bracket keys', function (st) {
+        var input = {};
+        var arr = ['x', 'y'];
+        arr.a = ['z', 'w'];
+        input['a[]'] = arr;
+        st.deepEqual(qs.parse(input), { a: ['x', 'y'] }, 'parses object input with bracket keys using existing array values');
+        st.end();
+    });
+    t.test('throws with singular message when object input bracket key exceeds arrayLimit of 1', function (st) {
+        var input = {};
+        var arr = ['x'];
+        arr.a = ['z', 'w'];
+        input['a[]'] = arr;
+        st['throws'](
+            function () {
+                qs.parse(input, { throwOnLimitExceeded: true, arrayLimit: 1 });
+            },
+            new RangeError('Array limit exceeded. Only 1 element allowed in an array.'),
+            'throws singular error for object input exceeding arrayLimit 1'
+        );
+        st.end();
+    });
+    t.end();
+});

package/node_modules/qs/test/stringify.js CHANGED Viewed

@@ -1188,6 +1188,15 @@ test('stringify()', function (t) {
         };
         st.deepEqual(qs.stringify({ KeY: 'vAlUe' }, { encoder: encoder }), 'key=VALUE');
+        var noopEncoder = function () { return 'x'; };
+        noopEncoder();
+        st['throws'](
+            function () { encoder('x', noopEncoder, 'utf-8', 'unknown'); },
+            'this should never happen! type: unknown',
+            'encoder throws for unexpected type'
+        );
         st.end();
     });
@@ -1293,13 +1302,17 @@ test('stringifies empty keys', function (t) {
     });
     t.test('stringifies non-string keys', function (st) {
-        var actual = qs.stringify({ a: 'b', 'false': {} }, {
-            filter: ['a', false, null],
+        var S = Object('abc');
+        S.toString = function () {
+            return 'd';
+        };
+        var actual = qs.stringify({ a: 'b', 'false': {}, 1e+22: 'c', d: 'e' }, {
+            filter: ['a', false, null, 10000000000000000000000, S],
             allowDots: true,
             encodeDotInKeys: true
         });
-        st.equal(actual, 'a=b', 'stringifies correctly');
+        st.equal(actual, 'a=b&1e%2B22=c&d=e', 'stringifies correctly');
         st.end();
     });