@st-gr/sail-proxy 0.9.2 → 0.9.3

package/bundled/gateway/node_modules/axios/index.d.cts

@@ -66,9 +66,7 @@ declare class AxiosHeaders {
     ...targets: Array<AxiosHeaders | axios.RawAxiosHeaders | string | undefined | null>
   ): AxiosHeaders;
 
-  toJSON(asStrings: true): Record<string, string>;
-  toJSON(asStrings?: false): Record<string, string | string[]>;
-  toJSON(asStrings?: boolean): Record<string, string | string[]>;
+  toJSON(asStrings?: boolean): axios.RawAxiosHeaders;
 
   static from(thing?: AxiosHeaders | axios.RawAxiosHeaders | string): AxiosHeaders;
 
@@ -164,9 +162,7 @@ declare class AxiosError<T = unknown, D = any> extends Error {
   static readonly ETIMEDOUT = 'ETIMEDOUT';
 }
 
-declare class CanceledError<T> extends AxiosError<T> {
-  readonly name: 'CanceledError';
-}
+declare class CanceledError<T> extends AxiosError<T> {}
 
 declare class Axios {
   constructor(config?: axios.AxiosRequestConfig);
@@ -396,7 +392,6 @@ declare namespace axios {
     forcedJSONParsing?: boolean;
     clarifyTimeoutError?: boolean;
     legacyInterceptorReqResOrdering?: boolean;
-    advertiseZstdAcceptEncoding?: boolean;
   }
 
   interface GenericAbortSignal {
@@ -696,7 +691,7 @@ declare namespace axios {
     CanceledError: typeof CanceledError;
     HttpStatusCode: typeof HttpStatusCode;
     readonly VERSION: string;
-    isCancel<T = any>(value: any): value is CanceledError<T>;
+    isCancel(value: any): value is Cancel;
     all<T>(values: Array<T | Promise<T>>): Promise<T[]>;
     spread<T, R>(callback: (...args: T[]) => R): (array: T[]) => R;
     isAxiosError<T = any, D = any>(payload: any): payload is AxiosError<T, D>;

package/bundled/gateway/node_modules/axios/index.d.ts

@@ -47,9 +47,7 @@ export class AxiosHeaders {
     ...targets: Array<AxiosHeaders | RawAxiosHeaders | string | undefined | null>
   ): AxiosHeaders;
 
-  toJSON(asStrings: true): Record<string, string>;
-  toJSON(asStrings?: false): Record<string, string | string[]>;
-  toJSON(asStrings?: boolean): Record<string, string | string[]>;
+  toJSON(asStrings?: boolean): RawAxiosHeaders;
 
   static from(thing?: AxiosHeaders | RawAxiosHeaders | string): AxiosHeaders;
 
@@ -283,7 +281,6 @@ export interface TransitionalOptions {
   forcedJSONParsing?: boolean;
   clarifyTimeoutError?: boolean;
   legacyInterceptorReqResOrdering?: boolean;
-  advertiseZstdAcceptEncoding?: boolean;
 }
 
 export interface GenericAbortSignal {

package/bundled/gateway/node_modules/axios/lib/adapters/fetch.js

@@ -19,35 +19,6 @@ const DEFAULT_CHUNK_SIZE = 64 * 1024;
 
 const { isFunction } = utils;
 
-/**
- * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
- * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
- *
- * @param {string} str The string to encode
- *
- * @returns {string} UTF-8 bytes as a Latin-1 string
- */
-const encodeUTF8 = (str) =>
-  encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
-    String.fromCharCode(parseInt(hex, 16))
-  );
-
-// Node's WHATWG URL parser returns `username` and `password` percent-encoded.
-// Decode before composing the `auth` option so credentials such as
-// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
-// original value for malformed input so a bad encoding never throws.
-const decodeURIComponentSafe = (value) => {
-  if (!utils.isString(value)) {
-    return value;
-  }
-
-  try {
-    return decodeURIComponent(value);
-  } catch (error) {
-    return value;
-  }
-};
-
 const test = (fn, ...args) => {
   try {
     return !!fn(...args);
@@ -56,15 +27,6 @@ const test = (fn, ...args) => {
   }
 };
 
-const maybeWithAuthCredentials = (url) => {
-  const protocolIndex = url.indexOf('://');
-  let urlToCheck = url;
-  if (protocolIndex !== -1) {
-    urlToCheck = urlToCheck.slice(protocolIndex + 3);
-  }
-  return urlToCheck.includes('@') || urlToCheck.includes(':');
-};
-
 const factory = (env) => {
   const globalObject =
     utils.global !== undefined && utils.global !== null
@@ -212,7 +174,6 @@ const factory = (env) => {
 
     const hasMaxContentLength = utils.isNumber(maxContentLength) && maxContentLength > -1;
     const hasMaxBodyLength = utils.isNumber(maxBodyLength) && maxBodyLength > -1;
-    const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
 
     let _fetch = envFetch || fetch;
 
@@ -235,46 +196,6 @@ const factory = (env) => {
     let requestContentLength;
 
     try {
-      // HTTP basic authentication
-      let auth = undefined;
-      const configAuth = own('auth');
-
-      if (configAuth) {
-        const username = configAuth.username || '';
-        const password = configAuth.password || '';
-        auth = {
-          username,
-          password
-        };
-      }
-
-      if (maybeWithAuthCredentials(url)) {
-        const parsedURL = new URL(url, platform.origin);
-
-        if (!auth && (parsedURL.username || parsedURL.password)) {
-          const urlUsername = decodeURIComponentSafe(parsedURL.username);
-          const urlPassword = decodeURIComponentSafe(parsedURL.password);
-          auth = {
-            username: urlUsername,
-            password: urlPassword
-          };
-        }
-
-        if (parsedURL.username || parsedURL.password) {
-          parsedURL.username = '';
-          parsedURL.password = '';
-          url = parsedURL.href;
-        }
-      }
-
-      if (auth) {
-        headers.delete('authorization');
-        headers.set(
-          'Authorization',
-          'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || '')))
-        );
-      }
-
       // Enforce maxContentLength for data: URLs up-front so we never materialize
       // an oversized payload. The HTTP adapter applies the same check (see http.js
       // "if (protocol === 'data:')" branch).

package/bundled/gateway/node_modules/axios/lib/adapters/http.js

@@ -24,7 +24,6 @@ import { EventEmitter } from 'events';
 import formDataToStream from '../helpers/formDataToStream.js';
 import readBlob from '../helpers/readBlob.js';
 import ZlibHeaderTransformStream from '../helpers/ZlibHeaderTransformStream.js';
-import Http2Sessions from '../helpers/Http2Sessions.js';
 import callbackify from '../helpers/callbackify.js';
 import shouldBypassProxy from '../helpers/shouldBypassProxy.js';
 import { toByteStringHeaderObject } from '../helpers/sanitizeHeaderValue.js';
@@ -45,15 +44,7 @@ const brotliOptions = {
   finishFlush: zlib.constants.BROTLI_OPERATION_FLUSH,
 };
 
-const zstdOptions = {
-  flush: zlib.constants.ZSTD_e_flush,
-  finishFlush: zlib.constants.ZSTD_e_flush,
-};
-
 const isBrotliSupported = utils.isFunction(zlib.createBrotliDecompress);
-const isZstdSupported = utils.isFunction(zlib.createZstdDecompress);
-const ACCEPT_ENCODING = 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : '');
-const ACCEPT_ENCODING_WITH_ZSTD = ACCEPT_ENCODING + (isZstdSupported ? ', zstd' : '');
 
 const { http: httpFollow, https: httpsFollow } = followRedirects;
 
@@ -112,14 +103,6 @@ function getTunnelingAgent(agentOptions, userHttpsAgent) {
     ? { ...userHttpsAgent.options, ...agentOptions }
     : agentOptions;
   agent = new HttpsProxyAgent(merged);
-  if (userHttpsAgent && userHttpsAgent.options) {
-    const originTLSOptions = { ...userHttpsAgent.options };
-    const callback = agent.callback;
-    agent.callback = function axiosTunnelingAgentCallback(req, opts) {
-      // HttpsProxyAgent v5 reads callback opts for the post-CONNECT origin TLS upgrade.
-      return callback.call(this, req, { ...originTLSOptions, ...opts });
-    };
-  }
   agent[kAxiosInstalledTunnel] = true;
   cache.set(key, agent);
   return agent;
@@ -151,11 +134,114 @@ const flushOnFinish = (stream, [throttled, flush]) => {
   return throttled;
 };
 
+class Http2Sessions {
+  constructor() {
+    this.sessions = Object.create(null);
+  }
+
+  getSession(authority, options) {
+    options = Object.assign(
+      {
+        sessionTimeout: 1000,
+      },
+      options
+    );
+
+    let authoritySessions = this.sessions[authority];
+
+    if (authoritySessions) {
+      let len = authoritySessions.length;
+
+      for (let i = 0; i < len; i++) {
+        const [sessionHandle, sessionOptions] = authoritySessions[i];
+        if (
+          !sessionHandle.destroyed &&
+          !sessionHandle.closed &&
+          util.isDeepStrictEqual(sessionOptions, options)
+        ) {
+          return sessionHandle;
+        }
+      }
+    }
+
+    const session = http2.connect(authority, options);
+
+    let removed;
+
+    const removeSession = () => {
+      if (removed) {
+        return;
+      }
+
+      removed = true;
+
+      let entries = authoritySessions,
+        len = entries.length,
+        i = len;
+
+      while (i--) {
+        if (entries[i][0] === session) {
+          if (len === 1) {
+            delete this.sessions[authority];
+          } else {
+            entries.splice(i, 1);
+          }
+          if (!session.closed) {
+            session.close();
+          }
+          return;
+        }
+      }
+    };
+
+    const originalRequestFn = session.request;
+
+    const { sessionTimeout } = options;
+
+    if (sessionTimeout != null) {
+      let timer;
+      let streamsCount = 0;
+
+      session.request = function () {
+        const stream = originalRequestFn.apply(this, arguments);
+
+        streamsCount++;
+
+        if (timer) {
+          clearTimeout(timer);
+          timer = null;
+        }
+
+        stream.once('close', () => {
+          if (!--streamsCount) {
+            timer = setTimeout(() => {
+              timer = null;
+              removeSession();
+            }, sessionTimeout);
+          }
+        });
+
+        return stream;
+      };
+    }
+
+    session.once('close', removeSession);
+
+    let entry = [session, options];
+
+    authoritySessions
+      ? authoritySessions.push(entry)
+      : (authoritySessions = this.sessions[authority] = [entry]);
+
+    return session;
+  }
+}
+
 const http2Sessions = new Http2Sessions();
 
 /**
- * If the proxy, auth, or config beforeRedirects functions are defined, call them
- * with the options object.
+ * If the proxy or config beforeRedirects functions are defined, call them with the options
+ * object.
  *
  * @param {Object<string, any>} options - The options object that was passed to the request.
  *
@@ -165,9 +251,6 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
   if (options.beforeRedirects.proxy) {
     options.beforeRedirects.proxy(options);
   }
-  if (options.beforeRedirects.auth) {
-    options.beforeRedirects.auth(options);
-  }
   if (options.beforeRedirects.config) {
     options.beforeRedirects.config(options, responseDetails, requestDetails);
   }
@@ -435,7 +518,6 @@ export default isHttpAdapterSupported &&
   function httpAdapter(config) {
     return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
       const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
-      const transitional = own('transitional') || transitionalDefaults;
       let data = own('data');
       let lookup = own('lookup');
       let family = own('family');
@@ -489,7 +571,7 @@ export default isHttpAdapterSupported &&
             !reason || reason.type ? new CanceledError(null, config, req) : reason
           );
         } catch (err) {
-          // ignore emit errors
+          console.warn('emit error', err);
         }
       }
 
@@ -504,6 +586,7 @@ export default isHttpAdapterSupported &&
         let timeoutErrorMessage = config.timeout
           ? 'timeout of ' + config.timeout + 'ms exceeded'
           : 'timeout exceeded';
+        const transitional = config.transitional || transitionalDefaults;
         if (config.timeoutErrorMessage) {
           timeoutErrorMessage = config.timeoutErrorMessage;
         }
@@ -752,7 +835,7 @@ export default isHttpAdapterSupported &&
         auth = username + ':' + password;
       }
 
-      if (!auth && (parsed.username || parsed.password)) {
+      if (!auth && parsed.username) {
         const urlUsername = decodeURIComponentSafe(parsed.username);
         const urlPassword = decodeURIComponentSafe(parsed.password);
         auth = urlUsername + ':' + urlPassword;
@@ -778,8 +861,7 @@ export default isHttpAdapterSupported &&
 
       headers.set(
         'Accept-Encoding',
-        utils.hasOwnProp(transitional, 'advertiseZstdAcceptEncoding') &&
-        transitional.advertiseZstdAcceptEncoding === true ? ACCEPT_ENCODING_WITH_ZSTD : ACCEPT_ENCODING,
+        'gzip, compress, deflate' + (isBrotliSupported ? ', br' : ''),
         false
       );
 
@@ -801,21 +883,19 @@ export default isHttpAdapterSupported &&
       // cacheable-lookup integration hotfix
       !utils.isUndefined(lookup) && (options.lookup = lookup);
 
-      const socketPath = own('socketPath');
-      if (socketPath) {
-        if (typeof socketPath !== 'string') {
+      if (config.socketPath) {
+        if (typeof config.socketPath !== 'string') {
           return reject(
             new AxiosError('socketPath must be a string', AxiosError.ERR_BAD_OPTION_VALUE, config)
           );
         }
 
-        const allowedSocketPaths = own('allowedSocketPaths');
-        if (allowedSocketPaths != null) {
-          const allowed = Array.isArray(allowedSocketPaths)
-            ? allowedSocketPaths
-            : [allowedSocketPaths];
+        if (config.allowedSocketPaths != null) {
+          const allowed = Array.isArray(config.allowedSocketPaths)
+            ? config.allowedSocketPaths
+            : [config.allowedSocketPaths];
 
-          const resolvedSocket = resolvePath(socketPath);
+          const resolvedSocket = resolvePath(config.socketPath);
           const isAllowed = allowed.some(
             (entry) => typeof entry === 'string' && resolvePath(entry) === resolvedSocket
           );
@@ -823,7 +903,7 @@ export default isHttpAdapterSupported &&
           if (!isAllowed) {
             return reject(
               new AxiosError(
-                `socketPath "${socketPath}" is not permitted by allowedSocketPaths`,
+                `socketPath "${config.socketPath}" is not permitted by allowedSocketPaths`,
                 AxiosError.ERR_BAD_OPTION_VALUE,
                 config
               )
@@ -831,7 +911,7 @@ export default isHttpAdapterSupported &&
           }
         }
 
-        options.socketPath = socketPath;
+        options.socketPath = config.socketPath;
       } else {
         options.hostname = parsed.hostname.startsWith('[')
           ? parsed.hostname.slice(1, -1)
@@ -871,23 +951,6 @@ export default isHttpAdapterSupported &&
           if (configBeforeRedirect) {
             options.beforeRedirects.config = configBeforeRedirect;
           }
-          if (auth) {
-            // Restore HTTP Basic credentials on same-origin redirects only.
-            // follow-redirects >= 1.15.8 strips Authorization on every redirect (see #6929);
-            // cross-origin stripping is the documented mitigation for T-R2 in THREATMODEL.md
-            // and is preserved by deliberately not restoring on origin change.
-            const requestOrigin = parsed.origin;
-            const authToRestore = auth;
-            options.beforeRedirects.auth = function beforeRedirectAuth(redirectOptions) {
-              try {
-                if (new URL(redirectOptions.href).origin === requestOrigin) {
-                  redirectOptions.auth = authToRestore;
-                }
-              } catch (e) {
-                // ignore malformed URL: leaving auth stripped is fail-safe
-              }
-            };
-          }
           transport = isHttpsRequest ? httpsFollow : httpFollow;
         }
       }
@@ -974,13 +1037,6 @@ export default isHttpAdapterSupported &&
                 streams.push(zlib.createBrotliDecompress(brotliOptions));
                 delete res.headers['content-encoding'];
               }
-              break;
-            case 'zstd':
-              if (isZstdSupported) {
-                streams.push(zlib.createZstdDecompress(zstdOptions));
-                delete res.headers['content-encoding'];
-              }
-              break;
           }
         }
 

package/bundled/gateway/node_modules/axios/lib/core/Axios.js

@@ -101,7 +101,6 @@ class Axios {
           forcedJSONParsing: validators.transitional(validators.boolean),
           clarifyTimeoutError: validators.transitional(validators.boolean),
           legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
-          advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
         },
         false
       );

package/bundled/gateway/node_modules/axios/lib/core/AxiosHeaders.js

@@ -89,7 +89,7 @@ class AxiosHeaders {
       const lHeader = normalizeHeader(_header);
 
       if (!lHeader) {
-        return;
+        throw new Error('header name must be a non-empty string');
       }
 
       const key = utils.findKey(self, lHeader);
@@ -117,7 +117,7 @@ class AxiosHeaders {
         key;
       for (const entry of header) {
         if (!utils.isArray(entry)) {
-          throw new TypeError('Object iterator must return a key-value pair');
+          throw TypeError('Object iterator must return a key-value pair');
         }
 
         obj[(key = entry[0])] = (dest = obj[key])

package/bundled/gateway/node_modules/axios/lib/defaults/transitional.js

@@ -5,5 +5,4 @@ export default {
   forcedJSONParsing: true,
   clarifyTimeoutError: false,
   legacyInterceptorReqResOrdering: true,
-  advertiseZstdAcceptEncoding: false,
 };

package/bundled/gateway/node_modules/axios/lib/env/data.js

@@ -1 +1 @@
-export const VERSION = "1.17.0";
+export const VERSION = "1.16.1";

package/bundled/gateway/node_modules/axios/lib/helpers/buildURL.js

@@ -1,7 +1,7 @@
 'use strict';
 
 import utils from '../utils.js';
-import AxiosURLSearchParams from './AxiosURLSearchParams.js';
+import AxiosURLSearchParams from '../helpers/AxiosURLSearchParams.js';
 
 /**
  * It replaces URL-encoded forms of `:`, `$`, `,`, and spaces with

package/bundled/gateway/node_modules/axios/lib/helpers/formDataToStream.js

@@ -73,11 +73,11 @@ const formDataToStream = (form, headersHandler, options) => {
   } = options || {};
 
   if (!utils.isFormData(form)) {
-    throw new TypeError('FormData instance required');
+    throw TypeError('FormData instance required');
   }
 
   if (boundary.length < 1 || boundary.length > 70) {
-    throw new Error('boundary must be 1-70 characters long');
+    throw Error('boundary must be 1-70 characters long');
   }
 
   const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);

package/bundled/gateway/node_modules/axios/lib/helpers/resolveConfig.js

@@ -35,7 +35,7 @@ const encodeUTF8 = (str) =>
     String.fromCharCode(parseInt(hex, 16))
   );
 
-function resolveConfig(config) {
+export default (config) => {
   const newConfig = mergeConfig({}, config);
 
   // Read only own properties to prevent prototype pollution gadgets
@@ -56,8 +56,8 @@ function resolveConfig(config) {
 
   newConfig.url = buildURL(
     buildFullPath(baseURL, url, allowAbsoluteUrls),
-    own('params'),
-    own('paramsSerializer')
+    config.params,
+    config.paramsSerializer
   );
 
   // HTTP basic authentication
@@ -70,12 +70,8 @@ function resolveConfig(config) {
   }
 
   if (utils.isFormData(data)) {
-    if (
-      platform.hasStandardBrowserEnv ||
-      platform.hasStandardBrowserWebWorkerEnv ||
-      utils.isReactNative(data)
-    ) {
-      headers.setContentType(undefined); // browser/web worker/RN handles it
+    if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
+      headers.setContentType(undefined); // browser handles it
     } else if (utils.isFunction(data.getHeaders)) {
       // Node.js FormData (like form-data package)
       setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -107,6 +103,4 @@ function resolveConfig(config) {
   }
 
   return newConfig;
-}
-
-export default resolveConfig;
+};

package/bundled/gateway/node_modules/axios/lib/helpers/toFormData.js

@@ -219,7 +219,7 @@ function toFormData(obj, formData, options) {
     }
 
     if (stack.indexOf(value) !== -1) {
-      throw new Error('Circular reference detected in ' + path.join('.'));
+      throw Error('Circular reference detected in ' + path.join('.'));
     }
 
     stack.push(value);

package/bundled/gateway/node_modules/axios/lib/utils.js

@@ -412,9 +412,7 @@ function merge(...objs) {
       return;
     }
 
-    // findKey lowercases the key, so caseless lookup only applies to strings —
-    // symbol keys are identity-matched.
-    const targetKey = (caseless && typeof key === 'string' && findKey(result, key)) || key;
+    const targetKey = (caseless && findKey(result, key)) || key;
     // Read via own-prop only — a bare `result[targetKey]` walks the prototype
     // chain, so a polluted Object.prototype value could surface here and get
     // copied into the merged result.
@@ -431,24 +429,7 @@ function merge(...objs) {
   };
 
   for (let i = 0, l = objs.length; i < l; i++) {
-    const source = objs[i];
-    if (!source || isBuffer(source)) {
-      continue;
-    }
-
-    forEach(source, assignValue);
-
-    if (typeof source !== 'object' || isArray(source)) {
-      continue;
-    }
-
-    const symbols = Object.getOwnPropertySymbols(source);
-    for (let j = 0; j < symbols.length; j++) {
-      const symbol = symbols[j];
-      if (propertyIsEnumerable.call(source, symbol)) {
-        assignValue(source[symbol], symbol);
-      }
-    }
+    objs[i] && forEach(objs[i], assignValue);
   }
   return result;
 }
@@ -677,8 +658,6 @@ const hasOwnProperty = (
     hasOwnProperty.call(obj, prop)
 )(Object.prototype);
 
-const { propertyIsEnumerable } = Object.prototype;
-
 /**
  * Determine if a value is a RegExp object
  *