contentful 11.12.4 → 11.12.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -156,55 +156,42 @@ function _wrapAsyncGenerator(e) {
156
156
  };
157
157
  }
158
158
  function AsyncGenerator(e) {
159
- var r, t;
160
- function resume(r, t) {
159
+ var t, n;
160
+ function resume(t, n) {
161
161
  try {
162
- var n = e[r](t),
163
- o = n.value,
162
+ var r = e[t](n),
163
+ o = r.value,
164
164
  u = o instanceof _OverloadYield;
165
- Promise.resolve(u ? o.v : o).then(function (t) {
165
+ Promise.resolve(u ? o.v : o).then(function (n) {
166
166
  if (u) {
167
- var i = "return" === r ? "return" : "next";
168
- if (!o.k || t.done) return resume(i, t);
169
- t = e[i](t).value;
167
+ var i = "return" === t && o.k ? t : "next";
168
+ if (!o.k || n.done) return resume(i, n);
169
+ n = e[i](n).value;
170
170
  }
171
- settle(n.done ? "return" : "normal", t);
171
+ settle(!!r.done, n);
172
172
  }, function (e) {
173
173
  resume("throw", e);
174
174
  });
175
175
  } catch (e) {
176
- settle("throw", e);
176
+ settle(2, e);
177
177
  }
178
178
  }
179
- function settle(e, n) {
180
- switch (e) {
181
- case "return":
182
- r.resolve({
183
- value: n,
184
- done: true
185
- });
186
- break;
187
- case "throw":
188
- r.reject(n);
189
- break;
190
- default:
191
- r.resolve({
192
- value: n,
193
- done: false
194
- });
195
- }
196
- (r = r.next) ? resume(r.key, r.arg) : t = null;
179
+ function settle(e, r) {
180
+ 2 === e ? t.reject(r) : t.resolve({
181
+ value: r,
182
+ done: e
183
+ }), (t = t.next) ? resume(t.key, t.arg) : n = null;
197
184
  }
198
- this._invoke = function (e, n) {
185
+ this._invoke = function (e, r) {
199
186
  return new Promise(function (o, u) {
200
187
  var i = {
201
188
  key: e,
202
- arg: n,
189
+ arg: r,
203
190
  resolve: o,
204
191
  reject: u,
205
192
  next: null
206
193
  };
207
- t ? t = t.next = i : (r = t = i, resume(e, n));
194
+ n ? n = n.next = i : (t = n = i, resume(e, r));
208
195
  });
209
196
  }, "function" != typeof e.return && (this.return = void 0);
210
197
  }
@@ -12548,6 +12535,18 @@ var setToStringTag = esSetTostringtag;
12548
12535
  var hasOwn$1 = hasown;
12549
12536
  var populate = populate$1;
12550
12537
 
12538
+ /**
12539
+ * Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field
12540
+ * name or filename can not break out of its header line to inject headers or
12541
+ * smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding.
12542
+ *
12543
+ * @param {string} str - the parameter value to escape
12544
+ * @returns {string} the escaped value
12545
+ */
12546
+ function escapeHeaderParam(str) {
12547
+ return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22');
12548
+ }
12549
+
12551
12550
  /**
12552
12551
  * Create readable "multipart/form-data" streams.
12553
12552
  * Can be used to submit forms
@@ -12702,7 +12701,7 @@ FormData$2.prototype._multiPartHeader = function (field, value, options) {
12702
12701
  var contents = '';
12703
12702
  var headers = {
12704
12703
  // add custom disposition as third element or keep it two elements if not
12705
- 'Content-Disposition': ['form-data', 'name="' + field + '"'].concat(contentDisposition || []),
12704
+ 'Content-Disposition': ['form-data', 'name="' + escapeHeaderParam(field) + '"'].concat(contentDisposition || []),
12706
12705
  // if no content type. allow it to be empty array
12707
12706
  'Content-Type': [].concat(contentType || [])
12708
12707
  };
@@ -12753,7 +12752,7 @@ FormData$2.prototype._getContentDisposition = function (value, options) {
12753
12752
  filename = path$1.basename(value.client._httpMessage.path || '');
12754
12753
  }
12755
12754
  if (filename) {
12756
- return 'filename="' + filename + '"';
12755
+ return 'filename="' + escapeHeaderParam(filename) + '"';
12757
12756
  }
12758
12757
  };
12759
12758
  FormData$2.prototype._getContentType = function (value, options) {
@@ -15539,7 +15538,10 @@ function merge$1(...objs) {
15539
15538
  if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
15540
15539
  return;
15541
15540
  }
15542
- const targetKey = caseless && findKey(result, key) || key;
15541
+
15542
+ // findKey lowercases the key, so caseless lookup only applies to strings —
15543
+ // symbol keys are identity-matched.
15544
+ const targetKey = caseless && typeof key === 'string' && findKey(result, key) || key;
15543
15545
  // Read via own-prop only — a bare `result[targetKey]` walks the prototype
15544
15546
  // chain, so a polluted Object.prototype value could surface here and get
15545
15547
  // copied into the merged result.
@@ -15555,7 +15557,21 @@ function merge$1(...objs) {
15555
15557
  }
15556
15558
  };
15557
15559
  for (let i = 0, l = objs.length; i < l; i++) {
15558
- objs[i] && forEach(objs[i], assignValue);
15560
+ const source = objs[i];
15561
+ if (!source || isBuffer$1(source)) {
15562
+ continue;
15563
+ }
15564
+ forEach(source, assignValue);
15565
+ if (typeof source !== 'object' || isArray$7(source)) {
15566
+ continue;
15567
+ }
15568
+ const symbols = Object.getOwnPropertySymbols(source);
15569
+ for (let j = 0; j < symbols.length; j++) {
15570
+ const symbol = symbols[j];
15571
+ if (propertyIsEnumerable$1.call(source, symbol)) {
15572
+ assignValue(source[symbol], symbol);
15573
+ }
15574
+ }
15559
15575
  }
15560
15576
  return result;
15561
15577
  }
@@ -15772,6 +15788,9 @@ const toCamelCase = str => {
15772
15788
  const hasOwnProperty$3 = (({
15773
15789
  hasOwnProperty
15774
15790
  }) => (obj, prop) => hasOwnProperty.call(obj, prop))(Object.prototype);
15791
+ const {
15792
+ propertyIsEnumerable: propertyIsEnumerable$1
15793
+ } = Object.prototype;
15775
15794
 
15776
15795
  /**
15777
15796
  * Determine if a value is a RegExp object
@@ -16154,7 +16173,7 @@ class AxiosHeaders {
16154
16173
  function setHeader(_value, _header, _rewrite) {
16155
16174
  const lHeader = normalizeHeader(_header);
16156
16175
  if (!lHeader) {
16157
- throw new Error('header name must be a non-empty string');
16176
+ return;
16158
16177
  }
16159
16178
  const key = utils$1$1.findKey(self, lHeader);
16160
16179
  if (!key || self[key] === undefined || _rewrite === true || _rewrite === undefined && self[key] !== false) {
@@ -16172,7 +16191,7 @@ class AxiosHeaders {
16172
16191
  key;
16173
16192
  for (const entry of header) {
16174
16193
  if (!utils$1$1.isArray(entry)) {
16175
- throw TypeError('Object iterator must return a key-value pair');
16194
+ throw new TypeError('Object iterator must return a key-value pair');
16176
16195
  }
16177
16196
  obj[key = entry[0]] = (dest = obj[key]) ? utils$1$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]] : entry[1];
16178
16197
  }
@@ -16649,7 +16668,7 @@ function toFormData(obj, formData, options) {
16649
16668
  throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
16650
16669
  }
16651
16670
  if (stack.indexOf(value) !== -1) {
16652
- throw Error('Circular reference detected in ' + path.join('.'));
16671
+ throw new Error('Circular reference detected in ' + path.join('.'));
16653
16672
  }
16654
16673
  stack.push(value);
16655
16674
  utils$1$1.forEach(value, function each(el, key) {
@@ -16829,7 +16848,8 @@ var transitionalDefaults = {
16829
16848
  silentJSONParsing: true,
16830
16849
  forcedJSONParsing: true,
16831
16850
  clarifyTimeoutError: false,
16832
- legacyInterceptorReqResOrdering: true
16851
+ legacyInterceptorReqResOrdering: true,
16852
+ advertiseZstdAcceptEncoding: false
16833
16853
  };
16834
16854
  var URLSearchParams$1 = url.URLSearchParams;
16835
16855
  const ALPHA = 'abcdefghijklmnopqrstuvwxyz';
@@ -17315,7 +17335,7 @@ function shouldProxy(hostname, port) {
17315
17335
  function getEnv(key) {
17316
17336
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || '';
17317
17337
  }
17318
- const VERSION = "1.16.1";
17338
+ const VERSION = "1.17.0";
17319
17339
  function parseProtocol(url) {
17320
17340
  const match = /^([-+\w]{1,25}):(?:\/\/)?/.exec(url);
17321
17341
  return match && match[1] || '';
@@ -17558,10 +17578,10 @@ const formDataToStream = (form, headersHandler, options) => {
17558
17578
  boundary = tag + '-' + platform.generateString(size, BOUNDARY_ALPHABET)
17559
17579
  } = options || {};
17560
17580
  if (!utils$1$1.isFormData(form)) {
17561
- throw TypeError('FormData instance required');
17581
+ throw new TypeError('FormData instance required');
17562
17582
  }
17563
17583
  if (boundary.length < 1 || boundary.length > 70) {
17564
- throw Error('boundary must be 1-70 characters long');
17584
+ throw new Error('boundary must be 1-70 characters long');
17565
17585
  }
17566
17586
  const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);
17567
17587
  const footerBytes = textEncoder.encode('--' + boundary + '--' + CRLF);
@@ -17609,6 +17629,83 @@ class ZlibHeaderTransformStream extends stream.Transform {
17609
17629
  this.__transform(chunk, encoding, callback);
17610
17630
  }
17611
17631
  }
17632
+ class Http2Sessions {
17633
+ constructor() {
17634
+ this.sessions = Object.create(null);
17635
+ }
17636
+ getSession(authority, options) {
17637
+ options = Object.assign({
17638
+ sessionTimeout: 1000
17639
+ }, options);
17640
+ let authoritySessions = this.sessions[authority];
17641
+ if (authoritySessions) {
17642
+ let len = authoritySessions.length;
17643
+ for (let i = 0; i < len; i++) {
17644
+ const [sessionHandle, sessionOptions] = authoritySessions[i];
17645
+ if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
17646
+ return sessionHandle;
17647
+ }
17648
+ }
17649
+ }
17650
+ const session = http2.connect(authority, options);
17651
+ let removed;
17652
+ let timer;
17653
+ const removeSession = () => {
17654
+ if (removed) {
17655
+ return;
17656
+ }
17657
+ removed = true;
17658
+ if (timer) {
17659
+ clearTimeout(timer);
17660
+ timer = null;
17661
+ }
17662
+ let entries = authoritySessions,
17663
+ len = entries.length,
17664
+ i = len;
17665
+ while (i--) {
17666
+ if (entries[i][0] === session) {
17667
+ if (len === 1) {
17668
+ delete this.sessions[authority];
17669
+ } else {
17670
+ entries.splice(i, 1);
17671
+ }
17672
+ if (!session.closed) {
17673
+ session.close();
17674
+ }
17675
+ return;
17676
+ }
17677
+ }
17678
+ };
17679
+ const originalRequestFn = session.request;
17680
+ const {
17681
+ sessionTimeout
17682
+ } = options;
17683
+ if (sessionTimeout != null) {
17684
+ let streamsCount = 0;
17685
+ session.request = function () {
17686
+ const stream = originalRequestFn.apply(this, arguments);
17687
+ streamsCount++;
17688
+ if (timer) {
17689
+ clearTimeout(timer);
17690
+ timer = null;
17691
+ }
17692
+ stream.once('close', () => {
17693
+ if (! --streamsCount) {
17694
+ timer = setTimeout(() => {
17695
+ timer = null;
17696
+ removeSession();
17697
+ }, sessionTimeout);
17698
+ }
17699
+ });
17700
+ return stream;
17701
+ };
17702
+ }
17703
+ session.once('close', removeSession);
17704
+ let entry = [session, options];
17705
+ authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
17706
+ return session;
17707
+ }
17708
+ }
17612
17709
  const callbackify = (fn, reducer) => {
17613
17710
  return utils$1$1.isAsyncFn(fn) ? function (...args) {
17614
17711
  const cb = args.pop();
@@ -17971,7 +18068,14 @@ const brotliOptions = {
17971
18068
  flush: zlib.constants.BROTLI_OPERATION_FLUSH,
17972
18069
  finishFlush: zlib.constants.BROTLI_OPERATION_FLUSH
17973
18070
  };
18071
+ const zstdOptions = {
18072
+ flush: zlib.constants.ZSTD_e_flush,
18073
+ finishFlush: zlib.constants.ZSTD_e_flush
18074
+ };
17974
18075
  const isBrotliSupported = utils$1$1.isFunction(zlib.createBrotliDecompress);
18076
+ const isZstdSupported = utils$1$1.isFunction(zlib.createZstdDecompress);
18077
+ const ACCEPT_ENCODING = 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : '');
18078
+ const ACCEPT_ENCODING_WITH_ZSTD = ACCEPT_ENCODING + (isZstdSupported ? ', zstd' : '');
17975
18079
  const {
17976
18080
  http: httpFollow,
17977
18081
  https: httpsFollow
@@ -18016,6 +18120,14 @@ function getTunnelingAgent(agentOptions, userHttpsAgent) {
18016
18120
  // performed after CONNECT. Our proxy fields take precedence on conflict.
18017
18121
  const merged = userHttpsAgent && userHttpsAgent.options ? _objectSpread2(_objectSpread2({}, userHttpsAgent.options), agentOptions) : agentOptions;
18018
18122
  agent = new HttpsProxyAgent(merged);
18123
+ if (userHttpsAgent && userHttpsAgent.options) {
18124
+ const originTLSOptions = _objectSpread2({}, userHttpsAgent.options);
18125
+ const callback = agent.callback;
18126
+ agent.callback = function axiosTunnelingAgentCallback(req, opts) {
18127
+ // HttpsProxyAgent v5 reads callback opts for the post-CONNECT origin TLS upgrade.
18128
+ return callback.call(this, req, _objectSpread2(_objectSpread2({}, originTLSOptions), opts));
18129
+ };
18130
+ }
18019
18131
  agent[kAxiosInstalledTunnel] = true;
18020
18132
  cache.set(key, agent);
18021
18133
  return agent;
@@ -18028,7 +18140,7 @@ const supportedProtocols = platform.protocols.map(protocol => {
18028
18140
  // Decode before composing the `auth` option so credentials such as
18029
18141
  // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
18030
18142
  // original value for malformed input so a bad encoding never throws.
18031
- const decodeURIComponentSafe = value => {
18143
+ const decodeURIComponentSafe$1 = value => {
18032
18144
  if (!utils$1$1.isString(value)) {
18033
18145
  return value;
18034
18146
  }
@@ -18042,84 +18154,11 @@ const flushOnFinish = (stream, [throttled, flush]) => {
18042
18154
  stream.on('end', flush).on('error', flush);
18043
18155
  return throttled;
18044
18156
  };
18045
- class Http2Sessions {
18046
- constructor() {
18047
- this.sessions = Object.create(null);
18048
- }
18049
- getSession(authority, options) {
18050
- options = Object.assign({
18051
- sessionTimeout: 1000
18052
- }, options);
18053
- let authoritySessions = this.sessions[authority];
18054
- if (authoritySessions) {
18055
- let len = authoritySessions.length;
18056
- for (let i = 0; i < len; i++) {
18057
- const [sessionHandle, sessionOptions] = authoritySessions[i];
18058
- if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
18059
- return sessionHandle;
18060
- }
18061
- }
18062
- }
18063
- const session = http2.connect(authority, options);
18064
- let removed;
18065
- const removeSession = () => {
18066
- if (removed) {
18067
- return;
18068
- }
18069
- removed = true;
18070
- let entries = authoritySessions,
18071
- len = entries.length,
18072
- i = len;
18073
- while (i--) {
18074
- if (entries[i][0] === session) {
18075
- if (len === 1) {
18076
- delete this.sessions[authority];
18077
- } else {
18078
- entries.splice(i, 1);
18079
- }
18080
- if (!session.closed) {
18081
- session.close();
18082
- }
18083
- return;
18084
- }
18085
- }
18086
- };
18087
- const originalRequestFn = session.request;
18088
- const {
18089
- sessionTimeout
18090
- } = options;
18091
- if (sessionTimeout != null) {
18092
- let timer;
18093
- let streamsCount = 0;
18094
- session.request = function () {
18095
- const stream = originalRequestFn.apply(this, arguments);
18096
- streamsCount++;
18097
- if (timer) {
18098
- clearTimeout(timer);
18099
- timer = null;
18100
- }
18101
- stream.once('close', () => {
18102
- if (! --streamsCount) {
18103
- timer = setTimeout(() => {
18104
- timer = null;
18105
- removeSession();
18106
- }, sessionTimeout);
18107
- }
18108
- });
18109
- return stream;
18110
- };
18111
- }
18112
- session.once('close', removeSession);
18113
- let entry = [session, options];
18114
- authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
18115
- return session;
18116
- }
18117
- }
18118
18157
  const http2Sessions = new Http2Sessions();
18119
18158
 
18120
18159
  /**
18121
- * If the proxy or config beforeRedirects functions are defined, call them with the options
18122
- * object.
18160
+ * If the proxy, auth, or config beforeRedirects functions are defined, call them
18161
+ * with the options object.
18123
18162
  *
18124
18163
  * @param {Object<string, any>} options - The options object that was passed to the request.
18125
18164
  *
@@ -18129,6 +18168,9 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
18129
18168
  if (options.beforeRedirects.proxy) {
18130
18169
  options.beforeRedirects.proxy(options);
18131
18170
  }
18171
+ if (options.beforeRedirects.auth) {
18172
+ options.beforeRedirects.auth(options);
18173
+ }
18132
18174
  if (options.beforeRedirects.config) {
18133
18175
  options.beforeRedirects.config(options, responseDetails, requestDetails);
18134
18176
  }
@@ -18364,6 +18406,7 @@ const http2Transport = {
18364
18406
  var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18365
18407
  return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
18366
18408
  const own = key => utils$1$1.hasOwnProp(config, key) ? config[key] : undefined;
18409
+ const transitional = own('transitional') || transitionalDefaults;
18367
18410
  let data = own('data');
18368
18411
  let lookup = own('lookup');
18369
18412
  let family = own('family');
@@ -18403,7 +18446,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18403
18446
  try {
18404
18447
  abortEmitter.emit('abort', !reason || reason.type ? new CanceledError(null, config, req) : reason);
18405
18448
  } catch (err) {
18406
- console.warn('emit error', err);
18449
+ // ignore emit errors
18407
18450
  }
18408
18451
  }
18409
18452
  function clearConnectPhaseTimer() {
@@ -18414,7 +18457,6 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18414
18457
  }
18415
18458
  function createTimeoutError() {
18416
18459
  let timeoutErrorMessage = config.timeout ? 'timeout of ' + config.timeout + 'ms exceeded' : 'timeout exceeded';
18417
- const transitional = config.transitional || transitionalDefaults;
18418
18460
  if (config.timeoutErrorMessage) {
18419
18461
  timeoutErrorMessage = config.timeoutErrorMessage;
18420
18462
  }
@@ -18587,9 +18629,9 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18587
18629
  const password = configAuth.password || '';
18588
18630
  auth = username + ':' + password;
18589
18631
  }
18590
- if (!auth && parsed.username) {
18591
- const urlUsername = decodeURIComponentSafe(parsed.username);
18592
- const urlPassword = decodeURIComponentSafe(parsed.password);
18632
+ if (!auth && (parsed.username || parsed.password)) {
18633
+ const urlUsername = decodeURIComponentSafe$1(parsed.username);
18634
+ const urlPassword = decodeURIComponentSafe$1(parsed.password);
18593
18635
  auth = urlUsername + ':' + urlPassword;
18594
18636
  }
18595
18637
  auth && headers.delete('authorization');
@@ -18603,7 +18645,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18603
18645
  customErr.exists = true;
18604
18646
  return reject(customErr);
18605
18647
  }
18606
- headers.set('Accept-Encoding', 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : ''), false);
18648
+ headers.set('Accept-Encoding', utils$1$1.hasOwnProp(transitional, 'advertiseZstdAcceptEncoding') && transitional.advertiseZstdAcceptEncoding === true ? ACCEPT_ENCODING_WITH_ZSTD : ACCEPT_ENCODING, false);
18607
18649
 
18608
18650
  // Null-prototype to block prototype pollution gadgets on properties read
18609
18651
  // directly by Node's http.request (e.g. insecureHTTPParser, lookup).
@@ -18625,19 +18667,21 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18625
18667
 
18626
18668
  // cacheable-lookup integration hotfix
18627
18669
  !utils$1$1.isUndefined(lookup) && (options.lookup = lookup);
18628
- if (config.socketPath) {
18629
- if (typeof config.socketPath !== 'string') {
18670
+ const socketPath = own('socketPath');
18671
+ if (socketPath) {
18672
+ if (typeof socketPath !== 'string') {
18630
18673
  return reject(new AxiosError('socketPath must be a string', AxiosError.ERR_BAD_OPTION_VALUE, config));
18631
18674
  }
18632
- if (config.allowedSocketPaths != null) {
18633
- const allowed = Array.isArray(config.allowedSocketPaths) ? config.allowedSocketPaths : [config.allowedSocketPaths];
18634
- const resolvedSocket = path.resolve(config.socketPath);
18675
+ const allowedSocketPaths = own('allowedSocketPaths');
18676
+ if (allowedSocketPaths != null) {
18677
+ const allowed = Array.isArray(allowedSocketPaths) ? allowedSocketPaths : [allowedSocketPaths];
18678
+ const resolvedSocket = path.resolve(socketPath);
18635
18679
  const isAllowed = allowed.some(entry => typeof entry === 'string' && path.resolve(entry) === resolvedSocket);
18636
18680
  if (!isAllowed) {
18637
- return reject(new AxiosError(`socketPath "${config.socketPath}" is not permitted by allowedSocketPaths`, AxiosError.ERR_BAD_OPTION_VALUE, config));
18681
+ return reject(new AxiosError(`socketPath "${socketPath}" is not permitted by allowedSocketPaths`, AxiosError.ERR_BAD_OPTION_VALUE, config));
18638
18682
  }
18639
18683
  }
18640
- options.socketPath = config.socketPath;
18684
+ options.socketPath = socketPath;
18641
18685
  } else {
18642
18686
  options.hostname = parsed.hostname.startsWith('[') ? parsed.hostname.slice(1, -1) : parsed.hostname;
18643
18687
  options.port = parsed.port;
@@ -18668,6 +18712,23 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18668
18712
  if (configBeforeRedirect) {
18669
18713
  options.beforeRedirects.config = configBeforeRedirect;
18670
18714
  }
18715
+ if (auth) {
18716
+ // Restore HTTP Basic credentials on same-origin redirects only.
18717
+ // follow-redirects >= 1.15.8 strips Authorization on every redirect (see #6929);
18718
+ // cross-origin stripping is the documented mitigation for T-R2 in THREATMODEL.md
18719
+ // and is preserved by deliberately not restoring on origin change.
18720
+ const requestOrigin = parsed.origin;
18721
+ const authToRestore = auth;
18722
+ options.beforeRedirects.auth = function beforeRedirectAuth(redirectOptions) {
18723
+ try {
18724
+ if (new URL(redirectOptions.href).origin === requestOrigin) {
18725
+ redirectOptions.auth = authToRestore;
18726
+ }
18727
+ } catch (e) {
18728
+ // ignore malformed URL: leaving auth stripped is fail-safe
18729
+ }
18730
+ };
18731
+ }
18671
18732
  transport = isHttpsRequest ? httpsFollow : httpFollow;
18672
18733
  }
18673
18734
  }
@@ -18736,6 +18797,13 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18736
18797
  streams.push(zlib.createBrotliDecompress(brotliOptions));
18737
18798
  delete res.headers['content-encoding'];
18738
18799
  }
18800
+ break;
18801
+ case 'zstd':
18802
+ if (isZstdSupported) {
18803
+ streams.push(zlib.createZstdDecompress(zstdOptions));
18804
+ delete res.headers['content-encoding'];
18805
+ }
18806
+ break;
18739
18807
  }
18740
18808
  }
18741
18809
  responseStream = streams.length > 1 ? stream.pipeline(streams, utils$1$1.noop) : streams[0];
@@ -19165,8 +19233,8 @@ function setFormDataHeaders(headers, formHeaders, policy) {
19165
19233
  *
19166
19234
  * @returns {string} UTF-8 bytes as a Latin-1 string
19167
19235
  */
19168
- const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19169
- var resolveConfig = config => {
19236
+ const encodeUTF8$1 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19237
+ function resolveConfig(config) {
19170
19238
  const newConfig = mergeConfig({}, config);
19171
19239
 
19172
19240
  // Read only own properties to prevent prototype pollution gadgets
@@ -19182,15 +19250,15 @@ var resolveConfig = config => {
19182
19250
  const allowAbsoluteUrls = own('allowAbsoluteUrls');
19183
19251
  const url = own('url');
19184
19252
  newConfig.headers = headers = AxiosHeaders.from(headers);
19185
- newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls), config.params, config.paramsSerializer);
19253
+ newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls), own('params'), own('paramsSerializer'));
19186
19254
 
19187
19255
  // HTTP basic authentication
19188
19256
  if (auth) {
19189
- headers.set('Authorization', 'Basic ' + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : '')));
19257
+ headers.set('Authorization', 'Basic ' + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8$1(auth.password) : '')));
19190
19258
  }
19191
19259
  if (utils$1$1.isFormData(data)) {
19192
- if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
19193
- headers.setContentType(undefined); // browser handles it
19260
+ if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1$1.isReactNative(data)) {
19261
+ headers.setContentType(undefined); // browser/web worker/RN handles it
19194
19262
  } else if (utils$1$1.isFunction(data.getHeaders)) {
19195
19263
  // Node.js FormData (like form-data package)
19196
19264
  setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -19218,7 +19286,7 @@ var resolveConfig = config => {
19218
19286
  }
19219
19287
  }
19220
19288
  return newConfig;
19221
- };
19289
+ }
19222
19290
  const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
19223
19291
  var xhrAdapter = isXHRAdapterSupported && function (config) {
19224
19292
  return new Promise(function dispatchXhrRequest(resolve, reject) {
@@ -19546,6 +19614,31 @@ const DEFAULT_CHUNK_SIZE = 64 * 1024;
19546
19614
  const {
19547
19615
  isFunction
19548
19616
  } = utils$1$1;
19617
+
19618
+ /**
19619
+ * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
19620
+ * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
19621
+ *
19622
+ * @param {string} str The string to encode
19623
+ *
19624
+ * @returns {string} UTF-8 bytes as a Latin-1 string
19625
+ */
19626
+ const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19627
+
19628
+ // Node's WHATWG URL parser returns `username` and `password` percent-encoded.
19629
+ // Decode before composing the `auth` option so credentials such as
19630
+ // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
19631
+ // original value for malformed input so a bad encoding never throws.
19632
+ const decodeURIComponentSafe = value => {
19633
+ if (!utils$1$1.isString(value)) {
19634
+ return value;
19635
+ }
19636
+ try {
19637
+ return decodeURIComponent(value);
19638
+ } catch (error) {
19639
+ return value;
19640
+ }
19641
+ };
19549
19642
  const test = (fn, ...args) => {
19550
19643
  try {
19551
19644
  return !!fn(...args);
@@ -19553,6 +19646,14 @@ const test = (fn, ...args) => {
19553
19646
  return false;
19554
19647
  }
19555
19648
  };
19649
+ const maybeWithAuthCredentials = url => {
19650
+ const protocolIndex = url.indexOf('://');
19651
+ let urlToCheck = url;
19652
+ if (protocolIndex !== -1) {
19653
+ urlToCheck = urlToCheck.slice(protocolIndex + 3);
19654
+ }
19655
+ return urlToCheck.includes('@') || urlToCheck.includes(':');
19656
+ };
19556
19657
  const factory = env => {
19557
19658
  const globalObject = utils$1$1.global !== undefined && utils$1$1.global !== null ? utils$1$1.global : globalThis;
19558
19659
  const {
@@ -19656,6 +19757,7 @@ const factory = env => {
19656
19757
  } = resolveConfig(config);
19657
19758
  const hasMaxContentLength = utils$1$1.isNumber(maxContentLength) && maxContentLength > -1;
19658
19759
  const hasMaxBodyLength = utils$1$1.isNumber(maxBodyLength) && maxBodyLength > -1;
19760
+ const own = key => utils$1$1.hasOwnProp(config, key) ? config[key] : undefined;
19659
19761
  let _fetch = envFetch || fetch;
19660
19762
  responseType = responseType ? (responseType + '').toLowerCase() : 'text';
19661
19763
  let composedSignal = composeSignals([signal, cancelToken && cancelToken.toAbortSignal()], timeout);
@@ -19665,6 +19767,38 @@ const factory = env => {
19665
19767
  });
19666
19768
  let requestContentLength;
19667
19769
  try {
19770
+ // HTTP basic authentication
19771
+ let auth = undefined;
19772
+ const configAuth = own('auth');
19773
+ if (configAuth) {
19774
+ const username = configAuth.username || '';
19775
+ const password = configAuth.password || '';
19776
+ auth = {
19777
+ username,
19778
+ password
19779
+ };
19780
+ }
19781
+ if (maybeWithAuthCredentials(url)) {
19782
+ const parsedURL = new URL(url, platform.origin);
19783
+ if (!auth && (parsedURL.username || parsedURL.password)) {
19784
+ const urlUsername = decodeURIComponentSafe(parsedURL.username);
19785
+ const urlPassword = decodeURIComponentSafe(parsedURL.password);
19786
+ auth = {
19787
+ username: urlUsername,
19788
+ password: urlPassword
19789
+ };
19790
+ }
19791
+ if (parsedURL.username || parsedURL.password) {
19792
+ parsedURL.username = '';
19793
+ parsedURL.password = '';
19794
+ url = parsedURL.href;
19795
+ }
19796
+ }
19797
+ if (auth) {
19798
+ headers.delete('authorization');
19799
+ headers.set('Authorization', 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || ''))));
19800
+ }
19801
+
19668
19802
  // Enforce maxContentLength for data: URLs up-front so we never materialize
19669
19803
  // an oversized payload. The HTTP adapter applies the same check (see http.js
19670
19804
  // "if (protocol === 'data:')" branch).
@@ -20178,7 +20312,8 @@ class Axios {
20178
20312
  silentJSONParsing: validators.transitional(validators.boolean),
20179
20313
  forcedJSONParsing: validators.transitional(validators.boolean),
20180
20314
  clarifyTimeoutError: validators.transitional(validators.boolean),
20181
- legacyInterceptorReqResOrdering: validators.transitional(validators.boolean)
20315
+ legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
20316
+ advertiseZstdAcceptEncoding: validators.transitional(validators.boolean)
20182
20317
  }, false);
20183
20318
  }
20184
20319
  if (paramsSerializer != null) {
@@ -23998,54 +24133,72 @@ const $ = (t, n, o, e, r) => {
23998
24133
  return e;
23999
24134
  };
24000
24135
 
24001
- var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) {
24002
- return typeof obj;
24003
- } : function (obj) {
24004
- return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
24005
- };
24006
- var _slicedToArray = function () {
24007
- function sliceIterator(arr, i) {
24008
- var _arr = [];
24009
- var _n = true;
24010
- var _d = false;
24011
- var _e = undefined;
24136
+ function _toConsumableArray(r) {
24137
+ return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread();
24138
+ }
24139
+ function _nonIterableSpread() {
24140
+ throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
24141
+ }
24142
+ function _iterableToArray(r) {
24143
+ if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r);
24144
+ }
24145
+ function _arrayWithoutHoles(r) {
24146
+ if (Array.isArray(r)) return _arrayLikeToArray(r);
24147
+ }
24148
+ function _typeof(o) {
24149
+ "@babel/helpers - typeof";
24150
+
24151
+ return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) {
24152
+ return typeof o;
24153
+ } : function (o) {
24154
+ return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o;
24155
+ }, _typeof(o);
24156
+ }
24157
+ function _slicedToArray(r, e) {
24158
+ return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest();
24159
+ }
24160
+ function _nonIterableRest() {
24161
+ throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
24162
+ }
24163
+ function _unsupportedIterableToArray(r, a) {
24164
+ if (r) {
24165
+ if ("string" == typeof r) return _arrayLikeToArray(r, a);
24166
+ var t = {}.toString.call(r).slice(8, -1);
24167
+ return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0;
24168
+ }
24169
+ }
24170
+ function _arrayLikeToArray(r, a) {
24171
+ (null == a || a > r.length) && (a = r.length);
24172
+ for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e];
24173
+ return n;
24174
+ }
24175
+ function _iterableToArrayLimit(r, l) {
24176
+ var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"];
24177
+ if (null != t) {
24178
+ var e,
24179
+ n,
24180
+ i,
24181
+ u,
24182
+ a = [],
24183
+ f = true,
24184
+ o = false;
24012
24185
  try {
24013
- for (var _i = arr[Symbol.iterator](), _s; !(_n = (_s = _i.next()).done); _n = true) {
24014
- _arr.push(_s.value);
24015
- if (i && _arr.length === i) break;
24016
- }
24017
- } catch (err) {
24018
- _d = true;
24019
- _e = err;
24186
+ if (i = (t = t.call(r)).next, 0 === l) ; else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0);
24187
+ } catch (r) {
24188
+ o = true, n = r;
24020
24189
  } finally {
24021
24190
  try {
24022
- if (!_n && _i["return"]) _i["return"]();
24191
+ if (!f && null != t.return && (u = t.return(), Object(u) !== u)) return;
24023
24192
  } finally {
24024
- if (_d) throw _e;
24193
+ if (o) throw n;
24025
24194
  }
24026
24195
  }
24027
- return _arr;
24028
- }
24029
- return function (arr, i) {
24030
- if (Array.isArray(arr)) {
24031
- return arr;
24032
- } else if (Symbol.iterator in Object(arr)) {
24033
- return sliceIterator(arr, i);
24034
- } else {
24035
- throw new TypeError("Invalid attempt to destructure non-iterable instance");
24036
- }
24037
- };
24038
- }();
24039
- function _toConsumableArray(arr) {
24040
- if (Array.isArray(arr)) {
24041
- for (var i = 0, arr2 = Array(arr.length); i < arr.length; i++) {
24042
- arr2[i] = arr[i];
24043
- }
24044
- return arr2;
24045
- } else {
24046
- return Array.from(arr);
24196
+ return a;
24047
24197
  }
24048
24198
  }
24199
+ function _arrayWithHoles(r) {
24200
+ if (Array.isArray(r)) return r;
24201
+ }
24049
24202
  var UNRESOLVED_LINK = {}; // unique object to avoid polyfill bloat using Symbol()
24050
24203
 
24051
24204
  /**
@@ -24079,9 +24232,9 @@ var isResourceLink = function isResourceLink(object) {
24079
24232
  */
24080
24233
  var makeEntityMapKeys = function makeEntityMapKeys(sys) {
24081
24234
  if (sys.space && sys.environment) {
24082
- return [sys.type + '!' + sys.id, sys.space.sys.id + '!' + sys.environment.sys.id + '!' + sys.type + '!' + sys.id];
24235
+ return ["".concat(sys.type, "!").concat(sys.id), "".concat(sys.space.sys.id, "!").concat(sys.environment.sys.id, "!").concat(sys.type, "!").concat(sys.id)];
24083
24236
  }
24084
- return [sys.type + '!' + sys.id];
24237
+ return ["".concat(sys.type, "!").concat(sys.id)];
24085
24238
  };
24086
24239
 
24087
24240
  /**
@@ -24101,9 +24254,9 @@ var lookupInEntityMap = function lookupInEntityMap(entityMap, linkData) {
24101
24254
  spaceId = linkData.spaceId,
24102
24255
  environmentId = linkData.environmentId;
24103
24256
  if (spaceId && environmentId) {
24104
- return entityMap.get(spaceId + '!' + environmentId + '!' + linkType + '!' + entryId);
24257
+ return entityMap.get("".concat(spaceId, "!").concat(environmentId, "!").concat(linkType, "!").concat(entryId));
24105
24258
  }
24106
- return entityMap.get(linkType + '!' + entryId);
24259
+ return entityMap.get("".concat(linkType, "!").concat(entryId));
24107
24260
  };
24108
24261
  var getIdsFromUrn = function getIdsFromUrn(urn) {
24109
24262
  var regExp = /.*:spaces\/([^/]+)(?:\/environments\/([^/]+))?\/entries\/([^/]+)$/;
@@ -24112,13 +24265,12 @@ var getIdsFromUrn = function getIdsFromUrn(urn) {
24112
24265
  }
24113
24266
 
24114
24267
  // eslint-disable-next-line no-unused-vars
24115
-
24116
24268
  var _urn$match = urn.match(regExp),
24117
24269
  _urn$match2 = _slicedToArray(_urn$match, 4);
24118
24270
  _urn$match2[0];
24119
24271
  var spaceId = _urn$match2[1],
24120
24272
  _urn$match2$ = _urn$match2[2],
24121
- environmentId = _urn$match2$ === undefined ? 'master' : _urn$match2$,
24273
+ environmentId = _urn$match2$ === void 0 ? 'master' : _urn$match2$,
24122
24274
  entryId = _urn$match2[3];
24123
24275
  return {
24124
24276
  spaceId: spaceId,
@@ -24190,15 +24342,15 @@ var cleanUpLinks = function cleanUpLinks(input) {
24190
24342
  * @param removeUnresolved
24191
24343
  * @return {*}
24192
24344
  */
24193
- var walkMutate = function walkMutate(input, predicate, mutator, removeUnresolved) {
24345
+ var _walkMutate = function walkMutate(input, predicate, mutator, removeUnresolved) {
24194
24346
  if (predicate(input)) {
24195
24347
  return mutator(input);
24196
24348
  }
24197
- if (input && (typeof input === 'undefined' ? 'undefined' : _typeof(input)) === 'object') {
24349
+ if (input && _typeof(input) === 'object') {
24198
24350
  for (var key in input) {
24199
24351
  // eslint-disable-next-line no-prototype-builtins
24200
24352
  if (input.hasOwnProperty(key)) {
24201
- input[key] = walkMutate(input[key], predicate, mutator, removeUnresolved);
24353
+ input[key] = _walkMutate(input[key], predicate, mutator, removeUnresolved);
24202
24354
  }
24203
24355
  }
24204
24356
  if (removeUnresolved) {
@@ -24257,7 +24409,7 @@ var resolveResponse = function resolveResponse(response, options) {
24257
24409
  }, []));
24258
24410
  allEntries.forEach(function (item) {
24259
24411
  var entryObject = makeEntryObject(item, options.itemEntryPoints);
24260
- Object.assign(item, walkMutate(entryObject, function (x) {
24412
+ Object.assign(item, _walkMutate(entryObject, function (x) {
24261
24413
  return isLink(x) || isResourceLink(x);
24262
24414
  }, function (link) {
24263
24415
  return normalizeLink(entityMap, link, options.removeUnresolved);