node-red-contrib-web-worldmap 2.28.3 → 2.30.1

package/node_modules/qs/lib/parse.js

@@ -8,6 +8,7 @@ var isArray = Array.isArray;
 var defaults = {
     allowDots: false,
     allowPrototypes: false,
+    allowSparse: false,
     arrayLimit: 20,
     charset: 'utf-8',
     charsetSentinel: false,
@@ -217,6 +218,7 @@ var normalizeParseOptions = function normalizeParseOptions(opts) {
     return {
         allowDots: typeof opts.allowDots === 'undefined' ? defaults.allowDots : !!opts.allowDots,
         allowPrototypes: typeof opts.allowPrototypes === 'boolean' ? opts.allowPrototypes : defaults.allowPrototypes,
+        allowSparse: typeof opts.allowSparse === 'boolean' ? opts.allowSparse : defaults.allowSparse,
         arrayLimit: typeof opts.arrayLimit === 'number' ? opts.arrayLimit : defaults.arrayLimit,
         charset: charset,
         charsetSentinel: typeof opts.charsetSentinel === 'boolean' ? opts.charsetSentinel : defaults.charsetSentinel,
@@ -253,5 +255,9 @@ module.exports = function (str, opts) {
         obj = utils.merge(obj, newObj, options);
     }
 
+    if (options.allowSparse === true) {
+        return obj;
+    }
+
     return utils.compact(obj);
 };

package/node_modules/qs/lib/stringify.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var getSideChannel = require('side-channel');
 var utils = require('./utils');
 var formats = require('./formats');
 var has = Object.prototype.hasOwnProperty;
@@ -55,6 +56,8 @@ var isNonNullishPrimitive = function isNonNullishPrimitive(v) {
         || typeof v === 'bigint';
 };
 
+var sentinel = {};
+
 var stringify = function stringify(
     object,
     prefix,
@@ -69,9 +72,30 @@ var stringify = function stringify(
     format,
     formatter,
     encodeValuesOnly,
-    charset
+    charset,
+    sideChannel
 ) {
     var obj = object;
+
+    var tmpSc = sideChannel;
+    var step = 0;
+    var findFlag = false;
+    while ((tmpSc = tmpSc.get(sentinel)) !== void undefined && !findFlag) {
+        // Where object last appeared in the ref tree
+        var pos = tmpSc.get(object);
+        step += 1;
+        if (typeof pos !== 'undefined') {
+            if (pos === step) {
+                throw new RangeError('Cyclic object value');
+            } else {
+                findFlag = true; // Break while
+            }
+        }
+        if (typeof tmpSc.get(sentinel) === 'undefined') {
+            step = 0;
+        }
+    }
+
     if (typeof filter === 'function') {
         obj = filter(prefix, obj);
     } else if (obj instanceof Date) {
@@ -138,6 +162,9 @@ var stringify = function stringify(
             ? typeof generateArrayPrefix === 'function' ? generateArrayPrefix(prefix, key) : prefix
             : prefix + (allowDots ? '.' + key : '[' + key + ']');
 
+        sideChannel.set(object, step);
+        var valueSideChannel = getSideChannel();
+        valueSideChannel.set(sentinel, sideChannel);
         pushToArray(values, stringify(
             value,
             keyPrefix,
@@ -152,7 +179,8 @@ var stringify = function stringify(
             format,
             formatter,
             encodeValuesOnly,
-            charset
+            charset,
+            valueSideChannel
         ));
     }
 
@@ -246,6 +274,7 @@ module.exports = function (object, opts) {
         objKeys.sort(options.sort);
     }
 
+    var sideChannel = getSideChannel();
     for (var i = 0; i < objKeys.length; ++i) {
         var key = objKeys[i];
 
@@ -266,7 +295,8 @@ module.exports = function (object, opts) {
             options.format,
             options.formatter,
             options.encodeValuesOnly,
-            options.charset
+            options.charset,
+            sideChannel
         ));
     }
 

package/node_modules/qs/package.json

@@ -1,27 +1,27 @@
 {
-  "_from": "qs@6.9.7",
-  "_id": "qs@6.9.7",
+  "_from": "qs@6.10.3",
+  "_id": "qs@6.10.3",
   "_inBundle": false,
-  "_integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==",
-  "_location": "/node-red-contrib-web-worldmap/qs",
+  "_integrity": "sha512-wr7M2E0OFRfIfJZjKGieI8lBKb7fRCH4Fv5KNPEs7gJ8jadvotdsS08PzOKR7opXhZ/Xkjtt3WF9g38drmyRqQ==",
+  "_location": "/qs",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "qs@6.9.7",
+    "raw": "qs@6.10.3",
     "name": "qs",
     "escapedName": "qs",
-    "rawSpec": "6.9.7",
+    "rawSpec": "6.10.3",
     "saveSpec": null,
-    "fetchSpec": "6.9.7"
+    "fetchSpec": "6.10.3"
   },
   "_requiredBy": [
-    "/node-red-contrib-web-worldmap/body-parser",
-    "/node-red-contrib-web-worldmap/express"
+    "/body-parser",
+    "/express"
   ],
-  "_resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
-  "_shasum": "4610846871485e1e048f44ae3b94033f0e675afe",
-  "_spec": "qs@6.9.7",
+  "_resolved": "https://registry.npmjs.org/qs/-/qs-6.10.3.tgz",
+  "_shasum": "d6cde1b2ffca87b5aa57889816c5f81535e22e8e",
+  "_spec": "qs@6.10.3",
   "_where": "/Users/conway/Projects/worldmap/node_modules/express",
   "bugs": {
     "url": "https://github.com/ljharb/qs/issues"
@@ -34,6 +34,9 @@
       "url": "http://ljharb.codes"
     }
   ],
+  "dependencies": {
+    "side-channel": "^1.0.4"
+  },
   "deprecated": false,
   "description": "A querystring parser that supports nesting and arrays, with a depth limit",
   "devDependencies": {
@@ -95,5 +98,5 @@
     "test": "npm run tests-only",
     "tests-only": "nyc tape 'test/**/*.js'"
   },
-  "version": "6.9.7"
+  "version": "6.10.3"
 }

package/node_modules/qs/test/parse.js

@@ -269,6 +269,15 @@ test('parse()', function (t) {
         st.end();
     });
 
+    t.test('parses sparse arrays', function (st) {
+        /* eslint no-sparse-arrays: 0 */
+        st.deepEqual(qs.parse('a[4]=1&a[1]=2', { allowSparse: true }), { a: [, '2', , , '1'] });
+        st.deepEqual(qs.parse('a[1][b][2][c]=1', { allowSparse: true }), { a: [, { b: [, , { c: '1' }] }] });
+        st.deepEqual(qs.parse('a[1][2][3][c]=1', { allowSparse: true }), { a: [, [, , [, , , { c: '1' }]]] });
+        st.deepEqual(qs.parse('a[1][2][3][c][1]=1', { allowSparse: true }), { a: [, [, , [, , , { c: [, '1'] }]]] });
+        st.end();
+    });
+
     t.test('parses semi-parsed strings', function (st) {
         st.deepEqual(qs.parse({ 'a[b]': 'c' }), { a: { b: 'c' } });
         st.deepEqual(qs.parse({ 'a[b]': 'c', 'a[d]': 'e' }), { a: { b: 'c', d: 'e' } });

package/node_modules/qs/test/stringify.js

@@ -439,7 +439,7 @@ test('stringify()', function (t) {
         st.end();
     });
 
-    t.test('doesn\'t blow up when Buffer global is missing', function (st) {
+    t.test('does not blow up when Buffer global is missing', function (st) {
         var tempBuffer = global.Buffer;
         delete global.Buffer;
         var result = qs.stringify({ a: 'b', c: 'd' });
@@ -448,6 +448,57 @@ test('stringify()', function (t) {
         st.end();
     });
 
+    t.test('does not crash when parsing circular references', function (st) {
+        var a = {};
+        a.b = a;
+
+        st['throws'](
+            function () { qs.stringify({ 'foo[bar]': 'baz', 'foo[baz]': a }); },
+            /RangeError: Cyclic object value/,
+            'cyclic values throw'
+        );
+
+        var circular = {
+            a: 'value'
+        };
+        circular.a = circular;
+        st['throws'](
+            function () { qs.stringify(circular); },
+            /RangeError: Cyclic object value/,
+            'cyclic values throw'
+        );
+
+        var arr = ['a'];
+        st.doesNotThrow(
+            function () { qs.stringify({ x: arr, y: arr }); },
+            'non-cyclic values do not throw'
+        );
+
+        st.end();
+    });
+
+    t.test('non-circular duplicated references can still work', function (st) {
+        var hourOfDay = {
+            'function': 'hour_of_day'
+        };
+
+        var p1 = {
+            'function': 'gte',
+            arguments: [hourOfDay, 0]
+        };
+        var p2 = {
+            'function': 'lte',
+            arguments: [hourOfDay, 23]
+        };
+
+        st.equal(
+            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true }),
+            'filters[$and][0][function]=gte&filters[$and][0][arguments][0][function]=hour_of_day&filters[$and][0][arguments][1]=0&filters[$and][1][function]=lte&filters[$and][1][arguments][0][function]=hour_of_day&filters[$and][1][arguments][1]=23'
+        );
+
+        st.end();
+    });
+
     t.test('selects properties when filter=array', function (st) {
         st.equal(qs.stringify({ a: 'b' }, { filter: ['a'] }), 'a=b');
         st.equal(qs.stringify({ a: 1 }, { filter: [] }), '');
@@ -800,5 +851,15 @@ test('stringify()', function (t) {
         st.end();
     });
 
+    t.test('stringifies sparse arrays', function (st) {
+        /* eslint no-sparse-arrays: 0 */
+        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true }), 'a[1]=2&a[4]=1');
+        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true }), 'a[1][b][2][c]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true }), 'a[1][2][3][c]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true }), 'a[1][2][3][c][1]=1');
+
+        st.end();
+    });
+
     t.end();
 });

package/node_modules/raw-body/HISTORY.md

@@ -1,3 +1,17 @@
+2.5.1 / 2022-02-28
+==================
+
+  * Fix error on early async hooks implementations
+
+2.5.0 / 2022-02-21
+==================
+
+  * Prevent loss of async hooks context
+  * Prevent hanging when stream is not readable
+  * deps: http-errors@2.0.0
+    - deps: depd@2.0.0
+    - deps: statuses@2.0.1
+
 2.4.3 / 2022-02-14
 ==================
 

package/node_modules/raw-body/LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 Copyright (c) 2013-2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/node_modules/raw-body/README.md

@@ -111,6 +111,10 @@ This error will occur when the given stream has an encoding set on it, making it
 a decoded stream. The stream should not have an encoding set and is expected to
 emit `Buffer` objects.
 
+#### stream.not.readable
+
+This error will occur when the given stream is not readable.
+
 ## Examples
 
 ### Simple Express example

package/node_modules/raw-body/SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `raw-body` team and community take all security bugs seriously. Thank you
+for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owners of `raw-body`. This information
+can be found in the npm registry using the command `npm owner ls raw-body`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/stream-utils/raw-body/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.

package/node_modules/raw-body/index.js

@@ -1,7 +1,7 @@
 /*!
  * raw-body
  * Copyright(c) 2013-2014 Jonathan Ong
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
  * MIT Licensed
  */
 
@@ -12,6 +12,7 @@
  * @private
  */
 
+var asyncHooks = tryRequireAsyncHooks()
 var bytes = require('bytes')
 var createError = require('http-errors')
 var iconv = require('iconv-lite')
@@ -105,7 +106,7 @@ function getRawBody (stream, options, callback) {
 
   if (done) {
     // classic callback style
-    return readStream(stream, encoding, length, limit, done)
+    return readStream(stream, encoding, length, limit, wrap(done))
   }
 
   return new Promise(function executor (resolve, reject) {
@@ -173,6 +174,12 @@ function readStream (stream, encoding, length, limit, callback) {
     }))
   }
 
+  if (typeof stream.readable !== 'undefined' && !stream.readable) {
+    return done(createError(500, 'stream is not readable', {
+      type: 'stream.not.readable'
+    }))
+  }
+
   var received = 0
   var decoder
 
@@ -284,3 +291,39 @@ function readStream (stream, encoding, length, limit, callback) {
     stream.removeListener('close', cleanup)
   }
 }
+
+/**
+ * Try to require async_hooks
+ * @private
+ */
+
+function tryRequireAsyncHooks () {
+  try {
+    return require('async_hooks')
+  } catch (e) {
+    return {}
+  }
+}
+
+/**
+ * Wrap function with async resource, if possible.
+ * AsyncResource.bind static method backported.
+ * @private
+ */
+
+function wrap (fn) {
+  var res
+
+  // create anonymous resource
+  if (asyncHooks.AsyncResource) {
+    res = new asyncHooks.AsyncResource(fn.name || 'bound-anonymous-fn')
+  }
+
+  // incompatible node.js
+  if (!res || !res.runInAsyncScope) {
+    return fn
+  }
+
+  // return bound function
+  return res.runInAsyncScope.bind(res, fn, null)
+}

package/node_modules/raw-body/package.json

@@ -1,26 +1,26 @@
 {
-  "_from": "raw-body@2.4.3",
-  "_id": "raw-body@2.4.3",
+  "_from": "raw-body@2.5.1",
+  "_id": "raw-body@2.5.1",
   "_inBundle": false,
-  "_integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==",
-  "_location": "/node-red-contrib-web-worldmap/raw-body",
+  "_integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+  "_location": "/raw-body",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "raw-body@2.4.3",
+    "raw": "raw-body@2.5.1",
     "name": "raw-body",
     "escapedName": "raw-body",
-    "rawSpec": "2.4.3",
+    "rawSpec": "2.5.1",
     "saveSpec": null,
-    "fetchSpec": "2.4.3"
+    "fetchSpec": "2.5.1"
   },
   "_requiredBy": [
-    "/node-red-contrib-web-worldmap/body-parser"
+    "/body-parser"
   ],
-  "_resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz",
-  "_shasum": "8f80305d11c2a0a545c2d9d89d7a0286fcead43c",
-  "_spec": "raw-body@2.4.3",
+  "_resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+  "_shasum": "fe1b1628b181b700215e5fd42389f98b71392857",
+  "_spec": "raw-body@2.5.1",
   "_where": "/Users/conway/Projects/worldmap/node_modules/body-parser",
   "author": {
     "name": "Jonathan Ong",
@@ -43,7 +43,7 @@
   ],
   "dependencies": {
     "bytes": "3.1.2",
-    "http-errors": "1.8.1",
+    "http-errors": "2.0.0",
     "iconv-lite": "0.4.24",
     "unpipe": "1.0.0"
   },
@@ -58,7 +58,7 @@
     "eslint-plugin-node": "11.1.0",
     "eslint-plugin-promise": "5.2.0",
     "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.0",
+    "mocha": "9.2.1",
     "nyc": "15.1.0",
     "readable-stream": "2.3.7",
     "safe-buffer": "5.2.1"
@@ -70,6 +70,7 @@
     "HISTORY.md",
     "LICENSE",
     "README.md",
+    "SECURITY.md",
     "index.d.ts",
     "index.js"
   ],
@@ -83,8 +84,8 @@
   "scripts": {
     "lint": "eslint .",
     "test": "mocha --trace-deprecation --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
     "test-cov": "nyc --reporter=html --reporter=text npm test"
   },
-  "version": "2.4.3"
+  "version": "2.5.1"
 }

package/node_modules/send/HISTORY.md

@@ -1,3 +1,18 @@
+0.18.0 / 2022-03-23
+===================
+
+  * Fix emitted 416 error missing headers property
+  * Limit the headers removed for 304 response
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: destroy@1.2.0
+  * deps: http-errors@2.0.0
+    - deps: depd@2.0.0
+    - deps: statuses@2.0.1
+  * deps: on-finished@2.4.1
+  * deps: statuses@2.0.1
+
 0.17.2 / 2021-12-11
 ===================
 

package/node_modules/send/LICENSE

@@ -1,7 +1,7 @@
 (The MIT License)
 
 Copyright (c) 2012 TJ Holowaychuk
-Copyright (c) 2014-2016 Douglas Christopher Wilson
+Copyright (c) 2014-2022 Douglas Christopher Wilson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

package/node_modules/send/README.md

@@ -318,8 +318,8 @@ server.listen(3000)
 [appveyor-url]: https://ci.appveyor.com/project/dougwilson/send
 [coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/send/master
 [coveralls-url]: https://coveralls.io/r/pillarjs/send?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=ci
-[github-actions-ci-url]: https://github.com/pillarjs/send/actions?query=workflow%3Aci
+[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=linux
+[github-actions-ci-url]: https://github.com/pillarjs/send/actions/workflows/ci.yml
 [node-image]: https://badgen.net/npm/node/send
 [node-url]: https://nodejs.org/en/download/
 [npm-downloads-image]: https://badgen.net/npm/dm/send

package/node_modules/send/SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `send` team and community take all security bugs seriously. Thank you
+for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `send`. This information
+can be found in the npm registry using the command `npm owner ls send`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/pillarjs/send/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.

package/node_modules/send/index.js

@@ -1,7 +1,7 @@
 /*!
  * send
  * Copyright(c) 2012 TJ Holowaychuk
- * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
  * MIT Licensed
  */
 
@@ -267,13 +267,11 @@ SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
 SendStream.prototype.error = function error (status, err) {
   // emit if listeners instead of responding
   if (hasListeners(this, 'error')) {
-    return this.emit('error', createError(status, err, {
-      expose: false
-    }))
+    return this.emit('error', createHttpError(status, err))
   }
 
   var res = this.res
-  var msg = statuses[status] || String(status)
+  var msg = statuses.message[status] || String(status)
   var doc = createHtmlDocument('Error', escapeHtml(msg))
 
   // clear existing headers
@@ -349,21 +347,19 @@ SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
 }
 
 /**
- * Strip content-* header fields.
+ * Strip various content header fields for a change in entity.
  *
  * @private
  */
 
 SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
   var res = this.res
-  var headers = getHeaderNames(res)
 
-  for (var i = 0; i < headers.length; i++) {
-    var header = headers[i]
-    if (header.substr(0, 8) === 'content-' && header !== 'content-location') {
-      res.removeHeader(header)
-    }
-  }
+  res.removeHeader('Content-Encoding')
+  res.removeHeader('Content-Language')
+  res.removeHeader('Content-Length')
+  res.removeHeader('Content-Range')
+  res.removeHeader('Content-Type')
 }
 
 /**
@@ -787,8 +783,6 @@ SendStream.prototype.sendIndex = function sendIndex (path) {
  */
 
 SendStream.prototype.stream = function stream (path, options) {
-  // TODO: this is all lame, refactor meeee
-  var finished = false
   var self = this
   var res = this.res
 
@@ -797,20 +791,18 @@ SendStream.prototype.stream = function stream (path, options) {
   this.emit('stream', stream)
   stream.pipe(res)
 
-  // response finished, done with the fd
-  onFinished(res, function onfinished () {
-    finished = true
-    destroy(stream)
-  })
+  // cleanup
+  function cleanup () {
+    destroy(stream, true)
+  }
 
-  // error handling code-smell
-  stream.on('error', function onerror (err) {
-    // request already finished
-    if (finished) return
+  // response finished, cleanup
+  onFinished(res, cleanup)
 
-    // clean up stream
-    finished = true
-    destroy(stream)
+  // error handling
+  stream.on('error', function onerror (err) {
+    // clean up stream early
+    cleanup()
 
     // error
     self.onStatError(err)
@@ -974,6 +966,24 @@ function createHtmlDocument (title, body) {
     '</html>\n'
 }
 
+/**
+ * Create a HttpError object from simple arguments.
+ *
+ * @param {number} status
+ * @param {Error|object} err
+ * @private
+ */
+
+function createHttpError (status, err) {
+  if (!err) {
+    return createError(status)
+  }
+
+  return err instanceof Error
+    ? createError(status, err, { expose: false })
+    : createError(status, err)
+}
+
 /**
  * decodeURIComponent.
  *