pnpm 7.9.1 → 7.9.2

package/dist/node_modules/make-fetch-happen/lib/cache/policy.js

@@ -2,19 +2,6 @@ const CacheSemantics = require('http-cache-semantics')
 const Negotiator = require('negotiator')
 const ssri = require('ssri')
 
-// HACK: negotiator lazy loads several of its own modules
-// as a micro optimization. we need to be sure that they're
-// in memory as soon as possible at startup so that we do
-// not try to lazy load them after the directory has been
-// retired during a self update of the npm CLI, we do this
-// by calling all of the methods that trigger a lazy load
-// on a fake instance.
-const preloadNegotiator = new Negotiator({ headers: {} })
-preloadNegotiator.charsets()
-preloadNegotiator.encodings()
-preloadNegotiator.languages()
-preloadNegotiator.mediaTypes()
-
 // options passed to http-cache-semantics constructor
 const policyOptions = {
   shared: false,
@@ -31,6 +18,7 @@ const requestObject = (request) => {
     method: request.method,
     url: request.url,
     headers: {},
+    compress: request.compress,
   }
 
   request.headers.forEach((value, key) => {
@@ -74,16 +62,19 @@ class CachePolicy {
   // static method to quickly determine if a request alone is storable
   static storable (request, options) {
     // no cachePath means no caching
-    if (!options.cachePath)
+    if (!options.cachePath) {
       return false
+    }
 
     // user explicitly asked not to cache
-    if (options.cache === 'no-store')
+    if (options.cache === 'no-store') {
       return false
+    }
 
     // we only cache GET and HEAD requests
-    if (!['GET', 'HEAD'].includes(request.method))
+    if (!['GET', 'HEAD'].includes(request.method)) {
       return false
+    }
 
     // otherwise, let http-cache-semantics make the decision
     // based on the request's headers
@@ -94,23 +85,32 @@ class CachePolicy {
   // returns true if the policy satisfies the request
   satisfies (request) {
     const _req = requestObject(request)
-    if (this.request.headers.host !== _req.headers.host)
+    if (this.request.headers.host !== _req.headers.host) {
+      return false
+    }
+
+    if (this.request.compress !== _req.compress) {
       return false
+    }
 
     const negotiatorA = new Negotiator(this.request)
     const negotiatorB = new Negotiator(_req)
 
-    if (JSON.stringify(negotiatorA.mediaTypes()) !== JSON.stringify(negotiatorB.mediaTypes()))
+    if (JSON.stringify(negotiatorA.mediaTypes()) !== JSON.stringify(negotiatorB.mediaTypes())) {
       return false
+    }
 
-    if (JSON.stringify(negotiatorA.languages()) !== JSON.stringify(negotiatorB.languages()))
+    if (JSON.stringify(negotiatorA.languages()) !== JSON.stringify(negotiatorB.languages())) {
       return false
+    }
 
-    if (JSON.stringify(negotiatorA.encodings()) !== JSON.stringify(negotiatorB.encodings()))
+    if (JSON.stringify(negotiatorA.encodings()) !== JSON.stringify(negotiatorB.encodings())) {
       return false
+    }
 
-    if (this.options.integrity)
+    if (this.options.integrity) {
       return ssri.parse(this.options.integrity).match(this.entry.integrity)
+    }
 
     return true
   }

package/dist/node_modules/make-fetch-happen/lib/dns.js

@@ -0,0 +1,49 @@
+const LRUCache = require('lru-cache')
+const dns = require('dns')
+
+const defaultOptions = exports.defaultOptions = {
+  family: undefined,
+  hints: dns.ADDRCONFIG,
+  all: false,
+  verbatim: undefined,
+}
+
+const lookupCache = exports.lookupCache = new LRUCache({ max: 50 })
+
+// this is a factory so that each request can have its own opts (i.e. ttl)
+// while still sharing the cache across all requests
+exports.getLookup = (dnsOptions) => {
+  return (hostname, options, callback) => {
+    if (typeof options === 'function') {
+      callback = options
+      options = null
+    } else if (typeof options === 'number') {
+      options = { family: options }
+    }
+
+    options = { ...defaultOptions, ...options }
+
+    const key = JSON.stringify({
+      hostname,
+      family: options.family,
+      hints: options.hints,
+      all: options.all,
+      verbatim: options.verbatim,
+    })
+
+    if (lookupCache.has(key)) {
+      const [address, family] = lookupCache.get(key)
+      process.nextTick(callback, null, address, family)
+      return
+    }
+
+    dnsOptions.lookup(hostname, options, (err, address, family) => {
+      if (err) {
+        return callback(err)
+      }
+
+      lookupCache.set(key, [address, family], { ttl: dnsOptions.ttl })
+      return callback(null, address, family)
+    })
+  }
+}

package/dist/node_modules/make-fetch-happen/lib/fetch.js

@@ -13,20 +13,28 @@ const remote = require('./remote.js')
 // in the fetch being rejected if the redirect is
 // possible but invalid for some reason
 const canFollowRedirect = (request, response, options) => {
-  if (!isRedirect(response.status))
+  if (!isRedirect(response.status)) {
     return false
+  }
 
-  if (options.redirect === 'manual')
+  if (options.redirect === 'manual') {
     return false
+  }
 
-  if (options.redirect === 'error')
-    throw new FetchError(`redirect mode is set to error: ${request.url}`, 'no-redirect', { code: 'ENOREDIRECT' })
+  if (options.redirect === 'error') {
+    throw new FetchError(`redirect mode is set to error: ${request.url}`,
+      'no-redirect', { code: 'ENOREDIRECT' })
+  }
 
-  if (!response.headers.has('location'))
-    throw new FetchError(`redirect location header missing for: ${request.url}`, 'no-location', { code: 'EINVALIDREDIRECT' })
+  if (!response.headers.has('location')) {
+    throw new FetchError(`redirect location header missing for: ${request.url}`,
+      'no-location', { code: 'EINVALIDREDIRECT' })
+  }
 
-  if (request.counter >= request.follow)
-    throw new FetchError(`maximum redirect reached at: ${request.url}`, 'max-redirect', { code: 'EMAXREDIRECT' })
+  if (request.counter >= request.follow) {
+    throw new FetchError(`maximum redirect reached at: ${request.url}`,
+      'max-redirect', { code: 'EMAXREDIRECT' })
+  }
 
   return true
 }
@@ -39,26 +47,34 @@ const getRedirect = (request, response, options) => {
   const location = response.headers.get('location')
   const redirectUrl = new url.URL(location, /^https?:/.test(location) ? undefined : request.url)
   // Comment below is used under the following license:
-  // Copyright (c) 2010-2012 Mikeal Rogers
-  // Licensed under the Apache License, Version 2.0 (the "License");
-  // you may not use this file except in compliance with the License.
-  // You may obtain a copy of the License at
-  // http://www.apache.org/licenses/LICENSE-2.0
-  // Unless required by applicable law or agreed to in writing,
-  // software distributed under the License is distributed on an "AS
-  // IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-  // express or implied. See the License for the specific language
-  // governing permissions and limitations under the License.
+  /**
+   * @license
+   * Copyright (c) 2010-2012 Mikeal Rogers
+   * Licensed under the Apache License, Version 2.0 (the "License");
+   * you may not use this file except in compliance with the License.
+   * You may obtain a copy of the License at
+   * http://www.apache.org/licenses/LICENSE-2.0
+   * Unless required by applicable law or agreed to in writing,
+   * software distributed under the License is distributed on an "AS
+   * IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+   * express or implied. See the License for the specific language
+   * governing permissions and limitations under the License.
+   */
 
   // Remove authorization if changing hostnames (but not if just
   // changing ports or protocols).  This matches the behavior of request:
   // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
-  if (new url.URL(request.url).hostname !== redirectUrl.hostname)
+  if (new url.URL(request.url).hostname !== redirectUrl.hostname) {
     request.headers.delete('authorization')
+    request.headers.delete('cookie')
+  }
 
   // for POST request with 301/302 response, or any request with 303 response,
   // use GET when following redirect
-  if (response.status === 303 || (request.method === 'POST' && [301, 302].includes(response.status))) {
+  if (
+    response.status === 303 ||
+    (request.method === 'POST' && [301, 302].includes(response.status))
+  ) {
     _opts.method = 'GET'
     _opts.body = null
     request.headers.delete('content-length')
@@ -87,11 +103,13 @@ const fetch = async (request, options) => {
   // request url
   if (!['GET', 'HEAD'].includes(request.method) &&
       response.status >= 200 &&
-      response.status <= 399)
+      response.status <= 399) {
     await cache.invalidate(request, options)
+  }
 
-  if (!canFollowRedirect(request, response, options))
+  if (!canFollowRedirect(request, response, options)) {
     return response
+  }
 
   const redirect = getRedirect(request, response, options)
   return fetch(redirect.request, redirect.options)

package/dist/node_modules/make-fetch-happen/lib/index.js

@@ -10,7 +10,7 @@ const makeFetchHappen = (url, opts) => {
   return fetch(request, options)
 }
 
-makeFetchHappen.defaults = (defaultUrl, defaultOptions = {}) => {
+makeFetchHappen.defaults = (defaultUrl, defaultOptions = {}, wrappedFetch = makeFetchHappen) => {
   if (typeof defaultUrl === 'object') {
     defaultOptions = defaultUrl
     defaultUrl = null
@@ -26,10 +26,11 @@ makeFetchHappen.defaults = (defaultUrl, defaultOptions = {}) => {
         ...options.headers,
       },
     }
-    return makeFetchHappen(finalUrl, finalOptions)
+    return wrappedFetch(finalUrl, finalOptions)
   }
 
-  defaultedFetch.defaults = makeFetchHappen.defaults
+  defaultedFetch.defaults = (defaultUrl1, defaultOptions1 = {}) =>
+    makeFetchHappen.defaults(defaultUrl1, defaultOptions1, defaultedFetch)
   return defaultedFetch
 }
 

package/dist/node_modules/make-fetch-happen/lib/options.js

@@ -1,3 +1,5 @@
+const dns = require('dns')
+
 const conditionalHeaders = [
   'if-modified-since',
   'if-none-match',
@@ -7,36 +9,42 @@ const conditionalHeaders = [
 ]
 
 const configureOptions = (opts) => {
-  const {strictSSL, ...options} = { ...opts }
+  const { strictSSL, ...options } = { ...opts }
   options.method = options.method ? options.method.toUpperCase() : 'GET'
   options.rejectUnauthorized = strictSSL !== false
 
-  if (!options.retry)
+  if (!options.retry) {
     options.retry = { retries: 0 }
-  else if (typeof options.retry === 'string') {
+  } else if (typeof options.retry === 'string') {
     const retries = parseInt(options.retry, 10)
-    if (isFinite(retries))
+    if (isFinite(retries)) {
       options.retry = { retries }
-    else
+    } else {
       options.retry = { retries: 0 }
-  } else if (typeof options.retry === 'number')
+    }
+  } else if (typeof options.retry === 'number') {
     options.retry = { retries: options.retry }
-  else
+  } else {
     options.retry = { retries: 0, ...options.retry }
+  }
+
+  options.dns = { ttl: 5 * 60 * 1000, lookup: dns.lookup, ...options.dns }
 
   options.cache = options.cache || 'default'
   if (options.cache === 'default') {
     const hasConditionalHeader = Object.keys(options.headers || {}).some((name) => {
       return conditionalHeaders.includes(name.toLowerCase())
     })
-    if (hasConditionalHeader)
+    if (hasConditionalHeader) {
       options.cache = 'no-store'
+    }
   }
 
   // cacheManager is deprecated, but if it's set and
   // cachePath is not we should copy it to the new field
-  if (options.cacheManager && !options.cachePath)
+  if (options.cacheManager && !options.cachePath) {
     options.cachePath = options.cacheManager
+  }
 
   return options
 }

package/dist/node_modules/make-fetch-happen/lib/pipeline.js

@@ -0,0 +1,41 @@
+'use strict'
+
+const MinipassPipeline = require('minipass-pipeline')
+
+class CachingMinipassPipeline extends MinipassPipeline {
+  #events = []
+  #data = new Map()
+
+  constructor (opts, ...streams) {
+    // CRITICAL: do NOT pass the streams to the call to super(), this will start
+    // the flow of data and potentially cause the events we need to catch to emit
+    // before we've finished our own setup. instead we call super() with no args,
+    // finish our setup, and then push the streams into ourselves to start the
+    // data flow
+    super()
+    this.#events = opts.events
+
+    /* istanbul ignore next - coverage disabled because this is pointless to test here */
+    if (streams.length) {
+      this.push(...streams)
+    }
+  }
+
+  on (event, handler) {
+    if (this.#events.includes(event) && this.#data.has(event)) {
+      return handler(...this.#data.get(event))
+    }
+
+    return super.on(event, handler)
+  }
+
+  emit (event, ...data) {
+    if (this.#events.includes(event)) {
+      this.#data.set(event, data)
+    }
+
+    return super.emit(event, ...data)
+  }
+}
+
+module.exports = CachingMinipassPipeline

package/dist/node_modules/make-fetch-happen/lib/remote.js

@@ -1,9 +1,9 @@
 const Minipass = require('minipass')
-const MinipassPipeline = require('minipass-pipeline')
 const fetch = require('minipass-fetch')
 const promiseRetry = require('promise-retry')
 const ssri = require('ssri')
 
+const CachingMinipassPipeline = require('./pipeline.js')
 const getAgent = require('./agent.js')
 const pkg = require('../package.json')
 
@@ -29,11 +29,13 @@ const RETRY_TYPES = [
 // and verifying response integrity
 const remoteFetch = (request, options) => {
   const agent = getAgent(request.url, options)
-  if (!request.headers.has('connection'))
+  if (!request.headers.has('connection')) {
     request.headers.set('connection', agent ? 'keep-alive' : 'close')
+  }
 
-  if (!request.headers.has('user-agent'))
+  if (!request.headers.has('user-agent')) {
     request.headers.set('user-agent', USER_AGENT)
+  }
 
   // keep our own options since we're overriding the agent
   // and the redirect mode
@@ -50,8 +52,21 @@ const remoteFetch = (request, options) => {
       if (_opts.integrity && res.status === 200) {
         // we got a 200 response and the user has specified an expected
         // integrity value, so wrap the response in an ssri stream to verify it
-        const integrityStream = ssri.integrityStream({ integrity: _opts.integrity })
-        res = new fetch.Response(new MinipassPipeline(res.body, integrityStream), res)
+        const integrityStream = ssri.integrityStream({
+          algorithms: _opts.algorithms,
+          integrity: _opts.integrity,
+          size: _opts.size,
+        })
+        const pipeline = new CachingMinipassPipeline({
+          events: ['integrity', 'size'],
+        }, res.body, integrityStream)
+        // we also propagate the integrity and size events out to the pipeline so we can use
+        // this new response body as an integrityEmitter for cacache
+        integrityStream.on('integrity', i => pipeline.emit('integrity', i))
+        integrityStream.on('size', s => pipeline.emit('size', s))
+        res = new fetch.Response(pipeline, res)
+        // set an explicit flag so we know if our response body will emit integrity and size
+        res.body.hasIntegrityEmitter = true
       }
 
       res.headers.set('x-fetch-attempts', attemptNum)
@@ -64,8 +79,9 @@ const remoteFetch = (request, options) => {
           ([408, 420, 429].includes(res.status) || res.status >= 500)
 
       if (isRetriable) {
-        if (typeof options.onRetry === 'function')
+        if (typeof options.onRetry === 'function') {
           options.onRetry(res)
+        }
 
         return retryHandler(res)
       }
@@ -82,18 +98,21 @@ const remoteFetch = (request, options) => {
       const isRetryError = err.retried instanceof fetch.Response ||
         (RETRY_ERRORS.includes(code) && RETRY_TYPES.includes(err.type))
 
-      if (req.method === 'POST' || isRetryError)
+      if (req.method === 'POST' || isRetryError) {
         throw err
+      }
 
-      if (typeof options.onRetry === 'function')
+      if (typeof options.onRetry === 'function') {
         options.onRetry(err)
+      }
 
       return retryHandler(err)
     }
   }, options.retry).catch((err) => {
     // don't reject for http errors, just return them
-    if (err.status >= 400 && err.type !== 'system')
+    if (err.status >= 400 && err.type !== 'system') {
       return err
+    }
 
     throw err
   })

package/dist/node_modules/make-fetch-happen/package.json

@@ -1,22 +1,29 @@
 {
   "name": "make-fetch-happen",
-  "version": "9.1.0",
+  "version": "10.2.1",
   "description": "Opinionated, caching, retrying fetch client",
   "main": "lib/index.js",
   "files": [
-    "lib"
+    "bin/",
+    "lib/"
   ],
   "scripts": {
-    "preversion": "npm t",
+    "preversion": "npm test",
     "postversion": "npm publish",
-    "prepublishOnly": "git push --follow-tags",
+    "prepublishOnly": "git push origin --follow-tags",
     "test": "tap",
     "posttest": "npm run lint",
     "eslint": "eslint",
-    "lint": "npm run eslint -- lib test",
-    "lintfix": "npm run lint -- --fix"
+    "lint": "eslint \"**/*.js\"",
+    "lintfix": "npm run lint -- --fix",
+    "postlint": "template-oss-check",
+    "snap": "tap",
+    "template-oss-apply": "template-oss-apply --force"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/npm/make-fetch-happen.git"
   },
-  "repository": "https://github.com/npm/make-fetch-happen",
   "keywords": [
     "http",
     "request",
@@ -26,51 +33,47 @@
     "cache",
     "subresource integrity"
   ],
-  "author": {
-    "name": "Kat Marchán",
-    "email": "kzm@zkat.tech",
-    "twitter": "maybekatz"
-  },
+  "author": "GitHub Inc.",
   "license": "ISC",
   "dependencies": {
-    "agentkeepalive": "^4.1.3",
-    "cacache": "^15.2.0",
+    "agentkeepalive": "^4.2.1",
+    "cacache": "^16.1.0",
     "http-cache-semantics": "^4.1.0",
-    "http-proxy-agent": "^4.0.1",
+    "http-proxy-agent": "^5.0.0",
     "https-proxy-agent": "^5.0.0",
     "is-lambda": "^1.0.1",
-    "lru-cache": "^6.0.0",
-    "minipass": "^3.1.3",
+    "lru-cache": "^7.7.1",
+    "minipass": "^3.1.6",
     "minipass-collect": "^1.0.2",
-    "minipass-fetch": "^1.3.2",
+    "minipass-fetch": "^2.0.3",
     "minipass-flush": "^1.0.5",
     "minipass-pipeline": "^1.2.4",
-    "negotiator": "^0.6.2",
+    "negotiator": "^0.6.3",
     "promise-retry": "^2.0.1",
-    "socks-proxy-agent": "^6.0.0",
-    "ssri": "^8.0.0"
+    "socks-proxy-agent": "^7.0.0",
+    "ssri": "^9.0.0"
   },
   "devDependencies": {
-    "eslint": "^7.26.0",
-    "eslint-plugin-import": "^2.23.2",
-    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^5.1.0",
-    "eslint-plugin-standard": "^5.0.0",
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.5.0",
     "mkdirp": "^1.0.4",
-    "nock": "^13.0.11",
-    "npmlog": "^5.0.0",
-    "require-inject": "^1.4.2",
+    "nock": "^13.2.4",
     "rimraf": "^3.0.2",
     "safe-buffer": "^5.2.1",
-    "standard-version": "^9.3.0",
-    "tap": "^15.0.9"
+    "standard-version": "^9.3.2",
+    "tap": "^16.0.0"
   },
   "engines": {
-    "node": ">= 10"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
   },
   "tap": {
     "color": 1,
     "files": "test/*.js",
-    "check-coverage": true
+    "check-coverage": true,
+    "timeout": 60
+  },
+  "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "3.5.0"
   }
 }

package/dist/node_modules/minipass-fetch/lib/blob.js

@@ -18,10 +18,10 @@ class Blob {
         const buffer = element instanceof Buffer ? element
           : ArrayBuffer.isView(element)
             ? Buffer.from(element.buffer, element.byteOffset, element.byteLength)
-          : element instanceof ArrayBuffer ? Buffer.from(element)
-          : element instanceof Blob ? element[BUFFER]
-          : typeof element === 'string' ? Buffer.from(element)
-          : Buffer.from(String(element))
+            : element instanceof ArrayBuffer ? Buffer.from(element)
+            : element instanceof Blob ? element[BUFFER]
+            : typeof element === 'string' ? Buffer.from(element)
+            : Buffer.from(String(element))
         size += buffer.length
         buffers.push(buffer)
       }