undici 7.0.0-alpha.2 → 7.0.0-alpha.4

package/lib/web/fetch/util.js

@@ -2,7 +2,7 @@
 
 const { Transform } = require('node:stream')
 const zlib = require('node:zlib')
-const { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet } = require('./constants')
+const { redirectStatusSet, referrerPolicyTokens, badPortsSet } = require('./constants')
 const { getGlobalOrigin } = require('./global')
 const { collectASequenceOfCodePoints, collectAnHTTPQuotedString, removeChars, parseMIMEType } = require('./data-url')
 const { performance } = require('node:perf_hooks')
@@ -170,29 +170,24 @@ function isValidHeaderValue (potentialValue) {
   ) === false
 }
 
-// https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect
-function setRequestReferrerPolicyOnRedirect (request, actualResponse) {
-  //  Given a request request and a response actualResponse, this algorithm
-  //  updates request’s referrer policy according to the Referrer-Policy
-  //  header (if any) in actualResponse.
-
-  // 1. Let policy be the result of executing § 8.1 Parse a referrer policy
-  // from a Referrer-Policy header on actualResponse.
-
-  // 8.1 Parse a referrer policy from a Referrer-Policy header
+/**
+ * Parse a referrer policy from a Referrer-Policy header
+ * @see https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header
+ */
+function parseReferrerPolicy (actualResponse) {
   // 1. Let policy-tokens be the result of extracting header list values given `Referrer-Policy` and response’s header list.
-  const { headersList } = actualResponse
+  const policyHeader = (actualResponse.headersList.get('referrer-policy', true) ?? '').split(',')
+
   // 2. Let policy be the empty string.
+  let policy = ''
+
   // 3. For each token in policy-tokens, if token is a referrer policy and token is not the empty string, then set policy to token.
-  // 4. Return policy.
-  const policyHeader = (headersList.get('referrer-policy', true) ?? '').split(',')
 
   // Note: As the referrer-policy can contain multiple policies
   // separated by comma, we need to loop through all of them
   // and pick the first valid one.
   // Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#specify_a_fallback_policy
-  let policy = ''
-  if (policyHeader.length > 0) {
+  if (policyHeader.length) {
     // The right-most policy takes precedence.
     // The left-most policy is the fallback.
     for (let i = policyHeader.length; i !== 0; i--) {
@@ -204,6 +199,23 @@ function setRequestReferrerPolicyOnRedirect (request, actualResponse) {
     }
   }
 
+  // 4. Return policy.
+  return policy
+}
+
+/**
+ * Given a request request and a response actualResponse, this algorithm
+ * updates request’s referrer policy according to the Referrer-Policy
+ * header (if any) in actualResponse.
+ * @see https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect
+ * @param {import('./request').Request} request
+ * @param {import('./response').Response} actualResponse
+ */
+function setRequestReferrerPolicyOnRedirect (request, actualResponse) {
+  // 1. Let policy be the result of executing § 8.1 Parse a referrer policy
+  // from a Referrer-Policy header on actualResponse.
+  const policy = parseReferrerPolicy(actualResponse)
+
   // 2. If policy is not the empty string, then set request’s referrer policy to policy.
   if (policy !== '') {
     request.referrerPolicy = policy
@@ -374,8 +386,16 @@ function clonePolicyContainer (policyContainer) {
   }
 }
 
-// https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
+/**
+ * Determine request’s Referrer
+ *
+ * @see https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
+ */
 function determineRequestsReferrer (request) {
+  // Given a request request, we can determine the correct referrer information
+  // to send by examining its referrer policy as detailed in the following
+  // steps, which return either no referrer or a URL:
+
   // 1. Let policy be request's referrer policy.
   const policy = request.referrerPolicy
 
@@ -387,6 +407,8 @@ function determineRequestsReferrer (request) {
   let referrerSource = null
 
   // 3. Switch on request’s referrer:
+
+  // "client"
   if (request.referrer === 'client') {
     // Note: node isn't a browser and doesn't implement document/iframes,
     // so we bypass this step and replace it with our own.
@@ -397,8 +419,9 @@ function determineRequestsReferrer (request) {
       return 'no-referrer'
     }
 
-    // note: we need to clone it as it's mutated
+    // Note: we need to clone it as it's mutated
     referrerSource = new URL(globalOrigin)
+  // a URL
   } else if (webidl.is.URL(request.referrer)) {
     // Let referrerSource be request’s referrer.
     referrerSource = request.referrer
@@ -500,18 +523,26 @@ function determineRequestsReferrer (request) {
 }
 
 /**
+ * Certain portions of URLs must not be included when sending a URL as the
+ * value of a `Referer` header: a URLs fragment, username, and password
+ * components must be stripped from the URL before it’s sent out. This
+ * algorithm accepts a origin-only flag, which defaults to false. If set to
+ * true, the algorithm will additionally remove the URL’s path and query
+ * components, leaving only the scheme, host, and port.
+ *
  * @see https://w3c.github.io/webappsec-referrer-policy/#strip-url
  * @param {URL} url
- * @param {boolean} [originOnly]
+ * @param {boolean} [originOnly=false]
  */
-function stripURLForReferrer (url, originOnly) {
+function stripURLForReferrer (url, originOnly = false) {
   // 1. Assert: url is a URL.
   assert(webidl.is.URL(url))
 
+  // Note: Create a new URL instance to avoid mutating the original URL.
   url = new URL(url)
 
   // 2. If url’s scheme is a local scheme, then return no referrer.
-  if (url.protocol === 'file:' || url.protocol === 'about:' || url.protocol === 'blank:') {
+  if (urlIsLocal(url)) {
     return 'no-referrer'
   }
 
@@ -525,7 +556,7 @@ function stripURLForReferrer (url, originOnly) {
   url.hash = ''
 
   // 6. If the origin-only flag is true, then:
-  if (originOnly) {
+  if (originOnly === true) {
     // 1. Set url’s path to « the empty string ».
     url.pathname = ''
 
@@ -537,45 +568,134 @@ function stripURLForReferrer (url, originOnly) {
   return url
 }
 
-function isURLPotentiallyTrustworthy (url) {
-  if (!webidl.is.URL(url)) {
+const potentialleTrustworthyIPv4RegExp = new RegExp('^(?:' +
+  '(?:127\\.)' +
+  '(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){2}' +
+  '(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])' +
+')$')
+
+const potentialleTrustworthyIPv6RegExp = new RegExp('^(?:' +
+  '(?:(?:0{1,4}):){7}(?:(?:0{0,3}1))|' +
+  '(?:(?:0{1,4}):){1,6}(?::(?:0{0,3}1))|' +
+  '(?:::(?:0{0,3}1))|' +
+')$')
+
+/**
+ * Check if host matches one of the CIDR notations 127.0.0.0/8 or ::1/128.
+ *
+ * @param {string} origin
+ * @returns {boolean}
+ */
+function isOriginIPPotentiallyTrustworthy (origin) {
+  // IPv6
+  if (origin.includes(':')) {
+    // Remove brackets from IPv6 addresses
+    if (origin[0] === '[' && origin[origin.length - 1] === ']') {
+      origin = origin.slice(1, -1)
+    }
+    return potentialleTrustworthyIPv6RegExp.test(origin)
+  }
+
+  // IPv4
+  return potentialleTrustworthyIPv4RegExp.test(origin)
+}
+
+/**
+ * A potentially trustworthy origin is one which a user agent can generally
+ * trust as delivering data securely.
+ *
+ * Return value `true` means `Potentially Trustworthy`.
+ * Return value `false` means `Not Trustworthy`.
+ *
+ * @see https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+ * @param {string} origin
+ * @returns {boolean}
+ */
+function isOriginPotentiallyTrustworthy (origin) {
+  // 1. If origin is an opaque origin, return "Not Trustworthy".
+  if (origin == null || origin === 'null') {
     return false
   }
 
-  // If child of about, return true
-  if (url.href === 'about:blank' || url.href === 'about:srcdoc') {
+  // 2. Assert: origin is a tuple origin.
+  origin = new URL(origin)
+
+  // 3. If origin’s scheme is either "https" or "wss",
+  //    return "Potentially Trustworthy".
+  if (origin.protocol === 'https:' || origin.protocol === 'wss:') {
     return true
   }
 
-  // If scheme is data, return true
-  if (url.protocol === 'data:') return true
+  // 4. If origin’s host matches one of the CIDR notations 127.0.0.0/8 or
+  // ::1/128 [RFC4632], return "Potentially Trustworthy".
+  if (isOriginIPPotentiallyTrustworthy(origin.hostname)) {
+    return true
+  }
 
-  // If file, return true
-  if (url.protocol === 'file:') return true
+  // 5. If the user agent conforms to the name resolution rules in
+  //    [let-localhost-be-localhost] and one of the following is true:
 
-  return isOriginPotentiallyTrustworthy(url.origin)
+  //    origin’s host is "localhost" or "localhost."
+  if (origin.hostname === 'localhost' || origin.hostname === 'localhost.') {
+    return true
+  }
 
-  function isOriginPotentiallyTrustworthy (origin) {
-    // If origin is explicitly null, return false
-    if (origin == null || origin === 'null') return false
+  //    origin’s host ends with ".localhost" or ".localhost."
+  if (origin.hostname.endsWith('.localhost') || origin.hostname.endsWith('.localhost.')) {
+    return true
+  }
 
-    const originAsURL = new URL(origin)
+  // 6. If origin’s scheme is "file", return "Potentially Trustworthy".
+  if (origin.protocol === 'file:') {
+    return true
+  }
 
-    // If secure, return true
-    if (originAsURL.protocol === 'https:' || originAsURL.protocol === 'wss:') {
-      return true
-    }
+  // 7. If origin’s scheme component is one which the user agent considers to
+  // be authenticated, return "Potentially Trustworthy".
 
-    // If localhost or variants, return true
-    if (/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^\[(?:0*:)*?:?0*1\]$/.test(originAsURL.hostname) ||
-     (originAsURL.hostname === 'localhost' || originAsURL.hostname.includes('localhost.')) ||
-     (originAsURL.hostname.endsWith('.localhost'))) {
-      return true
-    }
+  // 8. If origin has been configured as a trustworthy origin, return
+  //    "Potentially Trustworthy".
 
-    // If any other, return false
+  // 9. Return "Not Trustworthy".
+  return false
+}
+
+/**
+ * A potentially trustworthy URL is one which either inherits context from its
+ * creator (about:blank, about:srcdoc, data) or one whose origin is a
+ * potentially trustworthy origin.
+ *
+ * Return value `true` means `Potentially Trustworthy`.
+ * Return value `false` means `Not Trustworthy`.
+ *
+ * @see https://www.w3.org/TR/secure-contexts/#is-url-trustworthy
+ * @param {URL} url
+ * @returns {boolean}
+ */
+function isURLPotentiallyTrustworthy (url) {
+  // Given a URL record (url), the following algorithm returns "Potentially
+  // Trustworthy" or "Not Trustworthy" as appropriate:
+  if (!webidl.is.URL(url)) {
     return false
   }
+
+  // 1. If url is "about:blank" or "about:srcdoc",
+  //    return "Potentially Trustworthy".
+  if (url.href === 'about:blank' || url.href === 'about:srcdoc') {
+    return true
+  }
+
+  // 2. If url’s scheme is "data", return "Potentially Trustworthy".
+  if (url.protocol === 'data:') return true
+
+  // Note: The origin of blob: URLs is the origin of the context in which they
+  // were created. Therefore, blobs created in a trustworthy origin will
+  // themselves be potentially trustworthy.
+  if (url.protocol === 'blob:') return true
+
+  // 3. Return the result of executing § 3.1 Is origin potentially trustworthy?
+  // on url’s origin.
+  return isOriginPotentiallyTrustworthy(url.origin)
 }
 
 /**
@@ -1161,12 +1281,15 @@ async function readAllBytes (reader, successSteps, failureSteps) {
 /**
  * @see https://fetch.spec.whatwg.org/#is-local
  * @param {URL} url
+ * @returns {boolean}
  */
 function urlIsLocal (url) {
   assert('protocol' in url) // ensure it's a url object
 
   const protocol = url.protocol
 
+  // A URL is local if its scheme is a local scheme.
+  // A local scheme is "about", "blob", or "data".
   return protocol === 'about:' || protocol === 'blob:' || protocol === 'data:'
 }
 
@@ -1654,5 +1777,6 @@ module.exports = {
   extractMimeType,
   getDecodeSplit,
   utf8DecodeBytes,
-  environmentSettingsObject
+  environmentSettingsObject,
+  isOriginIPPotentiallyTrustworthy
 }

package/lib/web/fetch/webidl.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const { types, inspect } = require('node:util')
+const { markAsUncloneable } = require('node:worker_threads')
 const { toUSVString } = require('../../core/util')
 
 const UNDEFINED = 1
@@ -12,6 +13,8 @@ const BIGINT = 6
 const NULL = 7
 const OBJECT = 8 // function and object
 
+const FunctionPrototypeSymbolHasInstance = Function.call.bind(Function.prototype[Symbol.hasInstance])
+
 /** @type {import('../../../types/webidl').Webidl} */
 const webidl = {
   converters: {},
@@ -45,7 +48,7 @@ webidl.errors.invalidArgument = function (context) {
 
 // https://webidl.spec.whatwg.org/#implements
 webidl.brandCheck = function (V, I) {
-  if (!I.prototype.isPrototypeOf(V)) { // eslint-disable-line no-prototype-builtins
+  if (!FunctionPrototypeSymbolHasInstance(I, V)) {
     const err = new TypeError('Illegal invocation')
     err.code = 'ERR_INVALID_THIS' // node compat.
     throw err
@@ -53,7 +56,7 @@ webidl.brandCheck = function (V, I) {
 }
 
 webidl.brandCheckMultiple = function (List) {
-  const prototypes = List.map((c) => webidl.util.MakeTypeAssertion(c.prototype))
+  const prototypes = List.map((c) => webidl.util.MakeTypeAssertion(c))
 
   return (V) => {
     if (prototypes.every(typeCheck => !typeCheck(V))) {
@@ -81,9 +84,8 @@ webidl.illegalConstructor = function () {
   })
 }
 
-const isPrototypeOf = Object.prototype.isPrototypeOf
-webidl.util.MakeTypeAssertion = function (Prototype) {
-  return (O) => isPrototypeOf.call(Prototype, O)
+webidl.util.MakeTypeAssertion = function (I) {
+  return (O) => FunctionPrototypeSymbolHasInstance(I, O)
 }
 
 // https://tc39.es/ecma262/#sec-ecmascript-data-types-and-values
@@ -130,6 +132,8 @@ webidl.util.TypeValueToString = function (o) {
   }
 }
 
+webidl.util.markAsUncloneable = markAsUncloneable || (() => {})
+
 // https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
 webidl.util.ConvertToInt = function (V, bitLength, signedness, opts) {
   let upperBound
@@ -341,12 +345,14 @@ webidl.recordConverter = function (keyConverter, valueConverter) {
       const keys = [...Object.getOwnPropertyNames(O), ...Object.getOwnPropertySymbols(O)]
 
       for (const key of keys) {
+        const keyName = webidl.util.Stringify(key)
+
         // 1. Let typedKey be key converted to an IDL value of type K.
-        const typedKey = keyConverter(key, prefix, argument)
+        const typedKey = keyConverter(key, prefix, `Key ${keyName} in ${argument}`)
 
         // 2. Let value be ? Get(O, key).
         // 3. Let typedValue be value converted to an IDL value of type V.
-        const typedValue = valueConverter(O[key], prefix, argument)
+        const typedValue = valueConverter(O[key], prefix, `${argument}[${keyName}]`)
 
         // 4. Set result[typedKey] to typedValue.
         result[typedKey] = typedValue
@@ -462,13 +468,13 @@ webidl.nullableConverter = function (converter) {
   }
 }
 
-webidl.is.ReadableStream = webidl.util.MakeTypeAssertion(ReadableStream.prototype)
-webidl.is.Blob = webidl.util.MakeTypeAssertion(Blob.prototype)
-webidl.is.URLSearchParams = webidl.util.MakeTypeAssertion(URLSearchParams.prototype)
-webidl.is.File = webidl.util.MakeTypeAssertion((globalThis.File ?? require('node:buffer').File).prototype)
-webidl.is.URL = webidl.util.MakeTypeAssertion(URL.prototype)
-webidl.is.AbortSignal = webidl.util.MakeTypeAssertion(AbortSignal.prototype)
-webidl.is.MessagePort = webidl.util.MakeTypeAssertion(MessagePort.prototype)
+webidl.is.ReadableStream = webidl.util.MakeTypeAssertion(ReadableStream)
+webidl.is.Blob = webidl.util.MakeTypeAssertion(Blob)
+webidl.is.URLSearchParams = webidl.util.MakeTypeAssertion(URLSearchParams)
+webidl.is.File = webidl.util.MakeTypeAssertion(globalThis.File ?? require('node:buffer').File)
+webidl.is.URL = webidl.util.MakeTypeAssertion(URL)
+webidl.is.AbortSignal = webidl.util.MakeTypeAssertion(AbortSignal)
+webidl.is.MessagePort = webidl.util.MakeTypeAssertion(MessagePort)
 
 // https://webidl.spec.whatwg.org/#es-DOMString
 webidl.converters.DOMString = function (V, prefix, argument, opts) {
@@ -497,8 +503,14 @@ webidl.converters.DOMString = function (V, prefix, argument, opts) {
 // https://webidl.spec.whatwg.org/#es-ByteString
 webidl.converters.ByteString = function (V, prefix, argument) {
   // 1. Let x be ? ToString(V).
-  // Note: DOMString converter perform ? ToString(V)
-  const x = webidl.converters.DOMString(V, prefix, argument)
+  if (typeof V === 'symbol') {
+    throw webidl.errors.exception({
+      header: prefix,
+      message: `${argument} is a symbol, which cannot be converted to a ByteString.`
+    })
+  }
+
+  const x = String(V)
 
   // 2. If the value of any element of x is greater than
   //    255, then throw a TypeError.

package/lib/web/websocket/constants.js

@@ -1,18 +1,32 @@
 'use strict'
 
-// This is a Globally Unique Identifier unique used
-// to validate that the endpoint accepts websocket
-// connections.
-// See https://www.rfc-editor.org/rfc/rfc6455.html#section-1.3
+/**
+ * This is a Globally Unique Identifier unique used to validate that the
+ * endpoint accepts websocket connections.
+ * @see https://www.rfc-editor.org/rfc/rfc6455.html#section-1.3
+ * @type {'258EAFA5-E914-47DA-95CA-C5AB0DC85B11'}
+ */
 const uid = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'
 
-/** @type {PropertyDescriptor} */
+/**
+ * @type {PropertyDescriptor}
+ */
 const staticPropertyDescriptors = {
   enumerable: true,
   writable: false,
   configurable: false
 }
 
+/**
+ * The states of the WebSocket connection.
+ *
+ * @readonly
+ * @enum
+ * @property {0} CONNECTING
+ * @property {1} OPEN
+ * @property {2} CLOSING
+ * @property {3} CLOSED
+ */
 const states = {
   CONNECTING: 0,
   OPEN: 1,
@@ -20,11 +34,31 @@ const states = {
   CLOSED: 3
 }
 
+/**
+ * @readonly
+ * @enum
+ * @property {0} NOT_SENT
+ * @property {1} PROCESSING
+ * @property {2} SENT
+ */
 const sentCloseFrameState = {
   SENT: 1,
   RECEIVED: 2
 }
 
+/**
+ * The WebSocket opcodes.
+ *
+ * @readonly
+ * @enum
+ * @property {0x0} CONTINUATION
+ * @property {0x1} TEXT
+ * @property {0x2} BINARY
+ * @property {0x8} CLOSE
+ * @property {0x9} PING
+ * @property {0xA} PONG
+ * @see https://datatracker.ietf.org/doc/html/rfc6455#section-5.2
+ */
 const opcodes = {
   CONTINUATION: 0x0,
   TEXT: 0x1,
@@ -34,8 +68,23 @@ const opcodes = {
   PONG: 0xA
 }
 
-const maxUnsigned16Bit = 2 ** 16 - 1 // 65535
+/**
+ * The maximum value for an unsigned 16-bit integer.
+ *
+ * @type {65535} 2 ** 16 - 1
+ */
+const maxUnsigned16Bit = 65535
 
+/**
+ * The states of the parser.
+ *
+ * @readonly
+ * @enum
+ * @property {0} INFO
+ * @property {2} PAYLOADLENGTH_16
+ * @property {3} PAYLOADLENGTH_64
+ * @property {4} READ_DATA
+ */
 const parserStates = {
   INFO: 0,
   PAYLOADLENGTH_16: 2,
@@ -43,8 +92,20 @@ const parserStates = {
   READ_DATA: 4
 }
 
+/**
+ * An empty buffer.
+ *
+ * @type {Buffer}
+ */
 const emptyBuffer = Buffer.allocUnsafe(0)
 
+/**
+ * @readonly
+ * @property {1} text
+ * @property {2} typedArray
+ * @property {3} arrayBuffer
+ * @property {4} blob
+ */
 const sendHints = {
   text: 1,
   typedArray: 2,

package/lib/web/websocket/events.js

@@ -13,6 +13,7 @@ class MessageEvent extends Event {
   constructor (type, eventInitDict = {}) {
     if (type === kConstruct) {
       super(arguments[1], arguments[2])
+      webidl.util.markAsUncloneable(this)
       return
     }
 
@@ -25,6 +26,7 @@ class MessageEvent extends Event {
     super(type, eventInitDict)
 
     this.#eventInit = eventInitDict
+    webidl.util.markAsUncloneable(this)
   }
 
   get data () {
@@ -111,6 +113,7 @@ class CloseEvent extends Event {
     super(type, eventInitDict)
 
     this.#eventInit = eventInitDict
+    webidl.util.markAsUncloneable(this)
   }
 
   get wasClean () {
@@ -141,6 +144,7 @@ class ErrorEvent extends Event {
     webidl.argumentLengthCheck(arguments, 1, prefix)
 
     super(type, eventInitDict)
+    webidl.util.markAsUncloneable(this)
 
     type = webidl.converters.DOMString(type, prefix, 'type')
     eventInitDict = webidl.converters.ErrorEventInit(eventInitDict ?? {})

package/lib/web/websocket/stream/websocketerror.js

@@ -78,6 +78,6 @@ Object.defineProperties(WebSocketError.prototype, {
   }
 })
 
-webidl.is.WebSocketError = webidl.util.MakeTypeAssertion(WebSocketError.prototype)
+webidl.is.WebSocketError = webidl.util.MakeTypeAssertion(WebSocketError)
 
 module.exports = { WebSocketError, createUnvalidatedWebSocketError }

package/lib/web/websocket/websocket.js

@@ -100,6 +100,8 @@ class WebSocket extends EventTarget {
   constructor (url, protocols = []) {
     super()
 
+    webidl.util.markAsUncloneable(this)
+
     const prefix = 'WebSocket constructor'
     webidl.argumentLengthCheck(arguments, 1, prefix)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "undici",
-  "version": "7.0.0-alpha.2",
+  "version": "7.0.0-alpha.4",
   "description": "An HTTP/1.1 client, written from scratch for Node.js",
   "homepage": "https://undici.nodejs.org",
   "bugs": {
@@ -63,21 +63,24 @@
   "types": "index.d.ts",
   "scripts": {
     "build:node": "esbuild index-fetch.js --bundle --platform=node --outfile=undici-fetch.js --define:esbuildDetection=1 --keep-names && node scripts/strip-comments.js",
-    "prebuild:wasm": "node build/wasm.js --prebuild",
     "build:wasm": "node build/wasm.js --docker",
     "generate-pem": "node scripts/generate-pem.js",
     "lint": "eslint --cache",
     "lint:fix": "eslint --fix --cache",
     "test": "npm run test:javascript && cross-env NODE_V8_COVERAGE=  npm run test:typescript",
     "test:javascript": "npm run test:javascript:no-jest && npm run test:jest",
-    "test:javascript:no-jest": "npm run generate-pem && npm run test:unit && npm run test:node-fetch && npm run test:cache && npm run test:interceptors && npm run test:fetch && npm run test:cookies && npm run test:eventsource && npm run test:wpt && npm run test:websocket && npm run test:node-test",
+    "test:javascript:no-jest": "npm run generate-pem && npm run test:unit && npm run test:node-fetch && npm run test:cache && npm run test:cache-interceptor && npm run test:interceptors && npm run test:fetch && npm run test:cookies && npm run test:eventsource && npm run test:wpt && npm run test:websocket && npm run test:node-test",
     "test:javascript:without-intl": "npm run test:javascript:no-jest",
     "test:busboy": "borp -p \"test/busboy/*.js\"",
     "test:cache": "borp -p \"test/cache/*.js\"",
+    "test:cache-interceptor": "borp -p \"test/cache-interceptor/*.js\"",
     "test:cookies": "borp -p \"test/cookie/*.js\"",
     "test:eventsource": "npm run build:node && borp --expose-gc -p \"test/eventsource/*.js\"",
     "test:fuzzing": "node test/fuzzing/fuzzing.test.js",
     "test:fetch": "npm run build:node && borp --timeout 180000 --expose-gc --concurrency 1 -p \"test/fetch/*.js\" && npm run test:webidl && npm run test:busboy",
+    "test:h2": "npm run test:h2:core && npm run test:h2:fetch",
+    "test:h2:core": "borp -p \"test/http2*.js\"",
+    "test:h2:fetch": "npm run build:node && borp -p \"test/fetch/http2*.js\"",
     "test:interceptors": "borp -p \"test/interceptors/*.js\"",
     "test:jest": "cross-env NODE_V8_COVERAGE= jest",
     "test:unit": "borp --expose-gc -p \"test/*.js\"",
@@ -104,10 +107,10 @@
   "devDependencies": {
     "@fastify/busboy": "3.0.0",
     "@matteo.collina/tspl": "^0.1.1",
-    "@sinonjs/fake-timers": "^11.1.0",
+    "@sinonjs/fake-timers": "^12.0.0",
     "@types/node": "^18.19.50",
     "abort-controller": "^3.0.0",
-    "borp": "^0.17.0",
+    "borp": "^0.18.0",
     "c8": "^10.0.0",
     "cross-env": "^7.0.3",
     "dns-packet": "^5.4.0",