vite 2.9.0-beta.4 → 2.9.0-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of vite might be problematic. Click here for more details.

Files changed (8) hide show
  1. package/dist/node/chunks/{dep-dd016db2.js → dep-35d2a41c.js} +116 -8
  2. package/dist/node/chunks/{dep-8a000299.js → dep-57c89c81.js} +1 -1
  3. package/dist/node/chunks/{dep-5a245411.js → dep-a7fb482c.js} +923 -665
  4. package/dist/node/chunks/{dep-0d07874d.js → dep-c9843b31.js} +1 -1
  5. package/dist/node/cli.js +6 -6
  6. package/dist/node/index.d.ts +23 -14
  7. package/dist/node/index.js +3 -2
  8. package/package.json +8 -7
package/dist/node/chunks/{dep-dd016db2.js → dep-35d2a41c.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var index = require('./dep-5a245411.js');
3
+ var index = require('./dep-a7fb482c.js');
4
4
  var require$$1 = require('crypto');
5
5
  require('fs');
6
6
  require('path');
@@ -19,9 +19,9 @@ require('https');
19
19
  require('zlib');
20
20
  require('tls');
21
21
  require('assert');
22
+ require('esbuild');
22
23
  require('buffer');
23
24
  require('querystring');
24
- require('esbuild');
25
25
  require('child_process');
26
26
  require('worker_threads');
27
27
  require('readline');
@@ -2936,6 +2936,10 @@ _IN('1.3.14.3.2.29', 'sha1WithRSASignature');
2936
2936
  _IN('2.16.840.1.101.3.4.2.1', 'sha256');
2937
2937
  _IN('2.16.840.1.101.3.4.2.2', 'sha384');
2938
2938
  _IN('2.16.840.1.101.3.4.2.3', 'sha512');
2939
+ _IN('2.16.840.1.101.3.4.2.4', 'sha224');
2940
+ _IN('2.16.840.1.101.3.4.2.5', 'sha512-224');
2941
+ _IN('2.16.840.1.101.3.4.2.6', 'sha512-256');
2942
+ _IN('1.2.840.113549.2.2', 'md2');
2939
2943
  _IN('1.2.840.113549.2.5', 'md5');
2940
2944
 
2941
2945
  // pkcs#7 content types
@@ -3477,6 +3481,8 @@ var _getValueLength = function(bytes, remaining) {
3477
3481
  * @param [options] object with options or boolean strict flag
3478
3482
  * [strict] true to be strict when checking value lengths, false to
3479
3483
  * allow truncated values (default: true).
3484
+ * [parseAllBytes] true to ensure all bytes are parsed
3485
+ * (default: true)
3480
3486
  * [decodeBitStrings] true to attempt to decode the content of
3481
3487
  * BIT STRINGs (not OCTET STRINGs) using strict mode. Note that
3482
3488
  * without schema support to understand the data context this can
@@ -3484,24 +3490,31 @@ var _getValueLength = function(bytes, remaining) {
3484
3490
  * flag will be deprecated or removed as soon as schema support is
3485
3491
  * available. (default: true)
3486
3492
  *
3493
+ * @throws Will throw an error for various malformed input conditions.
3494
+ *
3487
3495
  * @return the parsed asn1 object.
3488
3496
  */
3489
3497
  asn1$6.fromDer = function(bytes, options) {
3490
3498
  if(options === undefined) {
3491
3499
  options = {
3492
3500
  strict: true,
3501
+ parseAllBytes: true,
3493
3502
  decodeBitStrings: true
3494
3503
  };
3495
3504
  }
3496
3505
  if(typeof options === 'boolean') {
3497
3506
  options = {
3498
3507
  strict: options,
3508
+ parseAllBytes: true,
3499
3509
  decodeBitStrings: true
3500
3510
  };
3501
3511
  }
3502
3512
  if(!('strict' in options)) {
3503
3513
  options.strict = true;
3504
3514
  }
3515
+ if(!('parseAllBytes' in options)) {
3516
+ options.parseAllBytes = true;
3517
+ }
3505
3518
  if(!('decodeBitStrings' in options)) {
3506
3519
  options.decodeBitStrings = true;
3507
3520
  }
@@ -3511,7 +3524,15 @@ asn1$6.fromDer = function(bytes, options) {
3511
3524
  bytes = forge$p.util.createBuffer(bytes);
3512
3525
  }
3513
3526
 
3514
- return _fromDer(bytes, bytes.length(), 0, options);
3527
+ var byteCount = bytes.length();
3528
+ var value = _fromDer(bytes, bytes.length(), 0, options);
3529
+ if(options.parseAllBytes && bytes.length() !== 0) {
3530
+ var error = new Error('Unparsed DER bytes remain after ASN.1 parsing.');
3531
+ error.byteCount = byteCount;
3532
+ error.remaining = bytes.length();
3533
+ throw error;
3534
+ }
3535
+ return value;
3515
3536
  };
3516
3537
 
3517
3538
  /**
@@ -3632,7 +3653,6 @@ function _fromDer(bytes, remaining, depth, options) {
3632
3653
  start = bytes.length();
3633
3654
  var subOptions = {
3634
3655
  // enforce strict mode to avoid parsing ASN.1 from plain data
3635
- verbose: options.verbose,
3636
3656
  strict: true,
3637
3657
  decodeBitStrings: true
3638
3658
  };
@@ -3681,6 +3701,7 @@ function _fromDer(bytes, remaining, depth, options) {
3681
3701
  }
3682
3702
  } else {
3683
3703
  value = bytes.getBytes(length);
3704
+ remaining -= length;
3684
3705
  }
3685
3706
  }
3686
3707
 
@@ -4456,7 +4477,16 @@ asn1$6.prettyPrint = function(obj, level, indentation) {
4456
4477
  }
4457
4478
  rval += '0x' + forge$p.util.bytesToHex(obj.value);
4458
4479
  } else if(obj.type === asn1$6.Type.UTF8) {
4459
- rval += forge$p.util.decodeUtf8(obj.value);
4480
+ try {
4481
+ rval += forge$p.util.decodeUtf8(obj.value);
4482
+ } catch(e) {
4483
+ if(e.message === 'URI malformed') {
4484
+ rval +=
4485
+ '0x' + forge$p.util.bytesToHex(obj.value) + ' (malformed UTF8)';
4486
+ } else {
4487
+ throw e;
4488
+ }
4489
+ }
4460
4490
  } else if(obj.type === asn1$6.Type.PRINTABLESTRING ||
4461
4491
  obj.type === asn1$6.Type.IA5String) {
4462
4492
  rval += obj.value;
@@ -11668,6 +11698,40 @@ var publicKeyValidator$1 = forge$8.pki.rsa.publicKeyValidator = {
11668
11698
  }]
11669
11699
  };
11670
11700
 
11701
+ // validator for a DigestInfo structure
11702
+ var digestInfoValidator = {
11703
+ name: 'DigestInfo',
11704
+ tagClass: asn1$5.Class.UNIVERSAL,
11705
+ type: asn1$5.Type.SEQUENCE,
11706
+ constructed: true,
11707
+ value: [{
11708
+ name: 'DigestInfo.DigestAlgorithm',
11709
+ tagClass: asn1$5.Class.UNIVERSAL,
11710
+ type: asn1$5.Type.SEQUENCE,
11711
+ constructed: true,
11712
+ value: [{
11713
+ name: 'DigestInfo.DigestAlgorithm.algorithmIdentifier',
11714
+ tagClass: asn1$5.Class.UNIVERSAL,
11715
+ type: asn1$5.Type.OID,
11716
+ constructed: false,
11717
+ capture: 'algorithmIdentifier'
11718
+ }, {
11719
+ // NULL paramters
11720
+ name: 'DigestInfo.DigestAlgorithm.parameters',
11721
+ tagClass: asn1$5.Class.UNIVERSAL,
11722
+ type: asn1$5.Type.NULL,
11723
+ constructed: false
11724
+ }]
11725
+ }, {
11726
+ // digest
11727
+ name: 'DigestInfo.digest',
11728
+ tagClass: asn1$5.Class.UNIVERSAL,
11729
+ type: asn1$5.Type.OCTETSTRING,
11730
+ constructed: false,
11731
+ capture: 'digest'
11732
+ }]
11733
+ };
11734
+
11671
11735
  /**
11672
11736
  * Wrap digest in DigestInfo object.
11673
11737
  *
@@ -12496,15 +12560,27 @@ pki$4.setRsaPublicKey = pki$4.rsa.setPublicKey = function(n, e) {
12496
12560
  * a Forge PSS object for RSASSA-PSS,
12497
12561
  * 'NONE' or null for none, DigestInfo will not be expected, but
12498
12562
  * PKCS#1 v1.5 padding will still be used.
12563
+ * @param options optional verify options
12564
+ * _parseAllDigestBytes testing flag to control parsing of all
12565
+ * digest bytes. Unsupported and not for general usage.
12566
+ * (default: true)
12499
12567
  *
12500
12568
  * @return true if the signature was verified, false if not.
12501
12569
  */
12502
- key.verify = function(digest, signature, scheme) {
12570
+ key.verify = function(digest, signature, scheme, options) {
12503
12571
  if(typeof scheme === 'string') {
12504
12572
  scheme = scheme.toUpperCase();
12505
12573
  } else if(scheme === undefined) {
12506
12574
  scheme = 'RSASSA-PKCS1-V1_5';
12507
12575
  }
12576
+ if(options === undefined) {
12577
+ options = {
12578
+ _parseAllDigestBytes: true
12579
+ };
12580
+ }
12581
+ if(!('_parseAllDigestBytes' in options)) {
12582
+ options._parseAllDigestBytes = true;
12583
+ }
12508
12584
 
12509
12585
  if(scheme === 'RSASSA-PKCS1-V1_5') {
12510
12586
  scheme = {
@@ -12512,9 +12588,41 @@ pki$4.setRsaPublicKey = pki$4.rsa.setPublicKey = function(n, e) {
12512
12588
  // remove padding
12513
12589
  d = _decodePkcs1_v1_5(d, key, true);
12514
12590
  // d is ASN.1 BER-encoded DigestInfo
12515
- var obj = asn1$5.fromDer(d);
12591
+ var obj = asn1$5.fromDer(d, {
12592
+ parseAllBytes: options._parseAllDigestBytes
12593
+ });
12594
+
12595
+ // validate DigestInfo
12596
+ var capture = {};
12597
+ var errors = [];
12598
+ if(!asn1$5.validate(obj, digestInfoValidator, capture, errors)) {
12599
+ var error = new Error(
12600
+ 'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +
12601
+ 'DigestInfo value.');
12602
+ error.errors = errors;
12603
+ throw error;
12604
+ }
12605
+ // check hash algorithm identifier
12606
+ // see PKCS1-v1-5DigestAlgorithms in RFC 8017
12607
+ // FIXME: add support to vaidator for strict value choices
12608
+ var oid = asn1$5.derToOid(capture.algorithmIdentifier);
12609
+ if(!(oid === forge$8.oids.md2 ||
12610
+ oid === forge$8.oids.md5 ||
12611
+ oid === forge$8.oids.sha1 ||
12612
+ oid === forge$8.oids.sha224 ||
12613
+ oid === forge$8.oids.sha256 ||
12614
+ oid === forge$8.oids.sha384 ||
12615
+ oid === forge$8.oids.sha512 ||
12616
+ oid === forge$8.oids['sha512-224'] ||
12617
+ oid === forge$8.oids['sha512-256'])) {
12618
+ var error = new Error(
12619
+ 'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.');
12620
+ error.oid = oid;
12621
+ throw error;
12622
+ }
12623
+
12516
12624
  // compare the given digest to the decrypted one
12517
- return digest === obj.value[1].value;
12625
+ return digest === capture.digest;
12518
12626
  }
12519
12627
  };
12520
12628
  } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
package/dist/node/chunks/{dep-8a000299.js → dep-57c89c81.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var index = require('./dep-5a245411.js');
3
+ var index = require('./dep-a7fb482c.js');
4
4
 
5
5
  function _mergeNamespaces(n, m) {
6
6
  for (var i = 0; i < m.length; i++) {