1
0
Fork 0
mirror of https://github.com/actions/setup-python.git synced 2024-11-22 06:26:25 +00:00

Update node-fetch from 2.6.6 to 2.6.7 (#327)

This commit is contained in:
Dmitry Shibanov 2022-02-01 14:17:23 +03:00 committed by GitHub
parent ba33a692f1
commit dc9de69ff3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 63 additions and 7 deletions

View file

@ -14,6 +14,10 @@ jobs:
name: Check licenses name: Check licenses
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Set Node.js 12.x
uses: actions/setup-node@v2
with:
node-version: 12.x
- run: npm ci - run: npm ci
- name: Install licensed - name: Install licensed
run: | run: |

Binary file not shown.

View file

@ -34585,9 +34585,17 @@ AbortError.prototype = Object.create(Error.prototype);
AbortError.prototype.constructor = AbortError; AbortError.prototype.constructor = AbortError;
AbortError.prototype.name = 'AbortError'; AbortError.prototype.name = 'AbortError';
const URL$1 = Url.URL || whatwgUrl.URL;
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10 // fix an issue where "PassThrough", "resolve" aren't a named export for node <10
const PassThrough$1 = Stream.PassThrough; const PassThrough$1 = Stream.PassThrough;
const resolve_url = Url.resolve;
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {
const orig = new URL$1(original).hostname;
const dest = new URL$1(destination).hostname;
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);
};
/** /**
* Fetch function * Fetch function
@ -34675,7 +34683,19 @@ function fetch(url, opts) {
const location = headers.get('Location'); const location = headers.get('Location');
// HTTP fetch step 5.3 // HTTP fetch step 5.3
const locationURL = location === null ? null : resolve_url(request.url, location); let locationURL = null;
try {
locationURL = location === null ? null : new URL$1(location, request.url).toString();
} catch (err) {
// error here can only be invalid URL in Location: header
// do not throw when options.redirect == manual
// let the user extract the errorneous redirect URL
if (request.redirect !== 'manual') {
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));
finalize();
return;
}
}
// HTTP fetch step 5.5 // HTTP fetch step 5.5
switch (request.redirect) { switch (request.redirect) {
@ -34723,6 +34743,12 @@ function fetch(url, opts) {
size: request.size size: request.size
}; };
if (!isDomainOrSubdomain(request.url, locationURL)) {
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
requestOpts.headers.delete(name);
}
}
// HTTP-redirect fetch step 9 // HTTP-redirect fetch step 9
if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) { if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {
reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect')); reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));

30
dist/setup/index.js vendored
View file

@ -37137,9 +37137,17 @@ AbortError.prototype = Object.create(Error.prototype);
AbortError.prototype.constructor = AbortError; AbortError.prototype.constructor = AbortError;
AbortError.prototype.name = 'AbortError'; AbortError.prototype.name = 'AbortError';
const URL$1 = Url.URL || whatwgUrl.URL;
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10 // fix an issue where "PassThrough", "resolve" aren't a named export for node <10
const PassThrough$1 = Stream.PassThrough; const PassThrough$1 = Stream.PassThrough;
const resolve_url = Url.resolve;
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {
const orig = new URL$1(original).hostname;
const dest = new URL$1(destination).hostname;
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);
};
/** /**
* Fetch function * Fetch function
@ -37227,7 +37235,19 @@ function fetch(url, opts) {
const location = headers.get('Location'); const location = headers.get('Location');
// HTTP fetch step 5.3 // HTTP fetch step 5.3
const locationURL = location === null ? null : resolve_url(request.url, location); let locationURL = null;
try {
locationURL = location === null ? null : new URL$1(location, request.url).toString();
} catch (err) {
// error here can only be invalid URL in Location: header
// do not throw when options.redirect == manual
// let the user extract the errorneous redirect URL
if (request.redirect !== 'manual') {
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));
finalize();
return;
}
}
// HTTP fetch step 5.5 // HTTP fetch step 5.5
switch (request.redirect) { switch (request.redirect) {
@ -37275,6 +37295,12 @@ function fetch(url, opts) {
size: request.size size: request.size
}; };
if (!isDomainOrSubdomain(request.url, locationURL)) {
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
requestOpts.headers.delete(name);
}
}
// HTTP-redirect fetch step 9 // HTTP-redirect fetch step 9
if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) { if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {
reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect')); reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));

6
package-lock.json generated
View file

@ -8137,9 +8137,9 @@
"dev": true "dev": true
}, },
"node-fetch": { "node-fetch": {
"version": "2.6.6", "version": "2.6.7",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.6.tgz", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
"integrity": "sha512-Z8/6vRlTUChSdIgMa51jxQ4lrw/Jy5SOW10ObaA47/RElsAN2c5Pn8bTgFGWn/ibwzXTE8qwr1Yzx28vsecXEA==", "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
"requires": { "requires": {
"whatwg-url": "^5.0.0" "whatwg-url": "^5.0.0"
}, },