update node_modules

2025-12-18 13:44:22 +01:00 · 2022-03-20 22:29:16 -07:00
parent c97bfff58e
commit ff7f8a6ab0
115 changed files with 5651 additions and 2419 deletions
--- a/node_modules/express/History.md
+++ b/node_modules/express/History.md
@@ -1,3 +1,51 @@
+4.17.3 / 2022-02-16
+===================
+
+  * deps: accepts@~1.3.8
+    - deps: mime-types@~2.1.34
+    - deps: negotiator@0.6.3
+  * deps: body-parser@1.19.2
+    - deps: bytes@3.1.2
+    - deps: qs@6.9.7
+    - deps: raw-body@2.4.3
+  * deps: cookie@0.4.2
+  * deps: qs@6.9.7
+    * Fix handling of `__proto__` keys
+  * pref: remove unnecessary regexp for trust proxy
+
+4.17.2 / 2021-12-16
+===================
+
+  * Fix handling of `undefined` in `res.jsonp`
+  * Fix handling of `undefined` when `"json escape"` is enabled
+  * Fix incorrect middleware execution with unanchored `RegExp`s
+  * Fix `res.jsonp(obj, status)` deprecation message
+  * Fix typo in `res.is` JSDoc
+  * deps: body-parser@1.19.1
+    - deps: bytes@3.1.1
+    - deps: http-errors@1.8.1
+    - deps: qs@6.9.6
+    - deps: raw-body@2.4.2
+    - deps: safe-buffer@5.2.1
+    - deps: type-is@~1.6.18
+  * deps: content-disposition@0.5.4
+    - deps: safe-buffer@5.2.1
+  * deps: cookie@0.4.1
+    - Fix `maxAge` option to reject invalid values
+  * deps: proxy-addr@~2.0.7
+    - Use `req.socket` over deprecated `req.connection`
+    - deps: forwarded@0.2.0
+    - deps: ipaddr.js@1.9.1
+  * deps: qs@6.9.6
+  * deps: safe-buffer@5.2.1
+  * deps: send@0.17.2
+    - deps: http-errors@1.8.1
+    - deps: ms@2.1.3
+    - pref: ignore empty http tokens
+  * deps: serve-static@1.14.2
+    - deps: send@0.17.2
+  * deps: setprototypeof@1.2.0
+
 4.17.1 / 2019-05-25
 ===================

--- a/node_modules/express/Readme.md
+++ b/node_modules/express/Readme.md
@@ -4,7 +4,7 @@

  [![NPM Version][npm-image]][npm-url]
  [![NPM Downloads][downloads-image]][downloads-url]
-  [![Linux Build][travis-image]][travis-url]
+  [![Linux Build][ci-image]][ci-url]
  [![Windows Build][appveyor-image]][appveyor-url]
  [![Test Coverage][coveralls-image]][coveralls-url]

@@ -27,6 +27,9 @@ This is a [Node.js](https://nodejs.org/en/) module available through the
 Before installing, [download and install Node.js](https://nodejs.org/en/download/).
 Node.js 0.10 or higher is required.

+If this is a brand new project, make sure to create a `package.json` first with
+the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file).
+
 Installation is done using the
 [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):

@@ -95,7 +98,7 @@ $ npm start
 ## Philosophy

  The Express philosophy is to provide small, robust tooling for HTTP servers, making
-  it a great solution for single page applications, web sites, hybrids, or public
+  it a great solution for single page applications, websites, hybrids, or public
  HTTP APIs.

  Express does not force you to use any specific ORM or template engine. With support for over
@@ -143,12 +146,12 @@ The current lead maintainer is [Douglas Christopher Wilson](https://github.com/d

  [MIT](LICENSE)

+[ci-image]: https://img.shields.io/github/workflow/status/expressjs/express/ci/master.svg?label=linux
+[ci-url]: https://github.com/expressjs/express/actions?query=workflow%3Aci
 [npm-image]: https://img.shields.io/npm/v/express.svg
 [npm-url]: https://npmjs.org/package/express
 [downloads-image]: https://img.shields.io/npm/dm/express.svg
-[downloads-url]: https://npmjs.org/package/express
-[travis-image]: https://img.shields.io/travis/expressjs/express/master.svg?label=linux
-[travis-url]: https://travis-ci.org/expressjs/express
+[downloads-url]: https://npmcharts.com/compare/express?minimal=true
 [appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows
 [appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
 [coveralls-image]: https://img.shields.io/coveralls/expressjs/express/master.svg
--- a/node_modules/express/lib/application.js
+++ b/node_modules/express/lib/application.js
@@ -276,7 +276,7 @@ app.route = function route(path) {
 * In this case EJS provides a `.renderFile()` method with
 * the same signature that Express expects: `(path, options, callback)`,
 * though note that it aliases this method as `ejs.__express` internally
- * so if you're using ".ejs" extensions you dont need to do anything.
+ * so if you're using ".ejs" extensions you don't need to do anything.
 *
 * Some template engines do not follow this convention, the
 * [Consolidate.js](https://github.com/tj/consolidate.js)
--- a/node_modules/express/lib/request.js
+++ b/node_modules/express/lib/request.js
@@ -251,7 +251,7 @@ req.param = function param(name, defaultValue) {

 /**
 * Check if the incoming request contains the "Content-Type"
- * header field, and it contains the give mime `type`.
+ * header field, and it contains the given mime `type`.
 *
 * Examples:
 *
--- a/node_modules/express/lib/response.js
+++ b/node_modules/express/lib/response.js
@@ -284,9 +284,9 @@ res.jsonp = function jsonp(obj) {

  // allow status / body
  if (arguments.length === 2) {
-    // res.json(body, status) backwards compat
+    // res.jsonp(body, status) backwards compat
    if (typeof arguments[1] === 'number') {
-      deprecate('res.jsonp(obj, status): Use res.status(status).json(obj) instead');
+      deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead');
      this.statusCode = arguments[1];
    } else {
      deprecate('res.jsonp(status, obj): Use res.status(status).jsonp(obj) instead');
@@ -322,10 +322,15 @@ res.jsonp = function jsonp(obj) {
    // restrict callback charset
    callback = callback.replace(/[^\[\]\w$.]/g, '');

-    // replace chars not allowed in JavaScript that are in JSON
-    body = body
-      .replace(/\u2028/g, '\\u2028')
-      .replace(/\u2029/g, '\\u2029');
+    if (body === undefined) {
+      // empty argument
+      body = ''
+    } else if (typeof body === 'string') {
+      // replace chars not allowed in JavaScript that are in JSON
+      body = body
+        .replace(/\u2028/g, '\\u2028')
+        .replace(/\u2029/g, '\\u2029')
+    }

    // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
    // the typeof check is just to reduce client error noise
@@ -364,7 +369,7 @@ res.sendStatus = function sendStatus(statusCode) {
 *
 * Automatically sets the _Content-Type_ response header field.
 * The callback `callback(err)` is invoked when the transfer is complete
- * or when an error occurs. Be sure to check `res.sentHeader`
+ * or when an error occurs. Be sure to check `res.headersSent`
 * if you wish to attempt responding, as the header and some data
 * may have already been transferred.
 *
@@ -446,7 +451,7 @@ res.sendFile = function sendFile(path, options, callback) {
 *
 * Automatically sets the _Content-Type_ response header field.
 * The callback `callback(err)` is invoked when the transfer is complete
- * or when an error occurs. Be sure to check `res.sentHeader`
+ * or when an error occurs. Be sure to check `res.headersSent`
 * if you wish to attempt responding, as the header and some data
 * may have already been transferred.
 *
@@ -519,7 +524,7 @@ res.sendfile = deprecate.function(res.sendfile,
 * Optionally providing an alternate attachment `filename`,
 * and optional callback `callback(err)`. The callback is invoked
 * when the data transfer is complete, or when an error has
- * ocurred. Be sure to check `res.headersSent` if you plan to respond.
+ * occurred. Be sure to check `res.headersSent` if you plan to respond.
 *
 * Optionally providing an `options` object to use with `res.sendFile()`.
 * This function will set the `Content-Disposition` header, overriding
@@ -623,7 +628,7 @@ res.type = function contentType(type) {
 *        res.send('<p>hey</p>');
 *      },
 *
- *      'appliation/json': function(){
+ *      'application/json': function () {
 *        res.send({ message: 'hey' });
 *      }
 *    });
@@ -726,7 +731,7 @@ res.append = function append(field, val) {
    // concat the new and prev vals
    value = Array.isArray(prev) ? prev.concat(val)
      : Array.isArray(val) ? [prev].concat(val)
-      : [prev, val];
+        : [prev, val]
  }

  return this.set(field, value);
@@ -1122,7 +1127,7 @@ function stringify (value, replacer, spaces, escape) {
    ? JSON.stringify(value, replacer, spaces)
    : JSON.stringify(value);

-  if (escape) {
+  if (escape && typeof json === 'string') {
    json = json.replace(/[<>&]/g, function (c) {
      switch (c.charCodeAt(0)) {
        case 0x3c:
--- a/node_modules/express/lib/router/index.js
+++ b/node_modules/express/lib/router/index.js
@@ -287,6 +287,12 @@ proto.handle = function handle(req, res, out) {

  function trim_prefix(layer, layerError, layerPath, path) {
    if (layerPath.length !== 0) {
+      // Validate path is a prefix match
+      if (layerPath !== path.substr(0, layerPath.length)) {
+        next(layerError)
+        return
+      }
+
      // Validate path breaks on a path separator
      var c = path[layerPath.length]
      if (c && c !== '/' && c !== '.') return next(layerError)
--- a/node_modules/express/lib/utils.js
+++ b/node_modules/express/lib/utils.js
@@ -157,6 +157,7 @@ exports.compileETag = function(val) {

  switch (val) {
    case true:
+    case 'weak':
      fn = exports.wetag;
      break;
    case false:
@@ -164,9 +165,6 @@ exports.compileETag = function(val) {
    case 'strong':
      fn = exports.etag;
      break;
-    case 'weak':
-      fn = exports.wetag;
-      break;
    default:
      throw new TypeError('unknown value for etag function: ' + val);
  }
@@ -191,6 +189,7 @@ exports.compileQueryParser = function compileQueryParser(val) {

  switch (val) {
    case true:
+    case 'simple':
      fn = querystring.parse;
      break;
    case false:
@@ -199,9 +198,6 @@ exports.compileQueryParser = function compileQueryParser(val) {
    case 'extended':
      fn = parseExtendedQueryString;
      break;
-    case 'simple':
-      fn = querystring.parse;
-      break;
    default:
      throw new TypeError('unknown value for query parser function: ' + val);
  }
@@ -232,7 +228,8 @@ exports.compileTrust = function(val) {

  if (typeof val === 'string') {
    // Support comma-separated values
-    val = val.split(/ *, */);
+    val = val.split(',')
+      .map(function (v) { return v.trim() })
  }

  return proxyaddr.compile(val || []);
--- a/node_modules/express/package.json
+++ b/node_modules/express/package.json
@@ -1,7 +1,7 @@
 {
  "name": "express",
  "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.17.1",
+  "version": "4.17.3",
  "author": "TJ Holowaychuk <tj@vision-media.ca>",
  "contributors": [
    "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -20,6 +20,7 @@
    "framework",
    "sinatra",
    "web",
+    "http",
    "rest",
    "restful",
    "router",
@@ -27,12 +28,12 @@
    "api"
  ],
  "dependencies": {
-    "accepts": "~1.3.7",
+    "accepts": "~1.3.8",
    "array-flatten": "1.1.1",
-    "body-parser": "1.19.0",
-    "content-disposition": "0.5.3",
+    "body-parser": "1.19.2",
+    "content-disposition": "0.5.4",
    "content-type": "~1.0.4",
-    "cookie": "0.4.0",
+    "cookie": "0.4.2",
    "cookie-signature": "1.0.6",
    "debug": "2.6.9",
    "depd": "~1.1.2",
@@ -46,13 +47,13 @@
    "on-finished": "~2.3.0",
    "parseurl": "~1.3.3",
    "path-to-regexp": "0.1.7",
-    "proxy-addr": "~2.0.5",
-    "qs": "6.7.0",
+    "proxy-addr": "~2.0.7",
+    "qs": "6.9.7",
    "range-parser": "~1.2.1",
-    "safe-buffer": "5.1.2",
-    "send": "0.17.1",
-    "serve-static": "1.14.1",
-    "setprototypeof": "1.1.1",
+    "safe-buffer": "5.2.1",
+    "send": "0.17.2",
+    "serve-static": "1.14.2",
+    "setprototypeof": "1.2.0",
    "statuses": "~1.5.0",
    "type-is": "~1.6.18",
    "utils-merge": "1.0.1",
@@ -60,22 +61,23 @@
  },
  "devDependencies": {
    "after": "0.8.2",
-    "connect-redis": "3.4.1",
-    "cookie-parser": "~1.4.4",
-    "cookie-session": "1.3.3",
-    "ejs": "2.6.1",
-    "eslint": "2.13.1",
-    "express-session": "1.16.1",
-    "hbs": "4.0.4",
-    "istanbul": "0.4.5",
-    "marked": "0.6.2",
+    "connect-redis": "3.4.2",
+    "cookie-parser": "1.4.6",
+    "cookie-session": "2.0.0",
+    "ejs": "3.1.6",
+    "eslint": "7.32.0",
+    "express-session": "1.17.2",
+    "hbs": "4.2.0",
+    "marked": "0.7.0",
    "method-override": "3.0.0",
-    "mocha": "5.2.0",
-    "morgan": "1.9.1",
-    "multiparty": "4.2.1",
+    "mocha": "9.2.0",
+    "morgan": "1.10.0",
+    "multiparty": "4.2.3",
+    "nyc": "15.1.0",
    "pbkdf2-password": "1.2.1",
+    "resolve-path": "1.4.0",
    "should": "13.2.3",
-    "supertest": "3.3.0",
+    "supertest": "6.2.2",
    "vhost": "~3.0.2"
  },
  "engines": {
@@ -91,8 +93,8 @@
  "scripts": {
    "lint": "eslint .",
    "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
-    "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
    "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
  }
 }