diff --git a/dist/index.js b/dist/index.js index 6a0d9a1..6e4e6f3 100644 --- a/dist/index.js +++ b/dist/index.js @@ -39887,21 +39887,21 @@ const isFile = kindOfTest('File'); * also have a `name` and `type` attribute to specify filename and content type * * @see https://github.com/facebook/react-native/blob/26684cf3adf4094eb6c405d345a75bf8c7c0bf88/Libraries/Network/FormData.js#L68-L71 - * + * * @param {*} value The value to test - * + * * @returns {boolean} True if value is a React Native Blob, otherwise false */ const isReactNativeBlob = (value) => { return !!(value && typeof value.uri !== 'undefined'); -} +}; /** * Determine if environment is React Native * ReactNative `FormData` has a non-standard `getParts()` method - * + * * @param {*} formData The formData to test - * + * * @returns {boolean} True if environment is React Native, otherwise false */ const isReactNative = (formData) => formData && typeof formData.getParts !== 'undefined'; @@ -39920,7 +39920,7 @@ const utils_isBlob = kindOfTest('Blob'); * * @param {*} val The value to test * - * @returns {boolean} True if value is a File, otherwise false + * @returns {boolean} True if value is a FileList, otherwise false */ const isFileList = kindOfTest('FileList'); @@ -39952,15 +39952,17 @@ const G = getGlobal(); const FormDataCtor = typeof G.FormData !== 'undefined' ? G.FormData : undefined; const isFormData = (thing) => { - let kind; - return thing && ( - (FormDataCtor && thing instanceof FormDataCtor) || ( - isFunction(thing.append) && ( - (kind = kindOf(thing)) === 'formdata' || - // detect form-data instance - (kind === 'object' && isFunction(thing.toString) && thing.toString() === '[object FormData]') - ) - ) + if (!thing) return false; + if (FormDataCtor && thing instanceof FormDataCtor) return true; + // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData. + const proto = getPrototypeOf(thing); + if (!proto || proto === Object.prototype) return false; + if (!isFunction(thing.append)) return false; + const kind = kindOf(thing); + return ( + kind === 'formdata' || + // detect form-data instance + (kind === 'object' && isFunction(thing.toString) && thing.toString() === '[object FormData]') ); }; @@ -40096,7 +40098,7 @@ const isContextDefined = (context) => !isUndefined(context) && context !== _glob * * @returns {Object} Result of all merge properties */ -function merge(/* obj1, obj2, obj3, ... */) { +function merge(...objs) { const { caseless, skipUndefined } = (isContextDefined(this) && this) || {}; const result = {}; const assignValue = (val, key) => { @@ -40106,8 +40108,12 @@ function merge(/* obj1, obj2, obj3, ... */) { } const targetKey = (caseless && findKey(result, key)) || key; - if (isPlainObject(result[targetKey]) && isPlainObject(val)) { - result[targetKey] = merge(result[targetKey], val); + // Read via own-prop only — a bare `result[targetKey]` walks the prototype + // chain, so a polluted Object.prototype value could surface here and get + // copied into the merged result. + const existing = utils_hasOwnProperty(result, targetKey) ? result[targetKey] : undefined; + if (isPlainObject(existing) && isPlainObject(val)) { + result[targetKey] = merge(existing, val); } else if (isPlainObject(val)) { result[targetKey] = merge({}, val); } else if (isArray(val)) { @@ -40117,8 +40123,8 @@ function merge(/* obj1, obj2, obj3, ... */) { } }; - for (let i = 0, l = arguments.length; i < l; i++) { - arguments[i] && forEach(arguments[i], assignValue); + for (let i = 0, l = objs.length; i < l; i++) { + objs[i] && forEach(objs[i], assignValue); } return result; } @@ -40140,6 +40146,9 @@ const extend = (a, b, thisArg, { allOwnKeys } = {}) => { (val, key) => { if (thisArg && isFunction(val)) { Object.defineProperty(a, key, { + // Null-proto descriptor so a polluted Object.prototype.get cannot + // hijack defineProperty's accessor-vs-data resolution. + __proto__: null, value: bind(val, thisArg), writable: true, enumerable: true, @@ -40147,6 +40156,7 @@ const extend = (a, b, thisArg, { allOwnKeys } = {}) => { }); } else { Object.defineProperty(a, key, { + __proto__: null, value: val, writable: true, enumerable: true, @@ -40185,12 +40195,14 @@ const stripBOM = (content) => { const inherits = (constructor, superConstructor, props, descriptors) => { constructor.prototype = Object.create(superConstructor.prototype, descriptors); Object.defineProperty(constructor.prototype, 'constructor', { + __proto__: null, value: constructor, writable: true, enumerable: false, configurable: true, }); Object.defineProperty(constructor, 'super', { + __proto__: null, value: superConstructor.prototype, }); props && Object.assign(constructor.prototype, props); @@ -40372,7 +40384,7 @@ const reduceDescriptors = (obj, reducer) => { const freezeMethods = (obj) => { reduceDescriptors(obj, (descriptor, name) => { // skip restricted props in strict mode - if (isFunction(obj) && ['arguments', 'caller', 'callee'].indexOf(name) !== -1) { + if (isFunction(obj) && ['arguments', 'caller', 'callee'].includes(name)) { return false; } @@ -40613,1412 +40625,1514 @@ const isIterable = (thing) => thing != null && isFunction(thing[iterator]); isIterable, }); -;// CONCATENATED MODULE: ./node_modules/axios/lib/core/AxiosError.js +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/parseHeaders.js -class AxiosError extends Error { - static from(error, code, config, request, response, customProps) { - const axiosError = new AxiosError(error.message, code || error.code, config, request, response); - axiosError.cause = error; - axiosError.name = error.name; +// RawAxiosHeaders whose duplicates are ignored by node +// c.f. https://nodejs.org/api/http.html#http_message_headers +const ignoreDuplicateOf = utils.toObjectSet([ + 'age', + 'authorization', + 'content-length', + 'content-type', + 'etag', + 'expires', + 'from', + 'host', + 'if-modified-since', + 'if-unmodified-since', + 'last-modified', + 'location', + 'max-forwards', + 'proxy-authorization', + 'referer', + 'retry-after', + 'user-agent', +]); - // Preserve status from the original error if not already set from response - if (error.status != null && axiosError.status == null) { - axiosError.status = error.status; - } +/** + * Parse headers into an object + * + * ``` + * Date: Wed, 27 Aug 2014 08:58:49 GMT + * Content-Type: application/json + * Connection: keep-alive + * Transfer-Encoding: chunked + * ``` + * + * @param {String} rawHeaders Headers needing to be parsed + * + * @returns {Object} Headers parsed into an object + */ +/* harmony default export */ const parseHeaders = ((rawHeaders) => { + const parsed = {}; + let key; + let val; + let i; - customProps && Object.assign(axiosError, customProps); - return axiosError; - } + rawHeaders && + rawHeaders.split('\n').forEach(function parser(line) { + i = line.indexOf(':'); + key = line.substring(0, i).trim().toLowerCase(); + val = line.substring(i + 1).trim(); - /** - * Create an Error with the specified message, config, error code, request and response. - * - * @param {string} message The error message. - * @param {string} [code] The error code (for example, 'ECONNABORTED'). - * @param {Object} [config] The config. - * @param {Object} [request] The request. - * @param {Object} [response] The response. - * - * @returns {Error} The created error. - */ - constructor(message, code, config, request, response) { - super(message); - - // Make message enumerable to maintain backward compatibility - // The native Error constructor sets message as non-enumerable, - // but axios < v1.13.3 had it as enumerable - Object.defineProperty(this, 'message', { - value: message, - enumerable: true, - writable: true, - configurable: true - }); - - this.name = 'AxiosError'; - this.isAxiosError = true; - code && (this.code = code); - config && (this.config = config); - request && (this.request = request); - if (response) { - this.response = response; - this.status = response.status; + if (!key || (parsed[key] && ignoreDuplicateOf[key])) { + return; } - } - toJSON() { - return { - // Standard - message: this.message, - name: this.name, - // Microsoft - description: this.description, - number: this.number, - // Mozilla - fileName: this.fileName, - lineNumber: this.lineNumber, - columnNumber: this.columnNumber, - stack: this.stack, - // Axios - config: utils.toJSONObject(this.config), - code: this.code, - status: this.status, - }; - } -} + if (key === 'set-cookie') { + if (parsed[key]) { + parsed[key].push(val); + } else { + parsed[key] = [val]; + } + } else { + parsed[key] = parsed[key] ? parsed[key] + ', ' + val : val; + } + }); -// This can be changed to static properties as soon as the parser options in .eslint.cjs are updated. -AxiosError.ERR_BAD_OPTION_VALUE = 'ERR_BAD_OPTION_VALUE'; -AxiosError.ERR_BAD_OPTION = 'ERR_BAD_OPTION'; -AxiosError.ECONNABORTED = 'ECONNABORTED'; -AxiosError.ETIMEDOUT = 'ETIMEDOUT'; -AxiosError.ERR_NETWORK = 'ERR_NETWORK'; -AxiosError.ERR_FR_TOO_MANY_REDIRECTS = 'ERR_FR_TOO_MANY_REDIRECTS'; -AxiosError.ERR_DEPRECATED = 'ERR_DEPRECATED'; -AxiosError.ERR_BAD_RESPONSE = 'ERR_BAD_RESPONSE'; -AxiosError.ERR_BAD_REQUEST = 'ERR_BAD_REQUEST'; -AxiosError.ERR_CANCELED = 'ERR_CANCELED'; -AxiosError.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT'; -AxiosError.ERR_INVALID_URL = 'ERR_INVALID_URL'; + return parsed; +}); -/* harmony default export */ const core_AxiosError = (AxiosError); +;// CONCATENATED MODULE: ./node_modules/axios/lib/core/AxiosHeaders.js -// EXTERNAL MODULE: ./node_modules/form-data/lib/form_data.js -var form_data = __nccwpck_require__(6454); -;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/classes/FormData.js -/* harmony default export */ const classes_FormData = (form_data); -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/toFormData.js +const $internals = Symbol('internals'); +const INVALID_HEADER_VALUE_CHARS_RE = /[^\x09\x20-\x7E\x80-\xFF]/g; +function trimSPorHTAB(str) { + let start = 0; + let end = str.length; -// temporary hotfix to avoid circular references until AxiosURLSearchParams is refactored + while (start < end) { + const code = str.charCodeAt(start); + if (code !== 0x09 && code !== 0x20) { + break; + } -/** - * Determines if the given thing is a array or js object. - * - * @param {string} thing - The object or array to be visited. - * - * @returns {boolean} - */ -function isVisitable(thing) { - return utils.isPlainObject(thing) || utils.isArray(thing); -} + start += 1; + } -/** - * It removes the brackets from the end of a string - * - * @param {string} key - The key of the parameter. - * - * @returns {string} the key without the brackets. - */ -function removeBrackets(key) { - return utils.endsWith(key, '[]') ? key.slice(0, -2) : key; + while (end > start) { + const code = str.charCodeAt(end - 1); + + if (code !== 0x09 && code !== 0x20) { + break; + } + + end -= 1; + } + + return start === 0 && end === str.length ? str : str.slice(start, end); } -/** - * It takes a path, a key, and a boolean, and returns a string - * - * @param {string} path - The path to the current key. - * @param {string} key - The key of the current object being iterated over. - * @param {string} dots - If true, the key will be rendered with dots instead of brackets. - * - * @returns {string} The path to the current key. - */ -function renderKey(path, key, dots) { - if (!path) return key; - return path - .concat(key) - .map(function each(token, i) { - // eslint-disable-next-line no-param-reassign - token = removeBrackets(token); - return !dots && i ? '[' + token + ']' : token; - }) - .join(dots ? '.' : ''); +function normalizeHeader(header) { + return header && String(header).trim().toLowerCase(); } -/** - * If the array is an array and none of its elements are visitable, then it's a flat array. - * - * @param {Array} arr - The array to check - * - * @returns {boolean} - */ -function isFlatArray(arr) { - return utils.isArray(arr) && !arr.some(isVisitable); +function sanitizeHeaderValue(str) { + return trimSPorHTAB(str.replace(INVALID_HEADER_VALUE_CHARS_RE, '')); } -const predicates = utils.toFlatObject(utils, {}, null, function filter(prop) { - return /^is[A-Z]/.test(prop); -}); +function normalizeValue(value) { + if (value === false || value == null) { + return value; + } -/** - * Convert a data object to FormData - * - * @param {Object} obj - * @param {?Object} [formData] - * @param {?Object} [options] - * @param {Function} [options.visitor] - * @param {Boolean} [options.metaTokens = true] - * @param {Boolean} [options.dots = false] - * @param {?Boolean} [options.indexes = false] - * - * @returns {Object} - **/ + return utils.isArray(value) ? value.map(normalizeValue) : sanitizeHeaderValue(String(value)); +} -/** - * It converts an object into a FormData object - * - * @param {Object} obj - The object to convert to form data. - * @param {string} formData - The FormData object to append to. - * @param {Object} options - * - * @returns - */ -function toFormData(obj, formData, options) { - if (!utils.isObject(obj)) { - throw new TypeError('target must be an object'); +function parseTokens(str) { + const tokens = Object.create(null); + const tokensRE = /([^\s,;=]+)\s*(?:=\s*([^,;]+))?/g; + let match; + + while ((match = tokensRE.exec(str))) { + tokens[match[1]] = match[2]; } - // eslint-disable-next-line no-param-reassign - formData = formData || new (classes_FormData || FormData)(); + return tokens; +} - // eslint-disable-next-line no-param-reassign - options = utils.toFlatObject( - options, - { - metaTokens: true, - dots: false, - indexes: false, - }, - false, - function defined(option, source) { - // eslint-disable-next-line no-eq-null,eqeqeq - return !utils.isUndefined(source[option]); - } - ); +const isValidHeaderName = (str) => /^[-_a-zA-Z0-9^`|~,!#$%&'*+.]+$/.test(str.trim()); - const metaTokens = options.metaTokens; - // eslint-disable-next-line no-use-before-define - const visitor = options.visitor || defaultVisitor; - const dots = options.dots; - const indexes = options.indexes; - const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob); - const useBlob = _Blob && utils.isSpecCompliantForm(formData); +function matchHeaderValue(context, value, header, filter, isHeaderNameFilter) { + if (utils.isFunction(filter)) { + return filter.call(this, value, header); + } - if (!utils.isFunction(visitor)) { - throw new TypeError('visitor must be a function'); + if (isHeaderNameFilter) { + value = header; } - function convertValue(value) { - if (value === null) return ''; + if (!utils.isString(value)) return; - if (utils.isDate(value)) { - return value.toISOString(); - } + if (utils.isString(filter)) { + return value.indexOf(filter) !== -1; + } - if (utils.isBoolean(value)) { - return value.toString(); - } + if (utils.isRegExp(filter)) { + return filter.test(value); + } +} - if (!useBlob && utils.isBlob(value)) { - throw new core_AxiosError('Blob is not supported. Use a Buffer instead.'); - } +function formatHeader(header) { + return header + .trim() + .toLowerCase() + .replace(/([a-z\d])(\w*)/g, (w, char, str) => { + return char.toUpperCase() + str; + }); +} - if (utils.isArrayBuffer(value) || utils.isTypedArray(value)) { - return useBlob && typeof Blob === 'function' ? new Blob([value]) : Buffer.from(value); - } +function buildAccessors(obj, header) { + const accessorName = utils.toCamelCase(' ' + header); - return value; + ['get', 'set', 'has'].forEach((methodName) => { + Object.defineProperty(obj, methodName + accessorName, { + // Null-proto descriptor so a polluted Object.prototype.get cannot turn + // this data descriptor into an accessor descriptor on the way in. + __proto__: null, + value: function (arg1, arg2, arg3) { + return this[methodName].call(this, header, arg1, arg2, arg3); + }, + configurable: true, + }); + }); +} + +class AxiosHeaders { + constructor(headers) { + headers && this.set(headers); } - /** - * Default visitor. - * - * @param {*} value - * @param {String|Number} key - * @param {Array} path - * @this {FormData} - * - * @returns {boolean} return true to visit the each prop of the value recursively - */ - function defaultVisitor(value, key, path) { - let arr = value; + set(header, valueOrRewrite, rewrite) { + const self = this; - if (utils.isReactNative(formData) && utils.isReactNativeBlob(value)) { - formData.append(renderKey(path, key, dots), convertValue(value)); - return false; - } + function setHeader(_value, _header, _rewrite) { + const lHeader = normalizeHeader(_header); - if (value && !path && typeof value === 'object') { - if (utils.endsWith(key, '{}')) { - // eslint-disable-next-line no-param-reassign - key = metaTokens ? key : key.slice(0, -2); - // eslint-disable-next-line no-param-reassign - value = JSON.stringify(value); - } else if ( - (utils.isArray(value) && isFlatArray(value)) || - ((utils.isFileList(value) || utils.endsWith(key, '[]')) && (arr = utils.toArray(value))) - ) { - // eslint-disable-next-line no-param-reassign - key = removeBrackets(key); + if (!lHeader) { + throw new Error('header name must be a non-empty string'); + } - arr.forEach(function each(el, index) { - !(utils.isUndefined(el) || el === null) && - formData.append( - // eslint-disable-next-line no-nested-ternary - indexes === true - ? renderKey([key], index, dots) - : indexes === null - ? key - : key + '[]', - convertValue(el) - ); - }); - return false; + const key = utils.findKey(self, lHeader); + + if ( + !key || + self[key] === undefined || + _rewrite === true || + (_rewrite === undefined && self[key] !== false) + ) { + self[key || _header] = normalizeValue(_value); } } - if (isVisitable(value)) { - return true; - } + const setHeaders = (headers, _rewrite) => + utils.forEach(headers, (_value, _header) => setHeader(_value, _header, _rewrite)); - formData.append(renderKey(path, key, dots), convertValue(value)); + if (utils.isPlainObject(header) || header instanceof this.constructor) { + setHeaders(header, valueOrRewrite); + } else if (utils.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) { + setHeaders(parseHeaders(header), valueOrRewrite); + } else if (utils.isObject(header) && utils.isIterable(header)) { + let obj = {}, + dest, + key; + for (const entry of header) { + if (!utils.isArray(entry)) { + throw TypeError('Object iterator must return a key-value pair'); + } - return false; - } + obj[(key = entry[0])] = (dest = obj[key]) + ? utils.isArray(dest) + ? [...dest, entry[1]] + : [dest, entry[1]] + : entry[1]; + } - const stack = []; + setHeaders(obj, valueOrRewrite); + } else { + header != null && setHeader(valueOrRewrite, header, rewrite); + } - const exposedHelpers = Object.assign(predicates, { - defaultVisitor, - convertValue, - isVisitable, - }); + return this; + } - function build(value, path) { - if (utils.isUndefined(value)) return; + get(header, parser) { + header = normalizeHeader(header); - if (stack.indexOf(value) !== -1) { - throw Error('Circular reference detected in ' + path.join('.')); - } + if (header) { + const key = utils.findKey(this, header); - stack.push(value); + if (key) { + const value = this[key]; - utils.forEach(value, function each(el, key) { - const result = - !(utils.isUndefined(el) || el === null) && - visitor.call(formData, el, utils.isString(key) ? key.trim() : key, path, exposedHelpers); + if (!parser) { + return value; + } - if (result === true) { - build(el, path ? path.concat(key) : [key]); - } - }); + if (parser === true) { + return parseTokens(value); + } - stack.pop(); - } + if (utils.isFunction(parser)) { + return parser.call(this, value, key); + } - if (!utils.isObject(obj)) { - throw new TypeError('data must be an object'); + if (utils.isRegExp(parser)) { + return parser.exec(value); + } + + throw new TypeError('parser must be boolean|regexp|function'); + } + } } - build(obj); + has(header, matcher) { + header = normalizeHeader(header); - return formData; -} + if (header) { + const key = utils.findKey(this, header); -/* harmony default export */ const helpers_toFormData = (toFormData); + return !!( + key && + this[key] !== undefined && + (!matcher || matchHeaderValue(this, this[key], key, matcher)) + ); + } -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/AxiosURLSearchParams.js + return false; + } + delete(header, matcher) { + const self = this; + let deleted = false; + function deleteHeader(_header) { + _header = normalizeHeader(_header); + if (_header) { + const key = utils.findKey(self, _header); -/** - * It encodes a string by replacing all characters that are not in the unreserved set with - * their percent-encoded equivalents - * - * @param {string} str - The string to encode. - * - * @returns {string} The encoded string. - */ -function encode(str) { - const charMap = { - '!': '%21', - "'": '%27', - '(': '%28', - ')': '%29', - '~': '%7E', - '%20': '+', - '%00': '\x00', - }; - return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) { - return charMap[match]; - }); -} + if (key && (!matcher || matchHeaderValue(self, self[key], key, matcher))) { + delete self[key]; -/** - * It takes a params object and converts it to a FormData object - * - * @param {Object} params - The parameters to be converted to a FormData object. - * @param {Object} options - The options object passed to the Axios constructor. - * - * @returns {void} - */ -function AxiosURLSearchParams(params, options) { - this._pairs = []; + deleted = true; + } + } + } - params && helpers_toFormData(params, this, options); -} + if (utils.isArray(header)) { + header.forEach(deleteHeader); + } else { + deleteHeader(header); + } -const AxiosURLSearchParams_prototype = AxiosURLSearchParams.prototype; + return deleted; + } -AxiosURLSearchParams_prototype.append = function append(name, value) { - this._pairs.push([name, value]); -}; + clear(matcher) { + const keys = Object.keys(this); + let i = keys.length; + let deleted = false; -AxiosURLSearchParams_prototype.toString = function toString(encoder) { - const _encode = encoder - ? function (value) { - return encoder.call(this, value, encode); + while (i--) { + const key = keys[i]; + if (!matcher || matchHeaderValue(this, this[key], key, matcher, true)) { + delete this[key]; + deleted = true; } - : encode; + } - return this._pairs - .map(function each(pair) { - return _encode(pair[0]) + '=' + _encode(pair[1]); - }, '') - .join('&'); -}; + return deleted; + } -/* harmony default export */ const helpers_AxiosURLSearchParams = (AxiosURLSearchParams); + normalize(format) { + const self = this; + const headers = {}; -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/buildURL.js + utils.forEach(this, (value, header) => { + const key = utils.findKey(headers, header); + if (key) { + self[key] = normalizeValue(value); + delete self[header]; + return; + } + const normalized = format ? formatHeader(header) : String(header).trim(); + if (normalized !== header) { + delete self[header]; + } + self[normalized] = normalizeValue(value); -/** - * It replaces URL-encoded forms of `:`, `$`, `,`, and spaces with - * their plain counterparts (`:`, `$`, `,`, `+`). - * - * @param {string} val The value to be encoded. - * - * @returns {string} The encoded value. - */ -function buildURL_encode(val) { - return encodeURIComponent(val) - .replace(/%3A/gi, ':') - .replace(/%24/g, '$') - .replace(/%2C/gi, ',') - .replace(/%20/g, '+'); -} + headers[normalized] = true; + }); -/** - * Build a URL by appending params to the end - * - * @param {string} url The base of the url (e.g., http://www.google.com) - * @param {object} [params] The params to be appended - * @param {?(object|Function)} options - * - * @returns {string} The formatted url - */ -function buildURL(url, params, options) { - if (!params) { - return url; + return this; } - const _encode = (options && options.encode) || buildURL_encode; - - const _options = utils.isFunction(options) - ? { - serialize: options, - } - : options; + concat(...targets) { + return this.constructor.concat(this, ...targets); + } - const serializeFn = _options && _options.serialize; + toJSON(asStrings) { + const obj = Object.create(null); - let serializedParams; + utils.forEach(this, (value, header) => { + value != null && + value !== false && + (obj[header] = asStrings && utils.isArray(value) ? value.join(', ') : value); + }); - if (serializeFn) { - serializedParams = serializeFn(params, _options); - } else { - serializedParams = utils.isURLSearchParams(params) - ? params.toString() - : new helpers_AxiosURLSearchParams(params, _options).toString(_encode); + return obj; } - if (serializedParams) { - const hashmarkIndex = url.indexOf('#'); + [Symbol.iterator]() { + return Object.entries(this.toJSON())[Symbol.iterator](); + } - if (hashmarkIndex !== -1) { - url = url.slice(0, hashmarkIndex); - } - url += (url.indexOf('?') === -1 ? '?' : '&') + serializedParams; + toString() { + return Object.entries(this.toJSON()) + .map(([header, value]) => header + ': ' + value) + .join('\n'); } - return url; -} + getSetCookie() { + return this.get('set-cookie') || []; + } -;// CONCATENATED MODULE: ./node_modules/axios/lib/core/InterceptorManager.js + get [Symbol.toStringTag]() { + return 'AxiosHeaders'; + } + static from(thing) { + return thing instanceof this ? thing : new this(thing); + } + static concat(first, ...targets) { + const computed = new this(first); + targets.forEach((target) => computed.set(target)); -class InterceptorManager { - constructor() { - this.handlers = []; + return computed; } - /** - * Add a new interceptor to the stack - * - * @param {Function} fulfilled The function to handle `then` for a `Promise` - * @param {Function} rejected The function to handle `reject` for a `Promise` - * @param {Object} options The options for the interceptor, synchronous and runWhen - * - * @return {Number} An ID used to remove interceptor later - */ - use(fulfilled, rejected, options) { - this.handlers.push({ - fulfilled, - rejected, - synchronous: options ? options.synchronous : false, - runWhen: options ? options.runWhen : null, - }); - return this.handlers.length - 1; - } + static accessor(header) { + const internals = + (this[$internals] = + this[$internals] = + { + accessors: {}, + }); - /** - * Remove an interceptor from the stack - * - * @param {Number} id The ID that was returned by `use` - * - * @returns {void} - */ - eject(id) { - if (this.handlers[id]) { - this.handlers[id] = null; - } - } + const accessors = internals.accessors; + const prototype = this.prototype; - /** - * Clear all interceptors from the stack - * - * @returns {void} - */ - clear() { - if (this.handlers) { - this.handlers = []; - } - } + function defineAccessor(_header) { + const lHeader = normalizeHeader(_header); - /** - * Iterate over all the registered interceptors - * - * This method is particularly useful for skipping over any - * interceptors that may have become `null` calling `eject`. - * - * @param {Function} fn The function to call for each interceptor - * - * @returns {void} - */ - forEach(fn) { - utils.forEach(this.handlers, function forEachHandler(h) { - if (h !== null) { - fn(h); + if (!accessors[lHeader]) { + buildAccessors(prototype, _header); + accessors[lHeader] = true; } - }); - } -} + } -/* harmony default export */ const core_InterceptorManager = (InterceptorManager); + utils.isArray(header) ? header.forEach(defineAccessor) : defineAccessor(header); -;// CONCATENATED MODULE: ./node_modules/axios/lib/defaults/transitional.js + return this; + } +} +AxiosHeaders.accessor([ + 'Content-Type', + 'Content-Length', + 'Accept', + 'Accept-Encoding', + 'User-Agent', + 'Authorization', +]); -/* harmony default export */ const defaults_transitional = ({ - silentJSONParsing: true, - forcedJSONParsing: true, - clarifyTimeoutError: false, - legacyInterceptorReqResOrdering: true, +// reserved names hotfix +utils.reduceDescriptors(AxiosHeaders.prototype, ({ value }, key) => { + let mapped = key[0].toUpperCase() + key.slice(1); // map `set` => `Set` + return { + get: () => value, + set(headerValue) { + this[mapped] = headerValue; + }, + }; }); -// EXTERNAL MODULE: external "crypto" -var external_crypto_ = __nccwpck_require__(6982); -// EXTERNAL MODULE: external "url" -var external_url_ = __nccwpck_require__(7016); -;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/classes/URLSearchParams.js +utils.freezeMethods(AxiosHeaders); +/* harmony default export */ const core_AxiosHeaders = (AxiosHeaders); +;// CONCATENATED MODULE: ./node_modules/axios/lib/core/AxiosError.js -/* harmony default export */ const classes_URLSearchParams = (external_url_.URLSearchParams); -;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/index.js +const REDACTED = '[REDACTED ****]'; -const ALPHA = 'abcdefghijklmnopqrstuvwxyz'; +function hasOwnOrPrototypeToJSON(source) { + if (utils.hasOwnProp(source, 'toJSON')) { + return true; + } -const DIGIT = '0123456789'; + let prototype = Object.getPrototypeOf(source); -const ALPHABET = { - DIGIT, - ALPHA, - ALPHA_DIGIT: ALPHA + ALPHA.toUpperCase() + DIGIT, -}; + while (prototype && prototype !== Object.prototype) { + if (utils.hasOwnProp(prototype, 'toJSON')) { + return true; + } -const generateString = (size = 16, alphabet = ALPHABET.ALPHA_DIGIT) => { - let str = ''; - const { length } = alphabet; - const randomValues = new Uint32Array(size); - external_crypto_.randomFillSync(randomValues); - for (let i = 0; i < size; i++) { - str += alphabet[randomValues[i] % length]; + prototype = Object.getPrototypeOf(prototype); } - return str; -}; + return false; +} -/* harmony default export */ const node = ({ - isNode: true, - classes: { - URLSearchParams: classes_URLSearchParams, - FormData: classes_FormData, - Blob: (typeof Blob !== 'undefined' && Blob) || null, - }, - ALPHABET, - generateString, - protocols: ['http', 'https', 'file', 'data'], -}); +// Build a plain-object snapshot of `config` and replace the value of any key +// (case-insensitive) listed in `redactKeys` with REDACTED. Walks through arrays +// and AxiosHeaders, and short-circuits on circular references. +function redactConfig(config, redactKeys) { + const lowerKeys = new Set(redactKeys.map((k) => String(k).toLowerCase())); + const seen = []; -;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/common/utils.js -const hasBrowserEnv = typeof window !== 'undefined' && typeof document !== 'undefined'; + const visit = (source) => { + if (source === null || typeof source !== 'object') return source; + if (utils.isBuffer(source)) return source; + if (seen.indexOf(source) !== -1) return undefined; -const _navigator = (typeof navigator === 'object' && navigator) || undefined; + if (source instanceof core_AxiosHeaders) { + source = source.toJSON(); + } -/** - * Determine if we're running in a standard browser environment - * - * This allows axios to run in a web worker, and react-native. - * Both environments support XMLHttpRequest, but not fully standard globals. - * - * web workers: - * typeof window -> undefined - * typeof document -> undefined - * - * react-native: - * navigator.product -> 'ReactNative' - * nativescript - * navigator.product -> 'NativeScript' or 'NS' - * - * @returns {boolean} - */ -const hasStandardBrowserEnv = - hasBrowserEnv && - (!_navigator || ['ReactNative', 'NativeScript', 'NS'].indexOf(_navigator.product) < 0); + seen.push(source); -/** - * Determine if we're running in a standard browser webWorker environment - * - * Although the `isStandardBrowserEnv` method indicates that - * `allows axios to run in a web worker`, the WebWorker will still be - * filtered out due to its judgment standard - * `typeof window !== 'undefined' && typeof document !== 'undefined'`. - * This leads to a problem when axios post `FormData` in webWorker - */ -const hasStandardBrowserWebWorkerEnv = (() => { - return ( - typeof WorkerGlobalScope !== 'undefined' && - // eslint-disable-next-line no-undef - self instanceof WorkerGlobalScope && - typeof self.importScripts === 'function' - ); -})(); + let result; + if (utils.isArray(source)) { + result = []; + source.forEach((v, i) => { + const reducedValue = visit(v); + if (!utils.isUndefined(reducedValue)) { + result[i] = reducedValue; + } + }); + } else { + if (!utils.isPlainObject(source) && hasOwnOrPrototypeToJSON(source)) { + seen.pop(); + return source; + } -const origin = (hasBrowserEnv && window.location.href) || 'http://localhost'; + result = Object.create(null); + for (const [key, value] of Object.entries(source)) { + const reducedValue = lowerKeys.has(key.toLowerCase()) ? REDACTED : visit(value); + if (!utils.isUndefined(reducedValue)) { + result[key] = reducedValue; + } + } + } + seen.pop(); + return result; + }; + return visit(config); +} -;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/index.js +class AxiosError extends Error { + static from(error, code, config, request, response, customProps) { + const axiosError = new AxiosError(error.message, code || error.code, config, request, response); + axiosError.cause = error; + axiosError.name = error.name; + // Preserve status from the original error if not already set from response + if (error.status != null && axiosError.status == null) { + axiosError.status = error.status; + } + customProps && Object.assign(axiosError, customProps); + return axiosError; + } -/* harmony default export */ const platform = ({ - ...common_utils_namespaceObject, - ...node, -}); + /** + * Create an Error with the specified message, config, error code, request and response. + * + * @param {string} message The error message. + * @param {string} [code] The error code (for example, 'ECONNABORTED'). + * @param {Object} [config] The config. + * @param {Object} [request] The request. + * @param {Object} [response] The response. + * + * @returns {Error} The created error. + */ + constructor(message, code, config, request, response) { + super(message); -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/toURLEncodedForm.js + // Make message enumerable to maintain backward compatibility + // The native Error constructor sets message as non-enumerable, + // but axios < v1.13.3 had it as enumerable + Object.defineProperty(this, 'message', { + // Null-proto descriptor so a polluted Object.prototype.get cannot turn + // this data descriptor into an accessor descriptor on the way in. + __proto__: null, + value: message, + enumerable: true, + writable: true, + configurable: true, + }); + + this.name = 'AxiosError'; + this.isAxiosError = true; + code && (this.code = code); + config && (this.config = config); + request && (this.request = request); + if (response) { + this.response = response; + this.status = response.status; + } + } + + toJSON() { + // Opt-in redaction: when the request config carries a `redact` array, the + // value of any matching key (case-insensitive, at any depth) is replaced + // with REDACTED in the serialized snapshot. Undefined or empty leaves the + // existing serialization behavior unchanged. + const config = this.config; + const redactKeys = config && utils.hasOwnProp(config, 'redact') ? config.redact : undefined; + const serializedConfig = + utils.isArray(redactKeys) && redactKeys.length > 0 + ? redactConfig(config, redactKeys) + : utils.toJSONObject(config); + + return { + // Standard + message: this.message, + name: this.name, + // Microsoft + description: this.description, + number: this.number, + // Mozilla + fileName: this.fileName, + lineNumber: this.lineNumber, + columnNumber: this.columnNumber, + stack: this.stack, + // Axios + config: serializedConfig, + code: this.code, + status: this.status, + }; + } +} +// This can be changed to static properties as soon as the parser options in .eslint.cjs are updated. +AxiosError.ERR_BAD_OPTION_VALUE = 'ERR_BAD_OPTION_VALUE'; +AxiosError.ERR_BAD_OPTION = 'ERR_BAD_OPTION'; +AxiosError.ECONNABORTED = 'ECONNABORTED'; +AxiosError.ETIMEDOUT = 'ETIMEDOUT'; +AxiosError.ECONNREFUSED = 'ECONNREFUSED'; +AxiosError.ERR_NETWORK = 'ERR_NETWORK'; +AxiosError.ERR_FR_TOO_MANY_REDIRECTS = 'ERR_FR_TOO_MANY_REDIRECTS'; +AxiosError.ERR_DEPRECATED = 'ERR_DEPRECATED'; +AxiosError.ERR_BAD_RESPONSE = 'ERR_BAD_RESPONSE'; +AxiosError.ERR_BAD_REQUEST = 'ERR_BAD_REQUEST'; +AxiosError.ERR_CANCELED = 'ERR_CANCELED'; +AxiosError.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT'; +AxiosError.ERR_INVALID_URL = 'ERR_INVALID_URL'; +AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED'; +/* harmony default export */ const core_AxiosError = (AxiosError); +// EXTERNAL MODULE: ./node_modules/form-data/lib/form_data.js +var form_data = __nccwpck_require__(6454); +;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/classes/FormData.js +/* harmony default export */ const classes_FormData = (form_data); -function toURLEncodedForm(data, options) { - return helpers_toFormData(data, new platform.classes.URLSearchParams(), { - visitor: function (value, key, path, helpers) { - if (platform.isNode && utils.isBuffer(value)) { - this.append(key, value.toString('base64')); - return false; - } +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/toFormData.js - return helpers.defaultVisitor.apply(this, arguments); - }, - ...options, - }); -} -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/formDataToJSON.js +// temporary hotfix to avoid circular references until AxiosURLSearchParams is refactored /** - * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z'] + * Determines if the given thing is a array or js object. * - * @param {string} name - The name of the property to get. + * @param {string} thing - The object or array to be visited. * - * @returns An array of strings. + * @returns {boolean} */ -function parsePropPath(name) { - // foo[x][y][z] - // foo.x.y.z - // foo-x-y-z - // foo x y z - return utils.matchAll(/\w+|\[(\w*)]/g, name).map((match) => { - return match[0] === '[]' ? '' : match[1] || match[0]; - }); +function isVisitable(thing) { + return utils.isPlainObject(thing) || utils.isArray(thing); } /** - * Convert an array to an object. + * It removes the brackets from the end of a string * - * @param {Array} arr - The array to convert to an object. + * @param {string} key - The key of the parameter. * - * @returns An object with the same keys and values as the array. + * @returns {string} the key without the brackets. */ -function arrayToObject(arr) { - const obj = {}; - const keys = Object.keys(arr); - let i; - const len = keys.length; - let key; - for (i = 0; i < len; i++) { - key = keys[i]; - obj[key] = arr[key]; - } - return obj; +function removeBrackets(key) { + return utils.endsWith(key, '[]') ? key.slice(0, -2) : key; } /** - * It takes a FormData object and returns a JavaScript object + * It takes a path, a key, and a boolean, and returns a string * - * @param {string} formData The FormData object to convert to JSON. + * @param {string} path - The path to the current key. + * @param {string} key - The key of the current object being iterated over. + * @param {string} dots - If true, the key will be rendered with dots instead of brackets. * - * @returns {Object | null} The converted object. + * @returns {string} The path to the current key. */ -function formDataToJSON(formData) { - function buildPath(path, value, target, index) { - let name = path[index++]; - - if (name === '__proto__') return true; - - const isNumericKey = Number.isFinite(+name); - const isLast = index >= path.length; - name = !name && utils.isArray(target) ? target.length : name; +function renderKey(path, key, dots) { + if (!path) return key; + return path + .concat(key) + .map(function each(token, i) { + // eslint-disable-next-line no-param-reassign + token = removeBrackets(token); + return !dots && i ? '[' + token + ']' : token; + }) + .join(dots ? '.' : ''); +} - if (isLast) { - if (utils.hasOwnProp(target, name)) { - target[name] = [target[name], value]; - } else { - target[name] = value; - } +/** + * If the array is an array and none of its elements are visitable, then it's a flat array. + * + * @param {Array} arr - The array to check + * + * @returns {boolean} + */ +function isFlatArray(arr) { + return utils.isArray(arr) && !arr.some(isVisitable); +} - return !isNumericKey; - } +const predicates = utils.toFlatObject(utils, {}, null, function filter(prop) { + return /^is[A-Z]/.test(prop); +}); - if (!target[name] || !utils.isObject(target[name])) { - target[name] = []; - } +/** + * Convert a data object to FormData + * + * @param {Object} obj + * @param {?Object} [formData] + * @param {?Object} [options] + * @param {Function} [options.visitor] + * @param {Boolean} [options.metaTokens = true] + * @param {Boolean} [options.dots = false] + * @param {?Boolean} [options.indexes = false] + * + * @returns {Object} + **/ - const result = buildPath(path, value, target[name], index); - - if (result && utils.isArray(target[name])) { - target[name] = arrayToObject(target[name]); - } - - return !isNumericKey; +/** + * It converts an object into a FormData object + * + * @param {Object} obj - The object to convert to form data. + * @param {string} formData - The FormData object to append to. + * @param {Object} options + * + * @returns + */ +function toFormData(obj, formData, options) { + if (!utils.isObject(obj)) { + throw new TypeError('target must be an object'); } - if (utils.isFormData(formData) && utils.isFunction(formData.entries)) { - const obj = {}; - - utils.forEachEntry(formData, (name, value) => { - buildPath(parsePropPath(name), value, obj, 0); - }); - - return obj; - } + // eslint-disable-next-line no-param-reassign + formData = formData || new (classes_FormData || FormData)(); - return null; -} + // eslint-disable-next-line no-param-reassign + options = utils.toFlatObject( + options, + { + metaTokens: true, + dots: false, + indexes: false, + }, + false, + function defined(option, source) { + // eslint-disable-next-line no-eq-null,eqeqeq + return !utils.isUndefined(source[option]); + } + ); -/* harmony default export */ const helpers_formDataToJSON = (formDataToJSON); + const metaTokens = options.metaTokens; + // eslint-disable-next-line no-use-before-define + const visitor = options.visitor || defaultVisitor; + const dots = options.dots; + const indexes = options.indexes; + const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob); + const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth; + const useBlob = _Blob && utils.isSpecCompliantForm(formData); -;// CONCATENATED MODULE: ./node_modules/axios/lib/defaults/index.js + if (!utils.isFunction(visitor)) { + throw new TypeError('visitor must be a function'); + } + function convertValue(value) { + if (value === null) return ''; + if (utils.isDate(value)) { + return value.toISOString(); + } + if (utils.isBoolean(value)) { + return value.toString(); + } + if (!useBlob && utils.isBlob(value)) { + throw new core_AxiosError('Blob is not supported. Use a Buffer instead.'); + } + if (utils.isArrayBuffer(value) || utils.isTypedArray(value)) { + return useBlob && typeof Blob === 'function' ? new Blob([value]) : Buffer.from(value); + } + return value; + } + /** + * Default visitor. + * + * @param {*} value + * @param {String|Number} key + * @param {Array} path + * @this {FormData} + * + * @returns {boolean} return true to visit the each prop of the value recursively + */ + function defaultVisitor(value, key, path) { + let arr = value; + if (utils.isReactNative(formData) && utils.isReactNativeBlob(value)) { + formData.append(renderKey(path, key, dots), convertValue(value)); + return false; + } + if (value && !path && typeof value === 'object') { + if (utils.endsWith(key, '{}')) { + // eslint-disable-next-line no-param-reassign + key = metaTokens ? key : key.slice(0, -2); + // eslint-disable-next-line no-param-reassign + value = JSON.stringify(value); + } else if ( + (utils.isArray(value) && isFlatArray(value)) || + ((utils.isFileList(value) || utils.endsWith(key, '[]')) && (arr = utils.toArray(value))) + ) { + // eslint-disable-next-line no-param-reassign + key = removeBrackets(key); -/** - * It takes a string, tries to parse it, and if it fails, it returns the stringified version - * of the input - * - * @param {any} rawValue - The value to be stringified. - * @param {Function} parser - A function that parses a string into a JavaScript object. - * @param {Function} encoder - A function that takes a value and returns a string. - * - * @returns {string} A stringified version of the rawValue. - */ -function stringifySafely(rawValue, parser, encoder) { - if (utils.isString(rawValue)) { - try { - (parser || JSON.parse)(rawValue); - return utils.trim(rawValue); - } catch (e) { - if (e.name !== 'SyntaxError') { - throw e; + arr.forEach(function each(el, index) { + !(utils.isUndefined(el) || el === null) && + formData.append( + // eslint-disable-next-line no-nested-ternary + indexes === true + ? renderKey([key], index, dots) + : indexes === null + ? key + : key + '[]', + convertValue(el) + ); + }); + return false; } } - } - - return (encoder || JSON.stringify)(rawValue); -} -const defaults = { - transitional: defaults_transitional, + if (isVisitable(value)) { + return true; + } - adapter: ['xhr', 'http', 'fetch'], + formData.append(renderKey(path, key, dots), convertValue(value)); - transformRequest: [ - function transformRequest(data, headers) { - const contentType = headers.getContentType() || ''; - const hasJSONContentType = contentType.indexOf('application/json') > -1; - const isObjectPayload = utils.isObject(data); + return false; + } - if (isObjectPayload && utils.isHTMLForm(data)) { - data = new FormData(data); - } + const stack = []; - const isFormData = utils.isFormData(data); + const exposedHelpers = Object.assign(predicates, { + defaultVisitor, + convertValue, + isVisitable, + }); - if (isFormData) { - return hasJSONContentType ? JSON.stringify(helpers_formDataToJSON(data)) : data; - } + function build(value, path, depth = 0) { + if (utils.isUndefined(value)) return; - if ( - utils.isArrayBuffer(data) || - utils.isBuffer(data) || - utils.isStream(data) || - utils.isFile(data) || - utils.isBlob(data) || - utils.isReadableStream(data) - ) { - return data; - } - if (utils.isArrayBufferView(data)) { - return data.buffer; - } - if (utils.isURLSearchParams(data)) { - headers.setContentType('application/x-www-form-urlencoded;charset=utf-8', false); - return data.toString(); - } + if (depth > maxDepth) { + throw new core_AxiosError( + 'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, + core_AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED + ); + } - let isFileList; + if (stack.indexOf(value) !== -1) { + throw Error('Circular reference detected in ' + path.join('.')); + } - if (isObjectPayload) { - if (contentType.indexOf('application/x-www-form-urlencoded') > -1) { - return toURLEncodedForm(data, this.formSerializer).toString(); - } + stack.push(value); - if ( - (isFileList = utils.isFileList(data)) || - contentType.indexOf('multipart/form-data') > -1 - ) { - const _FormData = this.env && this.env.FormData; + utils.forEach(value, function each(el, key) { + const result = + !(utils.isUndefined(el) || el === null) && + visitor.call(formData, el, utils.isString(key) ? key.trim() : key, path, exposedHelpers); - return helpers_toFormData( - isFileList ? { 'files[]': data } : data, - _FormData && new _FormData(), - this.formSerializer - ); - } + if (result === true) { + build(el, path ? path.concat(key) : [key], depth + 1); } + }); - if (isObjectPayload || hasJSONContentType) { - headers.setContentType('application/json', false); - return stringifySafely(data); - } + stack.pop(); + } - return data; - }, - ], + if (!utils.isObject(obj)) { + throw new TypeError('data must be an object'); + } - transformResponse: [ - function transformResponse(data) { - const transitional = this.transitional || defaults.transitional; - const forcedJSONParsing = transitional && transitional.forcedJSONParsing; - const JSONRequested = this.responseType === 'json'; + build(obj); - if (utils.isResponse(data) || utils.isReadableStream(data)) { - return data; - } + return formData; +} - if ( - data && - utils.isString(data) && - ((forcedJSONParsing && !this.responseType) || JSONRequested) - ) { - const silentJSONParsing = transitional && transitional.silentJSONParsing; - const strictJSONParsing = !silentJSONParsing && JSONRequested; +/* harmony default export */ const helpers_toFormData = (toFormData); - try { - return JSON.parse(data, this.parseReviver); - } catch (e) { - if (strictJSONParsing) { - if (e.name === 'SyntaxError') { - throw core_AxiosError.from(e, core_AxiosError.ERR_BAD_RESPONSE, this, null, this.response); - } - throw e; - } - } - } +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/AxiosURLSearchParams.js - return data; - }, - ], - /** - * A timeout in milliseconds to abort a request. If set to 0 (default) a - * timeout is not created. - */ - timeout: 0, - xsrfCookieName: 'XSRF-TOKEN', - xsrfHeaderName: 'X-XSRF-TOKEN', - maxContentLength: -1, - maxBodyLength: -1, +/** + * It encodes a string by replacing all characters that are not in the unreserved set with + * their percent-encoded equivalents + * + * @param {string} str - The string to encode. + * + * @returns {string} The encoded string. + */ +function encode(str) { + const charMap = { + '!': '%21', + "'": '%27', + '(': '%28', + ')': '%29', + '~': '%7E', + '%20': '+', + }; + return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) { + return charMap[match]; + }); +} - env: { - FormData: platform.classes.FormData, - Blob: platform.classes.Blob, - }, +/** + * It takes a params object and converts it to a FormData object + * + * @param {Object} params - The parameters to be converted to a FormData object. + * @param {Object} options - The options object passed to the Axios constructor. + * + * @returns {void} + */ +function AxiosURLSearchParams(params, options) { + this._pairs = []; - validateStatus: function validateStatus(status) { - return status >= 200 && status < 300; - }, + params && helpers_toFormData(params, this, options); +} - headers: { - common: { - Accept: 'application/json, text/plain, */*', - 'Content-Type': undefined, - }, - }, +const AxiosURLSearchParams_prototype = AxiosURLSearchParams.prototype; + +AxiosURLSearchParams_prototype.append = function append(name, value) { + this._pairs.push([name, value]); }; -utils.forEach(['delete', 'get', 'head', 'post', 'put', 'patch'], (method) => { - defaults.headers[method] = {}; -}); +AxiosURLSearchParams_prototype.toString = function toString(encoder) { + const _encode = encoder + ? function (value) { + return encoder.call(this, value, encode); + } + : encode; -/* harmony default export */ const lib_defaults = (defaults); + return this._pairs + .map(function each(pair) { + return _encode(pair[0]) + '=' + _encode(pair[1]); + }, '') + .join('&'); +}; -;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/parseHeaders.js +/* harmony default export */ const helpers_AxiosURLSearchParams = (AxiosURLSearchParams); + +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/buildURL.js -// RawAxiosHeaders whose duplicates are ignored by node -// c.f. https://nodejs.org/api/http.html#http_message_headers -const ignoreDuplicateOf = utils.toObjectSet([ - 'age', - 'authorization', - 'content-length', - 'content-type', - 'etag', - 'expires', - 'from', - 'host', - 'if-modified-since', - 'if-unmodified-since', - 'last-modified', - 'location', - 'max-forwards', - 'proxy-authorization', - 'referer', - 'retry-after', - 'user-agent', -]); /** - * Parse headers into an object + * It replaces URL-encoded forms of `:`, `$`, `,`, and spaces with + * their plain counterparts (`:`, `$`, `,`, `+`). * - * ``` - * Date: Wed, 27 Aug 2014 08:58:49 GMT - * Content-Type: application/json - * Connection: keep-alive - * Transfer-Encoding: chunked - * ``` + * @param {string} val The value to be encoded. * - * @param {String} rawHeaders Headers needing to be parsed + * @returns {string} The encoded value. + */ +function buildURL_encode(val) { + return encodeURIComponent(val) + .replace(/%3A/gi, ':') + .replace(/%24/g, '$') + .replace(/%2C/gi, ',') + .replace(/%20/g, '+'); +} + +/** + * Build a URL by appending params to the end * - * @returns {Object} Headers parsed into an object + * @param {string} url The base of the url (e.g., http://www.google.com) + * @param {object} [params] The params to be appended + * @param {?(object|Function)} options + * + * @returns {string} The formatted url */ -/* harmony default export */ const parseHeaders = ((rawHeaders) => { - const parsed = {}; - let key; - let val; - let i; +function buildURL(url, params, options) { + if (!params) { + return url; + } - rawHeaders && - rawHeaders.split('\n').forEach(function parser(line) { - i = line.indexOf(':'); - key = line.substring(0, i).trim().toLowerCase(); - val = line.substring(i + 1).trim(); + const _encode = (options && options.encode) || buildURL_encode; - if (!key || (parsed[key] && ignoreDuplicateOf[key])) { - return; + const _options = utils.isFunction(options) + ? { + serialize: options, } + : options; - if (key === 'set-cookie') { - if (parsed[key]) { - parsed[key].push(val); - } else { - parsed[key] = [val]; - } - } else { - parsed[key] = parsed[key] ? parsed[key] + ', ' + val : val; - } - }); + const serializeFn = _options && _options.serialize; - return parsed; -}); + let serializedParams; -;// CONCATENATED MODULE: ./node_modules/axios/lib/core/AxiosHeaders.js + if (serializeFn) { + serializedParams = serializeFn(params, _options); + } else { + serializedParams = utils.isURLSearchParams(params) + ? params.toString() + : new helpers_AxiosURLSearchParams(params, _options).toString(_encode); + } + + if (serializedParams) { + const hashmarkIndex = url.indexOf('#'); + if (hashmarkIndex !== -1) { + url = url.slice(0, hashmarkIndex); + } + url += (url.indexOf('?') === -1 ? '?' : '&') + serializedParams; + } + return url; +} +;// CONCATENATED MODULE: ./node_modules/axios/lib/core/InterceptorManager.js -const $internals = Symbol('internals'); -const isValidHeaderValue = (value) => !/[\r\n]/.test(value); -function assertValidHeaderValue(value, header) { - if (value === false || value == null) { - return; +class InterceptorManager { + constructor() { + this.handlers = []; } - if (utils.isArray(value)) { - value.forEach((v) => assertValidHeaderValue(v, header)); - return; + /** + * Add a new interceptor to the stack + * + * @param {Function} fulfilled The function to handle `then` for a `Promise` + * @param {Function} rejected The function to handle `reject` for a `Promise` + * @param {Object} options The options for the interceptor, synchronous and runWhen + * + * @return {Number} An ID used to remove interceptor later + */ + use(fulfilled, rejected, options) { + this.handlers.push({ + fulfilled, + rejected, + synchronous: options ? options.synchronous : false, + runWhen: options ? options.runWhen : null, + }); + return this.handlers.length - 1; } - if (!isValidHeaderValue(String(value))) { - throw new Error(`Invalid character in header content ["${header}"]`); + /** + * Remove an interceptor from the stack + * + * @param {Number} id The ID that was returned by `use` + * + * @returns {void} + */ + eject(id) { + if (this.handlers[id]) { + this.handlers[id] = null; + } + } + + /** + * Clear all interceptors from the stack + * + * @returns {void} + */ + clear() { + if (this.handlers) { + this.handlers = []; + } + } + + /** + * Iterate over all the registered interceptors + * + * This method is particularly useful for skipping over any + * interceptors that may have become `null` calling `eject`. + * + * @param {Function} fn The function to call for each interceptor + * + * @returns {void} + */ + forEach(fn) { + utils.forEach(this.handlers, function forEachHandler(h) { + if (h !== null) { + fn(h); + } + }); } } -function normalizeHeader(header) { - return header && String(header).trim().toLowerCase(); -} +/* harmony default export */ const core_InterceptorManager = (InterceptorManager); + +;// CONCATENATED MODULE: ./node_modules/axios/lib/defaults/transitional.js + + +/* harmony default export */ const defaults_transitional = ({ + silentJSONParsing: true, + forcedJSONParsing: true, + clarifyTimeoutError: false, + legacyInterceptorReqResOrdering: true, +}); + +// EXTERNAL MODULE: external "crypto" +var external_crypto_ = __nccwpck_require__(6982); +// EXTERNAL MODULE: external "url" +var external_url_ = __nccwpck_require__(7016); +;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/classes/URLSearchParams.js + + + +/* harmony default export */ const classes_URLSearchParams = (external_url_.URLSearchParams); + +;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/node/index.js + + + -function stripTrailingCRLF(str) { - let end = str.length; +const ALPHA = 'abcdefghijklmnopqrstuvwxyz'; - while (end > 0) { - const charCode = str.charCodeAt(end - 1); +const DIGIT = '0123456789'; - if (charCode !== 10 && charCode !== 13) { - break; - } +const ALPHABET = { + DIGIT, + ALPHA, + ALPHA_DIGIT: ALPHA + ALPHA.toUpperCase() + DIGIT, +}; - end -= 1; +const generateString = (size = 16, alphabet = ALPHABET.ALPHA_DIGIT) => { + let str = ''; + const { length } = alphabet; + const randomValues = new Uint32Array(size); + external_crypto_.randomFillSync(randomValues); + for (let i = 0; i < size; i++) { + str += alphabet[randomValues[i] % length]; } - return end === str.length ? str : str.slice(0, end); -} + return str; +}; -function normalizeValue(value) { - if (value === false || value == null) { - return value; - } +/* harmony default export */ const node = ({ + isNode: true, + classes: { + URLSearchParams: classes_URLSearchParams, + FormData: classes_FormData, + Blob: (typeof Blob !== 'undefined' && Blob) || null, + }, + ALPHABET, + generateString, + protocols: ['http', 'https', 'file', 'data'], +}); - return utils.isArray(value) ? value.map(normalizeValue) : stripTrailingCRLF(String(value)); -} +;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/common/utils.js +const hasBrowserEnv = typeof window !== 'undefined' && typeof document !== 'undefined'; -function parseTokens(str) { - const tokens = Object.create(null); - const tokensRE = /([^\s,;=]+)\s*(?:=\s*([^,;]+))?/g; - let match; +const _navigator = (typeof navigator === 'object' && navigator) || undefined; - while ((match = tokensRE.exec(str))) { - tokens[match[1]] = match[2]; - } +/** + * Determine if we're running in a standard browser environment + * + * This allows axios to run in a web worker, and react-native. + * Both environments support XMLHttpRequest, but not fully standard globals. + * + * web workers: + * typeof window -> undefined + * typeof document -> undefined + * + * react-native: + * navigator.product -> 'ReactNative' + * nativescript + * navigator.product -> 'NativeScript' or 'NS' + * + * @returns {boolean} + */ +const hasStandardBrowserEnv = + hasBrowserEnv && + (!_navigator || ['ReactNative', 'NativeScript', 'NS'].indexOf(_navigator.product) < 0); - return tokens; -} +/** + * Determine if we're running in a standard browser webWorker environment + * + * Although the `isStandardBrowserEnv` method indicates that + * `allows axios to run in a web worker`, the WebWorker will still be + * filtered out due to its judgment standard + * `typeof window !== 'undefined' && typeof document !== 'undefined'`. + * This leads to a problem when axios post `FormData` in webWorker + */ +const hasStandardBrowserWebWorkerEnv = (() => { + return ( + typeof WorkerGlobalScope !== 'undefined' && + // eslint-disable-next-line no-undef + self instanceof WorkerGlobalScope && + typeof self.importScripts === 'function' + ); +})(); -const isValidHeaderName = (str) => /^[-_a-zA-Z0-9^`|~,!#$%&'*+.]+$/.test(str.trim()); +const origin = (hasBrowserEnv && window.location.href) || 'http://localhost'; -function matchHeaderValue(context, value, header, filter, isHeaderNameFilter) { - if (utils.isFunction(filter)) { - return filter.call(this, value, header); - } - if (isHeaderNameFilter) { - value = header; - } - if (!utils.isString(value)) return; +;// CONCATENATED MODULE: ./node_modules/axios/lib/platform/index.js - if (utils.isString(filter)) { - return value.indexOf(filter) !== -1; - } - if (utils.isRegExp(filter)) { - return filter.test(value); - } -} -function formatHeader(header) { - return header - .trim() - .toLowerCase() - .replace(/([a-z\d])(\w*)/g, (w, char, str) => { - return char.toUpperCase() + str; - }); -} +/* harmony default export */ const platform = ({ + ...common_utils_namespaceObject, + ...node, +}); -function buildAccessors(obj, header) { - const accessorName = utils.toCamelCase(' ' + header); +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/toURLEncodedForm.js - ['get', 'set', 'has'].forEach((methodName) => { - Object.defineProperty(obj, methodName + accessorName, { - value: function (arg1, arg2, arg3) { - return this[methodName].call(this, header, arg1, arg2, arg3); - }, - configurable: true, - }); - }); -} -class AxiosHeaders { - constructor(headers) { - headers && this.set(headers); - } - set(header, valueOrRewrite, rewrite) { - const self = this; - function setHeader(_value, _header, _rewrite) { - const lHeader = normalizeHeader(_header); - if (!lHeader) { - throw new Error('header name must be a non-empty string'); + +function toURLEncodedForm(data, options) { + return helpers_toFormData(data, new platform.classes.URLSearchParams(), { + visitor: function (value, key, path, helpers) { + if (platform.isNode && utils.isBuffer(value)) { + this.append(key, value.toString('base64')); + return false; } - const key = utils.findKey(self, lHeader); + return helpers.defaultVisitor.apply(this, arguments); + }, + ...options, + }); +} - if ( - !key || - self[key] === undefined || - _rewrite === true || - (_rewrite === undefined && self[key] !== false) - ) { - assertValidHeaderValue(_value, _header); - self[key || _header] = normalizeValue(_value); - } - } +;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/formDataToJSON.js - const setHeaders = (headers, _rewrite) => - utils.forEach(headers, (_value, _header) => setHeader(_value, _header, _rewrite)); - if (utils.isPlainObject(header) || header instanceof this.constructor) { - setHeaders(header, valueOrRewrite); - } else if (utils.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) { - setHeaders(parseHeaders(header), valueOrRewrite); - } else if (utils.isObject(header) && utils.isIterable(header)) { - let obj = {}, - dest, - key; - for (const entry of header) { - if (!utils.isArray(entry)) { - throw TypeError('Object iterator must return a key-value pair'); - } - obj[(key = entry[0])] = (dest = obj[key]) - ? utils.isArray(dest) - ? [...dest, entry[1]] - : [dest, entry[1]] - : entry[1]; - } - setHeaders(obj, valueOrRewrite); - } else { - header != null && setHeader(valueOrRewrite, header, rewrite); - } +/** + * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z'] + * + * @param {string} name - The name of the property to get. + * + * @returns An array of strings. + */ +function parsePropPath(name) { + // foo[x][y][z] + // foo.x.y.z + // foo-x-y-z + // foo x y z + return utils.matchAll(/\w+|\[(\w*)]/g, name).map((match) => { + return match[0] === '[]' ? '' : match[1] || match[0]; + }); +} - return this; +/** + * Convert an array to an object. + * + * @param {Array} arr - The array to convert to an object. + * + * @returns An object with the same keys and values as the array. + */ +function arrayToObject(arr) { + const obj = {}; + const keys = Object.keys(arr); + let i; + const len = keys.length; + let key; + for (i = 0; i < len; i++) { + key = keys[i]; + obj[key] = arr[key]; } + return obj; +} - get(header, parser) { - header = normalizeHeader(header); +/** + * It takes a FormData object and returns a JavaScript object + * + * @param {string} formData The FormData object to convert to JSON. + * + * @returns {Object | null} The converted object. + */ +function formDataToJSON(formData) { + function buildPath(path, value, target, index) { + let name = path[index++]; - if (header) { - const key = utils.findKey(this, header); + if (name === '__proto__') return true; - if (key) { - const value = this[key]; + const isNumericKey = Number.isFinite(+name); + const isLast = index >= path.length; + name = !name && utils.isArray(target) ? target.length : name; - if (!parser) { - return value; - } + if (isLast) { + if (utils.hasOwnProp(target, name)) { + target[name] = utils.isArray(target[name]) + ? target[name].concat(value) + : [target[name], value]; + } else { + target[name] = value; + } - if (parser === true) { - return parseTokens(value); - } + return !isNumericKey; + } - if (utils.isFunction(parser)) { - return parser.call(this, value, key); - } + if (!target[name] || !utils.isObject(target[name])) { + target[name] = []; + } - if (utils.isRegExp(parser)) { - return parser.exec(value); - } + const result = buildPath(path, value, target[name], index); - throw new TypeError('parser must be boolean|regexp|function'); - } + if (result && utils.isArray(target[name])) { + target[name] = arrayToObject(target[name]); } - } - has(header, matcher) { - header = normalizeHeader(header); + return !isNumericKey; + } - if (header) { - const key = utils.findKey(this, header); + if (utils.isFormData(formData) && utils.isFunction(formData.entries)) { + const obj = {}; - return !!( - key && - this[key] !== undefined && - (!matcher || matchHeaderValue(this, this[key], key, matcher)) - ); - } + utils.forEachEntry(formData, (name, value) => { + buildPath(parsePropPath(name), value, obj, 0); + }); - return false; + return obj; } - delete(header, matcher) { - const self = this; - let deleted = false; + return null; +} - function deleteHeader(_header) { - _header = normalizeHeader(_header); +/* harmony default export */ const helpers_formDataToJSON = (formDataToJSON); - if (_header) { - const key = utils.findKey(self, _header); +;// CONCATENATED MODULE: ./node_modules/axios/lib/defaults/index.js - if (key && (!matcher || matchHeaderValue(self, self[key], key, matcher))) { - delete self[key]; - deleted = true; - } - } - } - if (utils.isArray(header)) { - header.forEach(deleteHeader); - } else { - deleteHeader(header); - } - return deleted; - } - clear(matcher) { - const keys = Object.keys(this); - let i = keys.length; - let deleted = false; - while (i--) { - const key = keys[i]; - if (!matcher || matchHeaderValue(this, this[key], key, matcher, true)) { - delete this[key]; - deleted = true; - } - } - return deleted; - } - normalize(format) { - const self = this; - const headers = {}; - utils.forEach(this, (value, header) => { - const key = utils.findKey(headers, header); - if (key) { - self[key] = normalizeValue(value); - delete self[header]; - return; +const own = (obj, key) => (obj != null && utils.hasOwnProp(obj, key) ? obj[key] : undefined); + +/** + * It takes a string, tries to parse it, and if it fails, it returns the stringified version + * of the input + * + * @param {any} rawValue - The value to be stringified. + * @param {Function} parser - A function that parses a string into a JavaScript object. + * @param {Function} encoder - A function that takes a value and returns a string. + * + * @returns {string} A stringified version of the rawValue. + */ +function stringifySafely(rawValue, parser, encoder) { + if (utils.isString(rawValue)) { + try { + (parser || JSON.parse)(rawValue); + return utils.trim(rawValue); + } catch (e) { + if (e.name !== 'SyntaxError') { + throw e; } + } + } - const normalized = format ? formatHeader(header) : String(header).trim(); + return (encoder || JSON.stringify)(rawValue); +} - if (normalized !== header) { - delete self[header]; - } +const defaults = { + transitional: defaults_transitional, - self[normalized] = normalizeValue(value); + adapter: ['xhr', 'http', 'fetch'], - headers[normalized] = true; - }); + transformRequest: [ + function transformRequest(data, headers) { + const contentType = headers.getContentType() || ''; + const hasJSONContentType = contentType.indexOf('application/json') > -1; + const isObjectPayload = utils.isObject(data); - return this; - } + if (isObjectPayload && utils.isHTMLForm(data)) { + data = new FormData(data); + } - concat(...targets) { - return this.constructor.concat(this, ...targets); - } + const isFormData = utils.isFormData(data); - toJSON(asStrings) { - const obj = Object.create(null); + if (isFormData) { + return hasJSONContentType ? JSON.stringify(helpers_formDataToJSON(data)) : data; + } - utils.forEach(this, (value, header) => { - value != null && - value !== false && - (obj[header] = asStrings && utils.isArray(value) ? value.join(', ') : value); - }); + if ( + utils.isArrayBuffer(data) || + utils.isBuffer(data) || + utils.isStream(data) || + utils.isFile(data) || + utils.isBlob(data) || + utils.isReadableStream(data) + ) { + return data; + } + if (utils.isArrayBufferView(data)) { + return data.buffer; + } + if (utils.isURLSearchParams(data)) { + headers.setContentType('application/x-www-form-urlencoded;charset=utf-8', false); + return data.toString(); + } - return obj; - } + let isFileList; - [Symbol.iterator]() { - return Object.entries(this.toJSON())[Symbol.iterator](); - } + if (isObjectPayload) { + const formSerializer = own(this, 'formSerializer'); + if (contentType.indexOf('application/x-www-form-urlencoded') > -1) { + return toURLEncodedForm(data, formSerializer).toString(); + } - toString() { - return Object.entries(this.toJSON()) - .map(([header, value]) => header + ': ' + value) - .join('\n'); - } + if ( + (isFileList = utils.isFileList(data)) || + contentType.indexOf('multipart/form-data') > -1 + ) { + const env = own(this, 'env'); + const _FormData = env && env.FormData; - getSetCookie() { - return this.get('set-cookie') || []; - } + return helpers_toFormData( + isFileList ? { 'files[]': data } : data, + _FormData && new _FormData(), + formSerializer + ); + } + } - get [Symbol.toStringTag]() { - return 'AxiosHeaders'; - } + if (isObjectPayload || hasJSONContentType) { + headers.setContentType('application/json', false); + return stringifySafely(data); + } - static from(thing) { - return thing instanceof this ? thing : new this(thing); - } + return data; + }, + ], - static concat(first, ...targets) { - const computed = new this(first); + transformResponse: [ + function transformResponse(data) { + const transitional = own(this, 'transitional') || defaults.transitional; + const forcedJSONParsing = transitional && transitional.forcedJSONParsing; + const responseType = own(this, 'responseType'); + const JSONRequested = responseType === 'json'; - targets.forEach((target) => computed.set(target)); + if (utils.isResponse(data) || utils.isReadableStream(data)) { + return data; + } - return computed; - } + if ( + data && + utils.isString(data) && + ((forcedJSONParsing && !responseType) || JSONRequested) + ) { + const silentJSONParsing = transitional && transitional.silentJSONParsing; + const strictJSONParsing = !silentJSONParsing && JSONRequested; - static accessor(header) { - const internals = - (this[$internals] = - this[$internals] = - { - accessors: {}, - }); + try { + return JSON.parse(data, own(this, 'parseReviver')); + } catch (e) { + if (strictJSONParsing) { + if (e.name === 'SyntaxError') { + throw core_AxiosError.from(e, core_AxiosError.ERR_BAD_RESPONSE, this, null, own(this, 'response')); + } + throw e; + } + } + } - const accessors = internals.accessors; - const prototype = this.prototype; + return data; + }, + ], - function defineAccessor(_header) { - const lHeader = normalizeHeader(_header); + /** + * A timeout in milliseconds to abort a request. If set to 0 (default) a + * timeout is not created. + */ + timeout: 0, - if (!accessors[lHeader]) { - buildAccessors(prototype, _header); - accessors[lHeader] = true; - } - } + xsrfCookieName: 'XSRF-TOKEN', + xsrfHeaderName: 'X-XSRF-TOKEN', - utils.isArray(header) ? header.forEach(defineAccessor) : defineAccessor(header); + maxContentLength: -1, + maxBodyLength: -1, - return this; - } -} + env: { + FormData: platform.classes.FormData, + Blob: platform.classes.Blob, + }, -AxiosHeaders.accessor([ - 'Content-Type', - 'Content-Length', - 'Accept', - 'Accept-Encoding', - 'User-Agent', - 'Authorization', -]); + validateStatus: function validateStatus(status) { + return status >= 200 && status < 300; + }, -// reserved names hotfix -utils.reduceDescriptors(AxiosHeaders.prototype, ({ value }, key) => { - let mapped = key[0].toUpperCase() + key.slice(1); // map `set` => `Set` - return { - get: () => value, - set(headerValue) { - this[mapped] = headerValue; + headers: { + common: { + Accept: 'application/json, text/plain, */*', + 'Content-Type': undefined, }, - }; -}); + }, +}; -utils.freezeMethods(AxiosHeaders); +utils.forEach(['delete', 'get', 'head', 'post', 'put', 'patch', 'query'], (method) => { + defaults.headers[method] = {}; +}); -/* harmony default export */ const core_AxiosHeaders = (AxiosHeaders); +/* harmony default export */ const lib_defaults = (defaults); ;// CONCATENATED MODULE: ./node_modules/axios/lib/core/transformData.js @@ -42100,17 +42214,13 @@ function settle(resolve, reject, response) { if (!response.status || !validateStatus || validateStatus(response.status)) { resolve(response); } else { - reject( - new core_AxiosError( - 'Request failed with status code ' + response.status, - [core_AxiosError.ERR_BAD_REQUEST, core_AxiosError.ERR_BAD_RESPONSE][ - Math.floor(response.status / 100) - 4 - ], - response.config, - response.request, - response - ) - ); + reject(new core_AxiosError( + 'Request failed with status code ' + response.status, + response.status >= 400 && response.status < 500 ? core_AxiosError.ERR_BAD_REQUEST : core_AxiosError.ERR_BAD_RESPONSE, + response.config, + response.request, + response + )); } } @@ -42170,7 +42280,7 @@ function combineURLs(baseURL, relativeURL) { */ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) { let isRelativeUrl = !isAbsoluteURL(requestedURL); - if (baseURL && (isRelativeUrl || allowAbsoluteUrls == false)) { + if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) { return combineURLs(baseURL, requestedURL); } return requestedURL; @@ -42289,17 +42399,19 @@ var external_https_ = __nccwpck_require__(5692); var external_http2_ = __nccwpck_require__(5675); // EXTERNAL MODULE: external "util" var external_util_ = __nccwpck_require__(9023); +// EXTERNAL MODULE: external "path" +var external_path_ = __nccwpck_require__(6928); // EXTERNAL MODULE: ./node_modules/follow-redirects/index.js var follow_redirects = __nccwpck_require__(1573); // EXTERNAL MODULE: external "zlib" var external_zlib_ = __nccwpck_require__(3106); ;// CONCATENATED MODULE: ./node_modules/axios/lib/env/data.js -const VERSION = "1.15.0"; +const VERSION = "1.16.0"; ;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/parseProtocol.js function parseProtocol(url) { - const match = /^([-+\w]{1,25})(:?\/\/|:)/.exec(url); + const match = /^([-+\w]{1,25}):(?:\/\/)?/.exec(url); return (match && match[1]) || ''; } @@ -42564,7 +42676,8 @@ class FormDataPart { if (isStringValue) { value = textEncoder.encode(String(value).replace(/\r?\n|\r\n?/g, CRLF)); } else { - headers += `Content-Type: ${value.type || 'application/octet-stream'}${CRLF}`; + const safeType = String(value.type || 'application/octet-stream').replace(/[\r\n]/g, ''); + headers += `Content-Type: ${safeType}${CRLF}`; } this.headers = textEncoder.encode(headers + CRLF); @@ -42616,7 +42729,7 @@ const formDataToStream = (form, headersHandler, options) => { } if (boundary.length < 1 || boundary.length > 70) { - throw Error('boundary must be 10-70 characters long'); + throw Error('boundary must be 1-70 characters long'); } const boundaryBytes = textEncoder.encode('--' + boundary + CRLF); @@ -42709,6 +42822,53 @@ const callbackify = (fn, reducer) => { /* harmony default export */ const helpers_callbackify = (callbackify); ;// CONCATENATED MODULE: ./node_modules/axios/lib/helpers/shouldBypassProxy.js +const LOOPBACK_HOSTNAMES = new Set(['localhost']); + +const isIPv4Loopback = (host) => { + const parts = host.split('.'); + if (parts.length !== 4) return false; + if (parts[0] !== '127') return false; + return parts.every((p) => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255); +}; + +const isIPv6Loopback = (host) => { + // Collapse all-zero groups: any form of ::1 / 0:0:...:0:1 + // First, strip any leading "::" by normalising with Set lookup of common forms, + // then fall back to structural check. + if (host === '::1') return true; + + // Check IPv4-mapped IPv6 loopback: ::ffff: or ::ffff: + // Node's URL parser normalises ::ffff:127.0.0.1 → ::ffff:7f00:1 + const v4MappedDotted = host.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/i); + if (v4MappedDotted) return isIPv4Loopback(v4MappedDotted[1]); + + const v4MappedHex = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i); + if (v4MappedHex) { + const high = parseInt(v4MappedHex[1], 16); + // High 16 bits must start with 127 (0x7f) — i.e. 0x7f00..0x7fff + return high >= 0x7f00 && high <= 0x7fff; + } + + // Full-form ::1 variants: any number of zero groups followed by trailing 1 + // e.g. 0:0:0:0:0:0:0:1, 0000:...:0001 + const groups = host.split(':'); + if (groups.length === 8) { + for (let i = 0; i < 7; i++) { + if (!/^0+$/.test(groups[i])) return false; + } + return /^0*1$/.test(groups[7]); + } + + return false; +}; + +const isLoopback = (host) => { + if (!host) return false; + if (LOOPBACK_HOSTNAMES.has(host)) return true; + if (isIPv4Loopback(host)) return true; + return isIPv6Loopback(host); +}; + const shouldBypassProxy_DEFAULT_PORTS = { http: 80, https: 443, @@ -42751,6 +42911,31 @@ const parseNoProxyEntry = (entry) => { return [entryHost, entryPort]; }; +// Convert IPv4-mapped IPv6 (::ffff:0:0/96 prefix) to IPv4 dotted form so both +// sides of a NO_PROXY comparison see the same canonical address. Without this, +// `NO_PROXY=192.168.1.5` would not match a request to `http://[::ffff:192.168.1.5]/` +// (Node's URL parser normalises that to `[::ffff:c0a8:105]`), and vice-versa, +// allowing the proxy-bypass policy to be circumvented by using the alternate +// representation. Returns the input unchanged when not IPv4-mapped. +const IPV4_MAPPED_DOTTED_RE = /^(?:::|(?:0{1,4}:){1,4}:|(?:0{1,4}:){5})ffff:(\d+\.\d+\.\d+\.\d+)$/i; +const IPV4_MAPPED_HEX_RE = /^(?:::|(?:0{1,4}:){1,4}:|(?:0{1,4}:){5})ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i; + +const unmapIPv4MappedIPv6 = (host) => { + if (typeof host !== 'string' || host.indexOf(':') === -1) return host; + + const dotted = host.match(IPV4_MAPPED_DOTTED_RE); + if (dotted) return dotted[1]; + + const hex = host.match(IPV4_MAPPED_HEX_RE); + if (hex) { + const high = parseInt(hex[1], 16); + const low = parseInt(hex[2], 16); + return `${high >> 8}.${high & 0xff}.${low >> 8}.${low & 0xff}`; + } + + return host; +}; + const normalizeNoProxyHost = (hostname) => { if (!hostname) { return hostname; @@ -42760,7 +42945,7 @@ const normalizeNoProxyHost = (hostname) => { hostname = hostname.slice(1, -1); } - return hostname.replace(/\.+$/, ''); + return unmapIPv4MappedIPv6(hostname.replace(/\.+$/, '')); }; function shouldBypassProxy(location) { @@ -42812,7 +42997,7 @@ function shouldBypassProxy(location) { return hostname.endsWith(entryHost); } - return hostname === entryHost; + return hostname === entryHost || (isLoopback(hostname) && isLoopback(entryHost)); }); } @@ -42929,13 +43114,13 @@ const progressEventReducer = (listener, isDownloadStream, freq = 3) => { const _speedometer = helpers_speedometer(50, 250); return helpers_throttle((e) => { - const loaded = e.loaded; + const rawLoaded = e.loaded; const total = e.lengthComputable ? e.total : undefined; - const progressBytes = loaded - bytesNotified; + const loaded = total != null ? Math.min(rawLoaded, total) : rawLoaded; + const progressBytes = Math.max(0, loaded - bytesNotified); const rate = _speedometer(progressBytes); - const inRange = loaded <= total; - bytesNotified = loaded; + bytesNotified = Math.max(bytesNotified, loaded); const data = { loaded, @@ -42943,7 +43128,7 @@ const progressEventReducer = (listener, isDownloadStream, freq = 3) => { progress: total ? loaded / total : undefined, bytes: progressBytes, rate: rate ? rate : undefined, - estimated: rate && total && inRange ? (total - loaded) / rate : undefined, + estimated: rate && total ? (total - loaded) / rate : undefined, event: e, lengthComputable: total != null, [isDownloadStream ? 'download' : 'upload']: true, @@ -43044,7 +43229,34 @@ function estimateDataURLDecodedBytes(url) { return bytes > 0 ? bytes : 0; } - return Buffer.byteLength(body, 'utf8'); + if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') { + return Buffer.byteLength(body, 'utf8'); + } + + // Compute UTF-8 byte length directly from UTF-16 code units without allocating + // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies). + // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit + // but 3 UTF-8 bytes). + let bytes = 0; + for (let i = 0, len = body.length; i < len; i++) { + const c = body.charCodeAt(i); + if (c < 0x80) { + bytes += 1; + } else if (c < 0x800) { + bytes += 2; + } else if (c >= 0xd800 && c <= 0xdbff && i + 1 < len) { + const next = body.charCodeAt(i + 1); + if (next >= 0xdc00 && next <= 0xdfff) { + bytes += 4; + i++; + } else { + bytes += 3; + } + } else { + bytes += 3; + } + } + return bytes; } ;// CONCATENATED MODULE: ./node_modules/axios/lib/adapters/http.js @@ -43075,6 +43287,7 @@ function estimateDataURLDecodedBytes(url) { + const zlibOptions = { @@ -43092,11 +43305,46 @@ const isBrotliSupported = utils.isFunction(external_zlib_.createBrotliDecompress const { http: httpFollow, https: httpsFollow } = follow_redirects; const isHttps = /https:?/; +const FORM_DATA_CONTENT_HEADERS = ['content-type', 'content-length']; + +function setFormDataHeaders(headers, formHeaders, policy) { + if (policy !== 'content-only') { + headers.set(formHeaders); + return; + } + + Object.entries(formHeaders).forEach(([key, val]) => { + if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) { + headers.set(key, val); + } + }); +} + +// Symbols used to bind a single 'error' listener to a pooled socket and track +// the request currently owning that socket across keep-alive reuse (issue #10780). +const kAxiosSocketListener = Symbol('axios.http.socketListener'); +const kAxiosCurrentReq = Symbol('axios.http.currentReq'); const supportedProtocols = platform.protocols.map((protocol) => { return protocol + ':'; }); +// Node's WHATWG URL parser returns `username` and `password` percent-encoded. +// Decode before composing the `auth` option so credentials such as +// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the +// original value for malformed input so a bad encoding never throws. +const decodeURIComponentSafe = (value) => { + if (!utils.isString(value)) { + return value; + } + + try { + return decodeURIComponent(value); + } catch (error) { + return value; + } +}; + const flushOnFinish = (stream, [throttled, flush]) => { stream.on('end', flush).on('error', flush); @@ -43216,12 +43464,12 @@ const http2Sessions = new Http2Sessions(); * * @returns {Object} */ -function dispatchBeforeRedirect(options, responseDetails) { +function dispatchBeforeRedirect(options, responseDetails, requestDetails) { if (options.beforeRedirects.proxy) { options.beforeRedirects.proxy(options); } if (options.beforeRedirects.config) { - options.beforeRedirects.config(options, responseDetails); + options.beforeRedirects.config(options, responseDetails, requestDetails); } } @@ -43234,7 +43482,7 @@ function dispatchBeforeRedirect(options, responseDetails) { * * @returns {http.ClientRequestArgs} */ -function setProxy(options, configProxy, location) { +function setProxy(options, configProxy, location, isRedirect) { let proxy = configProxy; if (!proxy && proxy !== false) { const proxyUrl = getProxyForUrl(location); @@ -43244,43 +43492,87 @@ function setProxy(options, configProxy, location) { } } } + // On redirect re-invocation, strip any stale Proxy-Authorization header carried + // over from the prior request (e.g. new target no longer uses a proxy, or uses + // a different proxy). Skip on the initial request so user-supplied headers are + // preserved. Header names are case-insensitive, so remove every case variant. + if (isRedirect && options.headers) { + for (const name of Object.keys(options.headers)) { + if (name.toLowerCase() === 'proxy-authorization') { + delete options.headers[name]; + } + } + } if (proxy) { + // Read proxy fields without traversing the prototype chain. URL instances expose + // username/password/hostname/host/port/protocol via getters on URL.prototype (so + // direct reads are shielded), but plain object proxies — and the `auth` field + // (which URL does not expose) — must be guarded so a polluted Object.prototype + // (e.g. Object.prototype.auth = { username, password }) cannot inject + // attacker-controlled credentials into the Proxy-Authorization header or + // redirect proxying to an attacker-controlled host. + const isProxyURL = proxy instanceof URL; + const readProxyField = (key) => + isProxyURL || utils.hasOwnProp(proxy, key) ? proxy[key] : undefined; + + const proxyUsername = readProxyField('username'); + const proxyPassword = readProxyField('password'); + let proxyAuth = utils.hasOwnProp(proxy, 'auth') ? proxy.auth : undefined; + // Basic proxy authorization - if (proxy.username) { - proxy.auth = (proxy.username || '') + ':' + (proxy.password || ''); + if (proxyUsername) { + proxyAuth = (proxyUsername || '') + ':' + (proxyPassword || ''); } - if (proxy.auth) { - // Support proxy auth object form - const validProxyAuth = Boolean(proxy.auth.username || proxy.auth.password); + if (proxyAuth) { + // Support proxy auth object form. Read sub-fields via own-prop checks so a + // plain object inheriting from polluted Object.prototype cannot leak creds. + const authIsObject = typeof proxyAuth === 'object'; + const authUsername = + authIsObject && utils.hasOwnProp(proxyAuth, 'username') ? proxyAuth.username : undefined; + const authPassword = + authIsObject && utils.hasOwnProp(proxyAuth, 'password') ? proxyAuth.password : undefined; + const validProxyAuth = Boolean(authUsername || authPassword); if (validProxyAuth) { - proxy.auth = (proxy.auth.username || '') + ':' + (proxy.auth.password || ''); - } else if (typeof proxy.auth === 'object') { + proxyAuth = (authUsername || '') + ':' + (authPassword || ''); + } else if (authIsObject) { throw new core_AxiosError('Invalid proxy authorization', core_AxiosError.ERR_BAD_OPTION, { proxy }); } - const base64 = Buffer.from(proxy.auth, 'utf8').toString('base64'); + const base64 = Buffer.from(proxyAuth, 'utf8').toString('base64'); options.headers['Proxy-Authorization'] = 'Basic ' + base64; } - options.headers.host = options.hostname + (options.port ? ':' + options.port : ''); - const proxyHost = proxy.hostname || proxy.host; + // Preserve a user-supplied Host header (case-insensitive) so callers can override + // the value forwarded to the proxy; otherwise default to the request URL's host. + let hasUserHostHeader = false; + for (const name of Object.keys(options.headers)) { + if (name.toLowerCase() === 'host') { + hasUserHostHeader = true; + break; + } + } + if (!hasUserHostHeader) { + options.headers.host = options.hostname + (options.port ? ':' + options.port : ''); + } + const proxyHost = readProxyField('hostname') || readProxyField('host'); options.hostname = proxyHost; // Replace 'host' since options is not a URL object options.host = proxyHost; - options.port = proxy.port; + options.port = readProxyField('port'); options.path = location; - if (proxy.protocol) { - options.protocol = proxy.protocol.includes(':') ? proxy.protocol : `${proxy.protocol}:`; + const proxyProtocol = readProxyField('protocol'); + if (proxyProtocol) { + options.protocol = proxyProtocol.includes(':') ? proxyProtocol : `${proxyProtocol}:`; } } options.beforeRedirects.proxy = function beforeRedirect(redirectOptions) { // Configure proxy for redirected request, passing the original config proxy to apply // the exact same logic as if the redirected request was performed by axios directly. - setProxy(redirectOptions, configProxy, redirectOptions.href); + setProxy(redirectOptions, configProxy, redirectOptions.href, true); }; } @@ -43379,12 +43671,20 @@ const http2Transport = { /* harmony default export */ const http = (isHttpAdapterSupported && function httpAdapter(config) { return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) { - let { data, lookup, family, httpVersion = 1, http2Options } = config; - const { responseType, responseEncoding } = config; + const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined); + let data = own('data'); + let lookup = own('lookup'); + let family = own('family'); + let httpVersion = own('httpVersion'); + if (httpVersion === undefined) httpVersion = 1; + let http2Options = own('http2Options'); + const responseType = own('responseType'); + const responseEncoding = own('responseEncoding'); const method = config.method.toUpperCase(); let isDone; let rejected = false; let req; + let connectPhaseTimer; httpVersion = +httpVersion; @@ -43429,9 +43729,34 @@ const http2Transport = { } } + function clearConnectPhaseTimer() { + if (connectPhaseTimer) { + clearTimeout(connectPhaseTimer); + connectPhaseTimer = null; + } + } + + function createTimeoutError() { + let timeoutErrorMessage = config.timeout + ? 'timeout of ' + config.timeout + 'ms exceeded' + : 'timeout exceeded'; + const transitional = config.transitional || defaults_transitional; + if (config.timeoutErrorMessage) { + timeoutErrorMessage = config.timeoutErrorMessage; + } + return new core_AxiosError( + timeoutErrorMessage, + transitional.clarifyTimeoutError ? core_AxiosError.ETIMEDOUT : core_AxiosError.ECONNABORTED, + config, + req + ); + } + abortEmitter.once('abort', reject); const onFinished = () => { + clearConnectPhaseTimer(); + if (config.cancelToken) { config.cancelToken.unsubscribe(abort); } @@ -43452,6 +43777,7 @@ const http2Transport = { onDone((response, isRejected) => { isDone = true; + clearConnectPhaseTimer(); if (isRejected) { rejected = true; @@ -43566,8 +43892,12 @@ const http2Transport = { } ); // support for https://www.npmjs.com/package/form-data api - } else if (utils.isFormData(data) && utils.isFunction(data.getHeaders)) { - headers.set(data.getHeaders()); + } else if ( + utils.isFormData(data) && + utils.isFunction(data.getHeaders) && + data.getHeaders !== Object.prototype.getHeaders + ) { + setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy')); if (!headers.hasContentLength()) { try { @@ -43652,15 +43982,16 @@ const http2Transport = { // HTTP basic authentication let auth = undefined; - if (config.auth) { - const username = config.auth.username || ''; - const password = config.auth.password || ''; + const configAuth = own('auth'); + if (configAuth) { + const username = configAuth.username || ''; + const password = configAuth.password || ''; auth = username + ':' + password; } if (!auth && parsed.username) { - const urlUsername = parsed.username; - const urlPassword = parsed.password; + const urlUsername = decodeURIComponentSafe(parsed.username); + const urlPassword = decodeURIComponentSafe(parsed.password); auth = urlUsername + ':' + urlPassword; } @@ -43688,7 +44019,9 @@ const http2Transport = { false ); - const options = { + // Null-prototype to block prototype pollution gadgets on properties read + // directly by Node's http.request (e.g. insecureHTTPParser, lookup). + const options = Object.assign(Object.create(null), { path, method: method, headers: headers.toJSON(), @@ -43697,14 +44030,41 @@ const http2Transport = { protocol, family, beforeRedirect: dispatchBeforeRedirect, - beforeRedirects: {}, + beforeRedirects: Object.create(null), http2Options, - }; + }); // cacheable-lookup integration hotfix !utils.isUndefined(lookup) && (options.lookup = lookup); if (config.socketPath) { + if (typeof config.socketPath !== 'string') { + return reject( + new core_AxiosError('socketPath must be a string', core_AxiosError.ERR_BAD_OPTION_VALUE, config) + ); + } + + if (config.allowedSocketPaths != null) { + const allowed = Array.isArray(config.allowedSocketPaths) + ? config.allowedSocketPaths + : [config.allowedSocketPaths]; + + const resolvedSocket = (0,external_path_.resolve)(config.socketPath); + const isAllowed = allowed.some( + (entry) => typeof entry === 'string' && (0,external_path_.resolve)(entry) === resolvedSocket + ); + + if (!isAllowed) { + return reject( + new core_AxiosError( + `socketPath "${config.socketPath}" is not permitted by allowedSocketPaths`, + core_AxiosError.ERR_BAD_OPTION_VALUE, + config + ) + ); + } + } + options.socketPath = config.socketPath; } else { options.hostname = parsed.hostname.startsWith('[') @@ -43718,22 +44078,26 @@ const http2Transport = { ); } let transport; + let isNativeTransport = false; const isHttpsRequest = isHttps.test(options.protocol); options.agent = isHttpsRequest ? config.httpsAgent : config.httpAgent; if (isHttp2) { transport = http2Transport; } else { - if (config.transport) { - transport = config.transport; + const configTransport = own('transport'); + if (configTransport) { + transport = configTransport; } else if (config.maxRedirects === 0) { transport = isHttpsRequest ? external_https_ : external_http_; + isNativeTransport = true; } else { if (config.maxRedirects) { options.maxRedirects = config.maxRedirects; } - if (config.beforeRedirect) { - options.beforeRedirects.config = config.beforeRedirect; + const configBeforeRedirect = own('beforeRedirect'); + if (configBeforeRedirect) { + options.beforeRedirects.config = configBeforeRedirect; } transport = isHttpsRequest ? httpsFollow : httpFollow; } @@ -43746,12 +44110,15 @@ const http2Transport = { options.maxBodyLength = Infinity; } - if (config.insecureHTTPParser) { - options.insecureHTTPParser = config.insecureHTTPParser; - } + // Always set an explicit own value so a polluted + // Object.prototype.insecureHTTPParser cannot enable the lenient parser + // through Node's internal options copy + options.insecureHTTPParser = Boolean(own('insecureHTTPParser')); // Create the request req = transport.request(options, function handleResponse(res) { + clearConnectPhaseTimer(); + if (req.destroyed) return; const streams = [res]; @@ -43832,6 +44199,30 @@ const http2Transport = { }; if (responseType === 'stream') { + // Enforce maxContentLength on streamed responses; previously this + // was applied only to buffered responses. + if (config.maxContentLength > -1) { + const limit = config.maxContentLength; + const source = responseStream; + async function* enforceMaxContentLength() { + let totalResponseBytes = 0; + for await (const chunk of source) { + totalResponseBytes += chunk.length; + if (totalResponseBytes > limit) { + throw new core_AxiosError( + 'maxContentLength size of ' + limit + ' exceeded', + core_AxiosError.ERR_BAD_RESPONSE, + config, + lastRequest + ); + } + yield chunk; + } + } + responseStream = external_stream_.Readable.from(enforceMaxContentLength(), { + objectMode: false, + }); + } response.data = responseStream; settle(resolve, reject, response); } else { @@ -43867,15 +44258,16 @@ const http2Transport = { 'stream has been aborted', core_AxiosError.ERR_BAD_RESPONSE, config, - lastRequest + lastRequest, + response ); responseStream.destroy(err); reject(err); }); responseStream.on('error', function handleStreamError(err) { - if (req.destroyed) return; - reject(core_AxiosError.from(err, null, config, lastRequest)); + if (rejected) return; + reject(core_AxiosError.from(err, null, config, lastRequest, response)); }); responseStream.on('end', function handleStreamEnd() { @@ -43918,9 +44310,48 @@ const http2Transport = { }); // set tcp keep alive to prevent drop connection by peer + // Track every socket bound to this outer RedirectableRequest so a single + // 'close' listener can release ownership on all of them. follow-redirects + // re-emits the 'socket' event for each hop's native request onto the same + // outer request, so attaching per-request listeners inside this handler + // would accumulate across hops and trigger MaxListenersExceededWarning at + // >= 11 redirects. Clearing only the last-bound socket would leave stale + // kAxiosCurrentReq refs on earlier hop sockets returned to the keep-alive + // pool, causing an idle-pool 'error' to be attributed to a closed req. + const boundSockets = new Set(); + req.on('socket', function handleRequestSocket(socket) { // default interval of sending ack packet is 1 minute socket.setKeepAlive(true, 1000 * 60); + + // Install a single 'error' listener per socket (not per request) to avoid + // accumulating listeners on pooled keep-alive sockets that get reassigned + // to new requests before the previous request's 'close' fires (issue #10780). + // The listener is bound to the socket's currently-active request via a + // symbol, which is swapped as the socket is reassigned. + if (!socket[kAxiosSocketListener]) { + socket.on('error', function handleSocketError(err) { + const current = socket[kAxiosCurrentReq]; + if (current && !current.destroyed) { + current.destroy(err); + } + }); + socket[kAxiosSocketListener] = true; + } + + socket[kAxiosCurrentReq] = req; + boundSockets.add(socket); + }); + + req.once('close', function clearCurrentReq() { + clearConnectPhaseTimer(); + + for (const socket of boundSockets) { + if (socket[kAxiosCurrentReq] === req) { + socket[kAxiosCurrentReq] = null; + } + } + boundSockets.clear(); }); // Handle request timeout @@ -43941,29 +44372,24 @@ const http2Transport = { return; } + const handleTimeout = function handleTimeout() { + if (isDone) return; + abort(createTimeoutError()); + }; + + if (isNativeTransport && timeout > 0) { + // Native ClientRequest#setTimeout starts from the socket lifecycle and + // may not fire while TCP connect is still pending. Mirror the + // follow-redirects wall-clock timer for the maxRedirects === 0 path. + connectPhaseTimer = setTimeout(handleTimeout, timeout); + } + // Sometime, the response will be very slow, and does not respond, the connect event will be block by event loop system. // And timer callback will be fired, and abort() will be invoked before connection, then get "socket hang up" and code ECONNRESET. // At this time, if we have a large number of request, nodejs will hang up some socket on background. and the number will up and up. // And then these socket which be hang up will devouring CPU little by little. // ClientRequest.setTimeout will be fired on the specify milliseconds, and can make sure that abort() will be fired after connect. - req.setTimeout(timeout, function handleRequestTimeout() { - if (isDone) return; - let timeoutErrorMessage = config.timeout - ? 'timeout of ' + config.timeout + 'ms exceeded' - : 'timeout exceeded'; - const transitional = config.transitional || defaults_transitional; - if (config.timeoutErrorMessage) { - timeoutErrorMessage = config.timeoutErrorMessage; - } - abort( - new core_AxiosError( - timeoutErrorMessage, - transitional.clarifyTimeoutError ? core_AxiosError.ETIMEDOUT : core_AxiosError.ECONNABORTED, - config, - req - ) - ); - }); + req.setTimeout(timeout, handleTimeout); } else { // explicitly reset the socket timeout value for a possible `keep-alive` request req.setTimeout(0); @@ -43989,7 +44415,41 @@ const http2Transport = { } }); - data.pipe(req); + // Enforce maxBodyLength for streamed uploads on the native http/https + // transport (maxRedirects === 0); follow-redirects enforces it on the + // other path. + let uploadStream = data; + if (config.maxBodyLength > -1 && config.maxRedirects === 0) { + const limit = config.maxBodyLength; + let bytesSent = 0; + uploadStream = external_stream_.pipeline( + [ + data, + new external_stream_.Transform({ + transform(chunk, _enc, cb) { + bytesSent += chunk.length; + if (bytesSent > limit) { + return cb( + new core_AxiosError( + 'Request body larger than maxBodyLength limit', + core_AxiosError.ERR_BAD_REQUEST, + config, + req + ) + ); + } + cb(null, chunk); + }, + }), + ], + utils.noop + ); + uploadStream.on('error', (err) => { + if (!req.destroyed) req.destroy(err); + }); + } + + uploadStream.pipe(req); } else { data && req.write(data); req.end(); @@ -44050,8 +44510,20 @@ const __setProxy = (/* unused pure expression or super */ null && (setProxy)); read(name) { if (typeof document === 'undefined') return null; - const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)')); - return match ? decodeURIComponent(match[1]) : null; + // Match name=value by splitting on the semicolon separator instead of building a + // RegExp from `name` — interpolating an unescaped string into a RegExp would let + // metacharacters (e.g. `.+?` in an attacker-influenced cookie name) cause ReDoS or + // match the wrong cookie. Browsers may serialize cookie pairs as either ";" or + // "; ", so ignore optional whitespace before each cookie name. + const cookies = document.cookie.split(';'); + for (let i = 0; i < cookies.length; i++) { + const cookie = cookies[i].replace(/^\s+/, ''); + const eq = cookie.indexOf('='); + if (eq !== -1 && cookie.slice(0, eq) === name) { + return decodeURIComponent(cookie.slice(eq + 1)); + } + } + return null; }, remove(name) { @@ -44087,7 +44559,21 @@ const headersToObject = (thing) => (thing instanceof core_AxiosHeaders ? { ...th function mergeConfig(config1, config2) { // eslint-disable-next-line no-param-reassign config2 = config2 || {}; - const config = {}; + + // Use a null-prototype object so that downstream reads such as `config.auth` + // or `config.baseURL` cannot inherit polluted values from Object.prototype. + // `hasOwnProperty` is restored as a non-enumerable own slot to preserve + // ergonomics for user code that relies on it. + const config = Object.create(null); + Object.defineProperty(config, 'hasOwnProperty', { + // Null-proto descriptor so a polluted Object.prototype.get cannot turn + // this data descriptor into an accessor descriptor on the way in. + __proto__: null, + value: Object.prototype.hasOwnProperty, + enumerable: false, + writable: true, + configurable: true, + }); function getMergedValue(target, source, prop, caseless) { if (utils.isPlainObject(target) && utils.isPlainObject(source)) { @@ -44126,9 +44612,9 @@ function mergeConfig(config1, config2) { // eslint-disable-next-line consistent-return function mergeDirectKeys(a, b, prop) { - if (prop in config2) { + if (utils.hasOwnProp(config2, prop)) { return getMergedValue(a, b); - } else if (prop in config1) { + } else if (utils.hasOwnProp(config1, prop)) { return getMergedValue(undefined, a); } } @@ -44160,6 +44646,7 @@ function mergeConfig(config1, config2) { httpsAgent: defaultToConfig2, cancelToken: defaultToConfig2, socketPath: defaultToConfig2, + allowedSocketPaths: defaultToConfig2, responseEncoding: defaultToConfig2, validateStatus: mergeDirectKeys, headers: (a, b, prop) => @@ -44169,7 +44656,9 @@ function mergeConfig(config1, config2) { utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) { if (prop === '__proto__' || prop === 'constructor' || prop === 'prototype') return; const merge = utils.hasOwnProp(mergeMap, prop) ? mergeMap[prop] : mergeDeepProperties; - const configValue = merge(config1[prop], config2[prop], prop); + const a = utils.hasOwnProp(config1, prop) ? config1[prop] : undefined; + const b = utils.hasOwnProp(config2, prop) ? config2[prop] : undefined; + const configValue = merge(a, b, prop); (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue); }); @@ -44186,15 +44675,55 @@ function mergeConfig(config1, config2) { +const resolveConfig_FORM_DATA_CONTENT_HEADERS = ['content-type', 'content-length']; + +function resolveConfig_setFormDataHeaders(headers, formHeaders, policy) { + if (policy !== 'content-only') { + headers.set(formHeaders); + return; + } + + Object.entries(formHeaders).forEach(([key, val]) => { + if (resolveConfig_FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) { + headers.set(key, val); + } + }); +} + +/** + * Encode a UTF-8 string to a Latin-1 byte string for use with btoa(). + * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern. + * + * @param {string} str The string to encode + * + * @returns {string} UTF-8 bytes as a Latin-1 string + */ +const encodeUTF8 = (str) => + encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => + String.fromCharCode(parseInt(hex, 16)) + ); + /* harmony default export */ const resolveConfig = ((config) => { const newConfig = mergeConfig({}, config); - let { data, withXSRFToken, xsrfHeaderName, xsrfCookieName, headers, auth } = newConfig; + // Read only own properties to prevent prototype pollution gadgets + // (e.g. Object.prototype.baseURL = 'https://evil.com'). + const own = (key) => (utils.hasOwnProp(newConfig, key) ? newConfig[key] : undefined); + + const data = own('data'); + let withXSRFToken = own('withXSRFToken'); + const xsrfHeaderName = own('xsrfHeaderName'); + const xsrfCookieName = own('xsrfCookieName'); + let headers = own('headers'); + const auth = own('auth'); + const baseURL = own('baseURL'); + const allowAbsoluteUrls = own('allowAbsoluteUrls'); + const url = own('url'); newConfig.headers = headers = core_AxiosHeaders.from(headers); newConfig.url = buildURL( - buildFullPath(newConfig.baseURL, newConfig.url, newConfig.allowAbsoluteUrls), + buildFullPath(baseURL, url, allowAbsoluteUrls), config.params, config.paramsSerializer ); @@ -44204,11 +44733,7 @@ function mergeConfig(config1, config2) { headers.set( 'Authorization', 'Basic ' + - btoa( - (auth.username || '') + - ':' + - (auth.password ? unescape(encodeURIComponent(auth.password)) : '') - ) + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : '')) ); } @@ -44217,14 +44742,7 @@ function mergeConfig(config1, config2) { headers.setContentType(undefined); // browser handles it } else if (utils.isFunction(data.getHeaders)) { // Node.js FormData (like form-data package) - const formHeaders = data.getHeaders(); - // Only set safe headers to avoid overwriting security headers - const allowedHeaders = ['content-type', 'content-length']; - Object.entries(formHeaders).forEach(([key, val]) => { - if (allowedHeaders.includes(key.toLowerCase())) { - headers.set(key, val); - } - }); + resolveConfig_setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy')); } } @@ -44233,10 +44751,17 @@ function mergeConfig(config1, config2) { // Specifically not if we're in a web worker, or react-native. if (platform.hasStandardBrowserEnv) { - withXSRFToken && utils.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig)); + if (utils.isFunction(withXSRFToken)) { + withXSRFToken = withXSRFToken(newConfig); + } + + // Strict boolean check — prevents proto-pollution gadgets (e.g. Object.prototype.withXSRFToken = 1) + // and misconfigurations (e.g. "false") from short-circuiting the same-origin check and leaking + // the XSRF token cross-origin. + const shouldSendXSRF = + withXSRFToken === true || (withXSRFToken == null && isURLSameOrigin(newConfig.url)); - if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) { - // Add xsrf header + if (shouldSendXSRF) { const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName); if (xsrfValue) { @@ -44342,7 +44867,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; // will return status as 0 even though it's a successful request if ( request.status === 0 && - !(request.responseURL && request.responseURL.indexOf('file:') === 0) + !(request.responseURL && request.responseURL.startsWith('file:')) ) { return; } @@ -44359,6 +44884,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; } reject(new core_AxiosError('Request aborted', core_AxiosError.ECONNABORTED, config, request)); + done(); // Clean up request request = null; @@ -44374,6 +44900,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; // attach the underlying event for consumers who want details err.event = event || null; reject(err); + done(); request = null; }; @@ -44394,6 +44921,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; request ) ); + done(); // Clean up request request = null; @@ -44443,6 +44971,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; } reject(!cancel || cancel.type ? new cancel_CanceledError(null, config, request) : cancel); request.abort(); + done(); request = null; }; @@ -44456,7 +44985,7 @@ const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined'; const protocol = parseProtocol(_config.url); - if (protocol && platform.protocols.indexOf(protocol) === -1) { + if (protocol && !platform.protocols.includes(protocol)) { reject( new core_AxiosError( 'Unsupported protocol ' + protocol + ':', @@ -44632,16 +45161,11 @@ const trackStream = (stream, chunkSize, onProgress, onFinish) => { -const DEFAULT_CHUNK_SIZE = 64 * 1024; -const { isFunction: fetch_isFunction } = utils; -const globalFetchAPI = (({ Request, Response }) => ({ - Request, - Response, -}))(utils.global); +const DEFAULT_CHUNK_SIZE = 64 * 1024; -const { ReadableStream: fetch_ReadableStream, TextEncoder: fetch_TextEncoder } = utils.global; +const { isFunction: fetch_isFunction } = utils; const test = (fn, ...args) => { try { @@ -44652,11 +45176,17 @@ const test = (fn, ...args) => { }; const factory = (env) => { + const globalObject = utils.global ?? globalThis; + const { ReadableStream, TextEncoder } = globalObject; + env = utils.merge.call( { skipUndefined: true, }, - globalFetchAPI, + { + Request: globalObject.Request, + Response: globalObject.Response, + }, env ); @@ -44669,15 +45199,15 @@ const factory = (env) => { return false; } - const isReadableStreamSupported = isFetchSupported && fetch_isFunction(fetch_ReadableStream); + const isReadableStreamSupported = isFetchSupported && fetch_isFunction(ReadableStream); const encodeText = isFetchSupported && - (typeof fetch_TextEncoder === 'function' + (typeof TextEncoder === 'function' ? ( (encoder) => (str) => encoder.encode(str) - )(new fetch_TextEncoder()) + )(new TextEncoder()) : async (str) => new Uint8Array(await new Request(str).arrayBuffer())); const supportsRequestStream = @@ -44686,18 +45216,20 @@ const factory = (env) => { test(() => { let duplexAccessed = false; - const body = new fetch_ReadableStream(); - - const hasContentType = new Request(platform.origin, { - body, + const request = new Request(platform.origin, { + body: new ReadableStream(), method: 'POST', get duplex() { duplexAccessed = true; return 'half'; }, - }).headers.has('Content-Type'); + }); + + const hasContentType = request.headers.has('Content-Type'); - body.cancel(); + if (request.body != null) { + request.body.cancel(); + } return duplexAccessed && !hasContentType; }); @@ -44781,8 +45313,13 @@ const factory = (env) => { headers, withCredentials = 'same-origin', fetchOptions, + maxContentLength, + maxBodyLength, } = resolveConfig(config); + const hasMaxContentLength = utils.isNumber(maxContentLength) && maxContentLength > -1; + const hasMaxBodyLength = utils.isNumber(maxBodyLength) && maxBodyLength > -1; + let _fetch = envFetch || fetch; responseType = responseType ? (responseType + '').toLowerCase() : 'text'; @@ -44804,6 +45341,41 @@ const factory = (env) => { let requestContentLength; try { + // Enforce maxContentLength for data: URLs up-front so we never materialize + // an oversized payload. The HTTP adapter applies the same check (see http.js + // "if (protocol === 'data:')" branch). + if (hasMaxContentLength && typeof url === 'string' && url.startsWith('data:')) { + const estimated = estimateDataURLDecodedBytes(url); + if (estimated > maxContentLength) { + throw new core_AxiosError( + 'maxContentLength size of ' + maxContentLength + ' exceeded', + core_AxiosError.ERR_BAD_RESPONSE, + config, + request + ); + } + } + + // Enforce maxBodyLength against the outbound request body before dispatch. + // Mirrors http.js behavior (ERR_BAD_REQUEST / 'Request body larger than + // maxBodyLength limit'). Skip when the body length cannot be determined + // (e.g. a live ReadableStream supplied by the caller). + if (hasMaxBodyLength && method !== 'get' && method !== 'head') { + const outboundLength = await resolveBodyLength(headers, data); + if ( + typeof outboundLength === 'number' && + isFinite(outboundLength) && + outboundLength > maxBodyLength + ) { + throw new core_AxiosError( + 'Request body larger than maxBodyLength limit', + core_AxiosError.ERR_BAD_REQUEST, + config, + request + ); + } + } + if ( onUploadProgress && supportsRequestStream && @@ -44841,6 +45413,22 @@ const factory = (env) => { // see https://github.com/cloudflare/workerd/issues/902 const isCredentialsSupported = isRequestSupported && 'credentials' in Request.prototype; + // If data is FormData and Content-Type is multipart/form-data without boundary, + // delete it so fetch can set it correctly with the boundary + if (utils.isFormData(data)) { + const contentType = headers.getContentType(); + if ( + contentType && + /^multipart\/form-data/i.test(contentType) && + !/boundary=/i.test(contentType) + ) { + headers.delete('content-type'); + } + } + + // Set User-Agent header if not already set (fetch defaults to 'node' in Node.js) + headers.set('User-Agent', 'axios/' + VERSION, false); + const resolvedOptions = { ...fetchOptions, signal: composedSignal, @@ -44857,10 +45445,28 @@ const factory = (env) => { ? _fetch(request, fetchOptions) : _fetch(url, resolvedOptions)); + // Cheap pre-check: if the server honestly declares a content-length that + // already exceeds the cap, reject before we start streaming. + if (hasMaxContentLength) { + const declaredLength = utils.toFiniteNumber(response.headers.get('content-length')); + if (declaredLength != null && declaredLength > maxContentLength) { + throw new core_AxiosError( + 'maxContentLength size of ' + maxContentLength + ' exceeded', + core_AxiosError.ERR_BAD_RESPONSE, + config, + request + ); + } + } + const isStreamResponse = supportsResponseStream && (responseType === 'stream' || responseType === 'response'); - if (supportsResponseStream && (onDownloadProgress || (isStreamResponse && unsubscribe))) { + if ( + supportsResponseStream && + response.body && + (onDownloadProgress || hasMaxContentLength || (isStreamResponse && unsubscribe)) + ) { const options = {}; ['status', 'statusText', 'headers'].forEach((prop) => { @@ -44877,8 +45483,24 @@ const factory = (env) => { )) || []; + let bytesRead = 0; + const onChunkProgress = (loadedBytes) => { + if (hasMaxContentLength) { + bytesRead = loadedBytes; + if (bytesRead > maxContentLength) { + throw new core_AxiosError( + 'maxContentLength size of ' + maxContentLength + ' exceeded', + core_AxiosError.ERR_BAD_RESPONSE, + config, + request + ); + } + } + onProgress && onProgress(loadedBytes); + }; + response = new Response( - trackStream(response.body, DEFAULT_CHUNK_SIZE, onProgress, () => { + trackStream(response.body, DEFAULT_CHUNK_SIZE, onChunkProgress, () => { flush && flush(); unsubscribe && unsubscribe(); }), @@ -44893,6 +45515,33 @@ const factory = (env) => { config ); + // Fallback enforcement for environments without ReadableStream support + // (legacy runtimes). Detect materialized size from typed output; skip + // streams/Response passthrough since the user will read those themselves. + if (hasMaxContentLength && !supportsResponseStream && !isStreamResponse) { + let materializedSize; + if (responseData != null) { + if (typeof responseData.byteLength === 'number') { + materializedSize = responseData.byteLength; + } else if (typeof responseData.size === 'number') { + materializedSize = responseData.size; + } else if (typeof responseData === 'string') { + materializedSize = + typeof TextEncoder === 'function' + ? new TextEncoder().encode(responseData).byteLength + : responseData.length; + } + } + if (typeof materializedSize === 'number' && materializedSize > maxContentLength) { + throw new core_AxiosError( + 'maxContentLength size of ' + maxContentLength + ' exceeded', + core_AxiosError.ERR_BAD_RESPONSE, + config, + request + ); + } + } + !isStreamResponse && unsubscribe && unsubscribe(); return await new Promise((resolve, reject) => { @@ -44908,6 +45557,17 @@ const factory = (env) => { } catch (err) { unsubscribe && unsubscribe(); + // Safari can surface fetch aborts as a DOMException-like object whose + // branded getters throw. Prefer our composed signal reason before reading + // the caught error, preserving timeout vs cancellation semantics. + if (composedSignal && composedSignal.aborted && composedSignal.reason instanceof core_AxiosError) { + const canceledError = composedSignal.reason; + canceledError.config = config; + request && (canceledError.request = request); + err !== canceledError && (canceledError.cause = err); + throw canceledError; + } + if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) { throw Object.assign( new core_AxiosError( @@ -44985,11 +45645,13 @@ const knownAdapters = { utils.forEach(knownAdapters, (fn, value) => { if (fn) { try { - Object.defineProperty(fn, 'name', { value }); + // Null-proto descriptors so a polluted Object.prototype.get cannot turn + // these data descriptors into accessor descriptors on the way in. + Object.defineProperty(fn, 'name', { __proto__: null, value }); } catch (e) { // eslint-disable-next-line no-empty } - Object.defineProperty(fn, 'adapterName', { value }); + Object.defineProperty(fn, 'adapterName', { __proto__: null, value }); } }); @@ -45141,8 +45803,15 @@ function dispatchRequest(config) { function onAdapterResolution(response) { throwIfCancellationRequested(config); - // Transform response data - response.data = transformData.call(config, config.transformResponse, response); + // Expose the current response on config so that transformResponse can + // attach it to any AxiosError it throws (e.g. on JSON parse failure). + // We clean it up afterwards to avoid polluting the config object. + config.response = response; + try { + response.data = transformData.call(config, config.transformResponse, response); + } finally { + delete config.response; + } response.headers = core_AxiosHeaders.from(response.headers); @@ -45154,11 +45823,16 @@ function dispatchRequest(config) { // Transform response data if (reason && reason.response) { - reason.response.data = transformData.call( - config, - config.transformResponse, - reason.response - ); + config.response = reason.response; + try { + reason.response.data = transformData.call( + config, + config.transformResponse, + reason.response + ); + } finally { + delete config.response; + } reason.response.headers = core_AxiosHeaders.from(reason.response.headers); } } @@ -45257,7 +45931,9 @@ function assertOptions(options, schema, allowUnknown) { let i = keys.length; while (i-- > 0) { const opt = keys[i]; - const validator = schema[opt]; + // Use hasOwnProperty so a polluted Object.prototype. cannot supply + // a non-function validator and cause a TypeError. + const validator = Object.prototype.hasOwnProperty.call(schema, opt) ? schema[opt] : undefined; if (validator) { const value = options[opt]; const result = value === undefined || validator(value, opt, options); @@ -45431,7 +46107,7 @@ class Axios { let contextHeaders = headers && utils.merge(headers.common, headers[config.method]); headers && - utils.forEach(['delete', 'get', 'head', 'post', 'put', 'patch', 'common'], (method) => { + utils.forEach(['delete', 'get', 'head', 'post', 'put', 'patch', 'query', 'common'], (method) => { delete headers[method]; }); @@ -45534,7 +46210,7 @@ utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData }; }); -utils.forEach(['post', 'put', 'patch'], function forEachMethodWithData(method) { +utils.forEach(['post', 'put', 'patch', 'query'], function forEachMethodWithData(method) { function generateHTTPMethod(isForm) { return function httpMethod(url, data, config) { return this.request( @@ -45554,7 +46230,11 @@ utils.forEach(['post', 'put', 'patch'], function forEachMethodWithData(method) { Axios.prototype[method] = generateHTTPMethod(); - Axios.prototype[method + 'Form'] = generateHTTPMethod(true); + // QUERY is a safe/idempotent read method; multipart form bodies don't fit + // its semantics, so no queryForm shorthand is generated. + if (method !== 'query') { + Axios.prototype[method + 'Form'] = generateHTTPMethod(true); + } }); /* harmony default export */ const core_Axios = (Axios); diff --git a/yarn.lock b/yarn.lock index b32fb29..2d34029 100644 --- a/yarn.lock +++ b/yarn.lock @@ -297,11 +297,11 @@ asynckit@^0.4.0: integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== axios@^1.9.0: - version "1.15.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.15.0.tgz#0fcee91ef03d386514474904b27863b2c683bf4f" - integrity "sha1-D87pHvA9OGUUR0kEsnhjssaDv08= sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==" + version "1.16.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.16.0.tgz#f8e5dd931cef2a5f8c32216d5784eda2f8750eb7" + integrity "sha1-+OXdkxzvKl+MMiFtV4Ttovh1Drc= sha512-6hp5CwvTPlN2A31g5dxnwAX0orzM7pmCRDLnZSX772mv8WDqICwFjowHuPs04Mc8deIld1+ejhtaMn5vp6b+1w==" dependencies: - follow-redirects "^1.15.11" + follow-redirects "^1.16.0" form-data "^4.0.5" proxy-from-env "^2.1.0" @@ -791,10 +791,10 @@ flatted@^3.2.9: resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.4.2.tgz#f5c23c107f0f37de8dbdf24f13722b3b98d52726" integrity "sha1-9cI8EH8PN96NvfJPE3IrO5jVJyY= sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==" -follow-redirects@^1.15.11: +follow-redirects@^1.16.0: version "1.16.0" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.16.0.tgz#28474a159d3b9d11ef62050a14ed60e4df6d61bc" - integrity "sha1-KEdKFZ07nRHvYgUKFO1g5N9tYbw= sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==" + integrity sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw== form-data@^4.0.5: version "4.0.5"