@vercel/node-bridge
Advanced tools
Comparing version 3.1.8 to 3.1.9
603
helpers.js
module.exports = | ||
/******/ (() => { // webpackBootstrap | ||
/******/ "use strict"; | ||
/******/ var __webpack_modules__ = ({ | ||
/***/ 93: | ||
/***/ ((__unused_webpack_module, exports) => { | ||
/*! | ||
* content-type | ||
* Copyright(c) 2015 Douglas Christopher Wilson | ||
* MIT Licensed | ||
*/ | ||
/** | ||
* RegExp to match *( ";" parameter ) in RFC 7231 sec 3.1.1.1 | ||
* | ||
* parameter = token "=" ( token / quoted-string ) | ||
* token = 1*tchar | ||
* tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" | ||
* / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" | ||
* / DIGIT / ALPHA | ||
* ; any VCHAR, except delimiters | ||
* quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE | ||
* qdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text | ||
* obs-text = %x80-FF | ||
* quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text ) | ||
*/ | ||
var PARAM_REGEXP = /; *([!#$%&'*+.^_`|~0-9A-Za-z-]+) *= *("(?:[\u000b\u0020\u0021\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u000b\u0020-\u00ff])*"|[!#$%&'*+.^_`|~0-9A-Za-z-]+) */g | ||
var TEXT_REGEXP = /^[\u000b\u0020-\u007e\u0080-\u00ff]+$/ | ||
var TOKEN_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/ | ||
/** | ||
* RegExp to match quoted-pair in RFC 7230 sec 3.2.6 | ||
* | ||
* quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text ) | ||
* obs-text = %x80-FF | ||
*/ | ||
var QESC_REGEXP = /\\([\u000b\u0020-\u00ff])/g | ||
/** | ||
* RegExp to match chars that must be quoted-pair in RFC 7230 sec 3.2.6 | ||
*/ | ||
var QUOTE_REGEXP = /([\\"])/g | ||
/** | ||
* RegExp to match type in RFC 7231 sec 3.1.1.1 | ||
* | ||
* media-type = type "/" subtype | ||
* type = token | ||
* subtype = token | ||
*/ | ||
var TYPE_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+\/[!#$%&'*+.^_`|~0-9A-Za-z-]+$/ | ||
/** | ||
* Module exports. | ||
* @public | ||
*/ | ||
exports.format = format | ||
exports.parse = parse | ||
/** | ||
* Format object to media type. | ||
* | ||
* @param {object} obj | ||
* @return {string} | ||
* @public | ||
*/ | ||
function format (obj) { | ||
if (!obj || typeof obj !== 'object') { | ||
throw new TypeError('argument obj is required') | ||
} | ||
var parameters = obj.parameters | ||
var type = obj.type | ||
if (!type || !TYPE_REGEXP.test(type)) { | ||
throw new TypeError('invalid type') | ||
} | ||
var string = type | ||
// append parameters | ||
if (parameters && typeof parameters === 'object') { | ||
var param | ||
var params = Object.keys(parameters).sort() | ||
for (var i = 0; i < params.length; i++) { | ||
param = params[i] | ||
if (!TOKEN_REGEXP.test(param)) { | ||
throw new TypeError('invalid parameter name') | ||
} | ||
string += '; ' + param + '=' + qstring(parameters[param]) | ||
} | ||
} | ||
return string | ||
} | ||
/** | ||
* Parse media type to object. | ||
* | ||
* @param {string|object} string | ||
* @return {Object} | ||
* @public | ||
*/ | ||
function parse (string) { | ||
if (!string) { | ||
throw new TypeError('argument string is required') | ||
} | ||
// support req/res-like objects as argument | ||
var header = typeof string === 'object' | ||
? getcontenttype(string) | ||
: string | ||
if (typeof header !== 'string') { | ||
throw new TypeError('argument string is required to be a string') | ||
} | ||
var index = header.indexOf(';') | ||
var type = index !== -1 | ||
? header.substr(0, index).trim() | ||
: header.trim() | ||
if (!TYPE_REGEXP.test(type)) { | ||
throw new TypeError('invalid media type') | ||
} | ||
var obj = new ContentType(type.toLowerCase()) | ||
// parse parameters | ||
if (index !== -1) { | ||
var key | ||
var match | ||
var value | ||
PARAM_REGEXP.lastIndex = index | ||
while ((match = PARAM_REGEXP.exec(header))) { | ||
if (match.index !== index) { | ||
throw new TypeError('invalid parameter format') | ||
} | ||
index += match[0].length | ||
key = match[1].toLowerCase() | ||
value = match[2] | ||
if (value[0] === '"') { | ||
// remove quotes and escapes | ||
value = value | ||
.substr(1, value.length - 2) | ||
.replace(QESC_REGEXP, '$1') | ||
} | ||
obj.parameters[key] = value | ||
} | ||
if (index !== header.length) { | ||
throw new TypeError('invalid parameter format') | ||
} | ||
} | ||
return obj | ||
} | ||
/** | ||
* Get content-type from req/res objects. | ||
* | ||
* @param {object} | ||
* @return {Object} | ||
* @private | ||
*/ | ||
function getcontenttype (obj) { | ||
var header | ||
if (typeof obj.getHeader === 'function') { | ||
// res-like | ||
header = obj.getHeader('content-type') | ||
} else if (typeof obj.headers === 'object') { | ||
// req-like | ||
header = obj.headers && obj.headers['content-type'] | ||
} | ||
if (typeof header !== 'string') { | ||
throw new TypeError('content-type header is missing from object') | ||
} | ||
return header | ||
} | ||
/** | ||
* Quote a string if necessary. | ||
* | ||
* @param {string} val | ||
* @return {string} | ||
* @private | ||
*/ | ||
function qstring (val) { | ||
var str = String(val) | ||
// no need to quote tokens | ||
if (TOKEN_REGEXP.test(str)) { | ||
return str | ||
} | ||
if (str.length > 0 && !TEXT_REGEXP.test(str)) { | ||
throw new TypeError('invalid parameter value') | ||
} | ||
return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"' | ||
} | ||
/** | ||
* Class to represent a content type. | ||
* @private | ||
*/ | ||
function ContentType (type) { | ||
this.parameters = Object.create(null) | ||
this.type = type | ||
} | ||
/***/ }), | ||
/***/ 433: | ||
/***/ ((__unused_webpack_module, exports) => { | ||
/*! | ||
* cookie | ||
* Copyright(c) 2012-2014 Roman Shtylman | ||
* Copyright(c) 2015 Douglas Christopher Wilson | ||
* MIT Licensed | ||
*/ | ||
/** | ||
* Module exports. | ||
* @public | ||
*/ | ||
exports.parse = parse; | ||
exports.serialize = serialize; | ||
/** | ||
* Module variables. | ||
* @private | ||
*/ | ||
var decode = decodeURIComponent; | ||
var encode = encodeURIComponent; | ||
var pairSplitRegExp = /; */; | ||
/** | ||
* RegExp to match field-content in RFC 7230 sec 3.2 | ||
* | ||
* field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] | ||
* field-vchar = VCHAR / obs-text | ||
* obs-text = %x80-FF | ||
*/ | ||
var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/; | ||
/** | ||
* Parse a cookie header. | ||
* | ||
* Parse the given cookie header string into an object | ||
* The object has the various cookies as keys(names) => values | ||
* | ||
* @param {string} str | ||
* @param {object} [options] | ||
* @return {object} | ||
* @public | ||
*/ | ||
function parse(str, options) { | ||
if (typeof str !== 'string') { | ||
throw new TypeError('argument str must be a string'); | ||
} | ||
var obj = {} | ||
var opt = options || {}; | ||
var pairs = str.split(pairSplitRegExp); | ||
var dec = opt.decode || decode; | ||
for (var i = 0; i < pairs.length; i++) { | ||
var pair = pairs[i]; | ||
var eq_idx = pair.indexOf('='); | ||
// skip things that don't look like key=value | ||
if (eq_idx < 0) { | ||
continue; | ||
} | ||
var key = pair.substr(0, eq_idx).trim() | ||
var val = pair.substr(++eq_idx, pair.length).trim(); | ||
// quoted values | ||
if ('"' == val[0]) { | ||
val = val.slice(1, -1); | ||
} | ||
// only assign once | ||
if (undefined == obj[key]) { | ||
obj[key] = tryDecode(val, dec); | ||
} | ||
} | ||
return obj; | ||
} | ||
/** | ||
* Serialize data into a cookie header. | ||
* | ||
* Serialize the a name value pair into a cookie string suitable for | ||
* http headers. An optional options object specified cookie parameters. | ||
* | ||
* serialize('foo', 'bar', { httpOnly: true }) | ||
* => "foo=bar; httpOnly" | ||
* | ||
* @param {string} name | ||
* @param {string} val | ||
* @param {object} [options] | ||
* @return {string} | ||
* @public | ||
*/ | ||
function serialize(name, val, options) { | ||
var opt = options || {}; | ||
var enc = opt.encode || encode; | ||
if (typeof enc !== 'function') { | ||
throw new TypeError('option encode is invalid'); | ||
} | ||
if (!fieldContentRegExp.test(name)) { | ||
throw new TypeError('argument name is invalid'); | ||
} | ||
var value = enc(val); | ||
if (value && !fieldContentRegExp.test(value)) { | ||
throw new TypeError('argument val is invalid'); | ||
} | ||
var str = name + '=' + value; | ||
if (null != opt.maxAge) { | ||
var maxAge = opt.maxAge - 0; | ||
if (isNaN(maxAge)) throw new Error('maxAge should be a Number'); | ||
str += '; Max-Age=' + Math.floor(maxAge); | ||
} | ||
if (opt.domain) { | ||
if (!fieldContentRegExp.test(opt.domain)) { | ||
throw new TypeError('option domain is invalid'); | ||
} | ||
str += '; Domain=' + opt.domain; | ||
} | ||
if (opt.path) { | ||
if (!fieldContentRegExp.test(opt.path)) { | ||
throw new TypeError('option path is invalid'); | ||
} | ||
str += '; Path=' + opt.path; | ||
} | ||
if (opt.expires) { | ||
if (typeof opt.expires.toUTCString !== 'function') { | ||
throw new TypeError('option expires is invalid'); | ||
} | ||
str += '; Expires=' + opt.expires.toUTCString(); | ||
} | ||
if (opt.httpOnly) { | ||
str += '; HttpOnly'; | ||
} | ||
if (opt.secure) { | ||
str += '; Secure'; | ||
} | ||
if (opt.sameSite) { | ||
var sameSite = typeof opt.sameSite === 'string' | ||
? opt.sameSite.toLowerCase() : opt.sameSite; | ||
switch (sameSite) { | ||
case true: | ||
str += '; SameSite=Strict'; | ||
break; | ||
case 'lax': | ||
str += '; SameSite=Lax'; | ||
break; | ||
case 'strict': | ||
str += '; SameSite=Strict'; | ||
break; | ||
case 'none': | ||
str += '; SameSite=None'; | ||
break; | ||
default: | ||
throw new TypeError('option sameSite is invalid'); | ||
} | ||
} | ||
return str; | ||
} | ||
/** | ||
* Try decoding a string using a decoding function. | ||
* | ||
* @param {string} str | ||
* @param {function} decode | ||
* @private | ||
*/ | ||
function tryDecode(str, decode) { | ||
try { | ||
return decode(str); | ||
} catch (e) { | ||
return str; | ||
} | ||
} | ||
/***/ }), | ||
/***/ 455: | ||
/***/ ((module, __unused_webpack_exports, __webpack_require__) => { | ||
/*! | ||
* etag | ||
* Copyright(c) 2014-2016 Douglas Christopher Wilson | ||
* MIT Licensed | ||
*/ | ||
/** | ||
* Module exports. | ||
* @public | ||
*/ | ||
module.exports = etag | ||
/** | ||
* Module dependencies. | ||
* @private | ||
*/ | ||
var crypto = __webpack_require__(417) | ||
var Stats = __webpack_require__(747).Stats | ||
/** | ||
* Module variables. | ||
* @private | ||
*/ | ||
var toString = Object.prototype.toString | ||
/** | ||
* Generate an entity tag. | ||
* | ||
* @param {Buffer|string} entity | ||
* @return {string} | ||
* @private | ||
*/ | ||
function entitytag (entity) { | ||
if (entity.length === 0) { | ||
// fast-path empty | ||
return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"' | ||
} | ||
// compute hash of entity | ||
var hash = crypto | ||
.createHash('sha1') | ||
.update(entity, 'utf8') | ||
.digest('base64') | ||
.substring(0, 27) | ||
// compute length of entity | ||
var len = typeof entity === 'string' | ||
? Buffer.byteLength(entity, 'utf8') | ||
: entity.length | ||
return '"' + len.toString(16) + '-' + hash + '"' | ||
} | ||
/** | ||
* Create a simple ETag. | ||
* | ||
* @param {string|Buffer|Stats} entity | ||
* @param {object} [options] | ||
* @param {boolean} [options.weak] | ||
* @return {String} | ||
* @public | ||
*/ | ||
function etag (entity, options) { | ||
if (entity == null) { | ||
throw new TypeError('argument entity is required') | ||
} | ||
// support fs.Stats object | ||
var isStats = isstats(entity) | ||
var weak = options && typeof options.weak === 'boolean' | ||
? options.weak | ||
: isStats | ||
// validate argument | ||
if (!isStats && typeof entity !== 'string' && !Buffer.isBuffer(entity)) { | ||
throw new TypeError('argument entity must be string, Buffer, or fs.Stats') | ||
} | ||
// generate entity tag | ||
var tag = isStats | ||
? stattag(entity) | ||
: entitytag(entity) | ||
return weak | ||
? 'W/' + tag | ||
: tag | ||
} | ||
/** | ||
* Determine if object is a Stats object. | ||
* | ||
* @param {object} obj | ||
* @return {boolean} | ||
* @api private | ||
*/ | ||
function isstats (obj) { | ||
// genuine fs.Stats | ||
if (typeof Stats === 'function' && obj instanceof Stats) { | ||
return true | ||
} | ||
// quack quack | ||
return obj && typeof obj === 'object' && | ||
'ctime' in obj && toString.call(obj.ctime) === '[object Date]' && | ||
'mtime' in obj && toString.call(obj.mtime) === '[object Date]' && | ||
'ino' in obj && typeof obj.ino === 'number' && | ||
'size' in obj && typeof obj.size === 'number' | ||
} | ||
/** | ||
* Generate a tag for a stat. | ||
* | ||
* @param {object} stat | ||
* @return {string} | ||
* @private | ||
*/ | ||
function stattag (stat) { | ||
var mtime = stat.mtime.getTime().toString(16) | ||
var size = stat.size.toString(16) | ||
return '"' + size + '-' + mtime + '"' | ||
} | ||
/***/ }), | ||
/***/ 371: | ||
/***/ ((__unused_webpack_module, exports, __webpack_require__) => { | ||
"use strict"; | ||
@@ -19,3 +591,3 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); | ||
// eslint-disable-next-line @typescript-eslint/no-var-requires | ||
const { parse: parseContentType } = __webpack_require__(909); | ||
const { parse: parseContentType } = __webpack_require__(93); | ||
const { type } = parseContentType(req.headers['content-type']); | ||
@@ -61,3 +633,3 @@ if (type === 'application/json') { | ||
// eslint-disable-next-line @typescript-eslint/no-var-requires | ||
const { parse } = __webpack_require__(40); | ||
const { parse } = __webpack_require__(433); | ||
return parse(Array.isArray(header) ? header.join(';') : header); | ||
@@ -83,3 +655,3 @@ }; | ||
// eslint-disable-next-line @typescript-eslint/no-var-requires | ||
const { parse, format } = __webpack_require__(909); | ||
const { parse, format } = __webpack_require__(93); | ||
const parsed = parse(type); | ||
@@ -92,3 +664,3 @@ parsed.parameters.charset = charset; | ||
// eslint-disable-next-line @typescript-eslint/no-var-requires | ||
const etag = __webpack_require__(737); | ||
const etag = __webpack_require__(455); | ||
const buf = !Buffer.isBuffer(body) ? Buffer.from(body, encoding) : body; | ||
@@ -263,30 +835,19 @@ return etag(buf, { weak: true }); | ||
/***/ 909: | ||
/***/ 417: | ||
/***/ ((module) => { | ||
module.exports = eval("require")("content-type"); | ||
module.exports = require("crypto"); | ||
/***/ }), | ||
/***/ 40: | ||
/***/ 747: | ||
/***/ ((module) => { | ||
module.exports = eval("require")("cookie"); | ||
module.exports = require("fs"); | ||
/***/ }), | ||
/***/ 737: | ||
/***/ ((module) => { | ||
module.exports = eval("require")("etag"); | ||
/***/ }), | ||
/***/ 605: | ||
/***/ ((module) => { | ||
"use strict"; | ||
module.exports = require("http"); | ||
@@ -299,3 +860,2 @@ | ||
"use strict"; | ||
module.exports = require("querystring"); | ||
@@ -308,3 +868,2 @@ | ||
"use strict"; | ||
module.exports = require("url"); | ||
@@ -311,0 +870,0 @@ |
{ | ||
"name": "@vercel/node-bridge", | ||
"version": "3.1.8", | ||
"version": "3.1.9", | ||
"license": "MIT", | ||
@@ -26,2 +26,5 @@ "main": "./index.js", | ||
"@types/node": "14.18.33", | ||
"content-type": "1.0.4", | ||
"cookie": "0.4.0", | ||
"etag": "1.8.1", | ||
"execa": "3.2.0", | ||
@@ -33,3 +36,3 @@ "fs-extra": "10.0.0", | ||
}, | ||
"gitHead": "b5cdc82a1cca4d0b3369490f8a19fd8f8478fe94" | ||
"gitHead": "6d97e1673e8466cae9689cbb9f03e2a2255c2aa3" | ||
} |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
180837
4882
4
10
9