minipass-fetch
Advanced tools
Comparing version 1.3.4 to 1.4.0
@@ -97,15 +97,2 @@ 'use strict' | ||
req.on('error', er => { | ||
// if a 'response' event is emitted before the 'error' event, then by the | ||
// time this handler is run it's too late to reject the Promise for the | ||
// response. instead, we forward the error event to the response stream | ||
// so that the error will surface to the user when they try to consume | ||
// the body. this is done as a side effect of aborting the request except | ||
// for in windows, where we must forward the event manually, otherwise | ||
// there is no longer a ref'd socket attached to the request and the | ||
// stream never ends so the event loop runs out of work and the process | ||
// exits without warning. | ||
// coverage skipped here due to the difficulty in testing | ||
// istanbul ignore next | ||
if (req.res) | ||
req.res.emit('error', er) | ||
reject(new FetchError(`request to ${request.url} failed, reason: ${ | ||
@@ -303,12 +290,4 @@ er.message}`, 'system', er)) | ||
// for br | ||
if (codings == 'br') { | ||
// ignoring coverage so tests don't have to fake support (or lack of) for brotli | ||
// istanbul ignore next | ||
try { | ||
var decoder = new zlib.BrotliDecompress() | ||
} catch (err) { | ||
reject(err) | ||
finalize() | ||
return | ||
} | ||
if (codings == 'br' && typeof zlib.BrotliDecompress === 'function') { | ||
const decoder = new zlib.BrotliDecompress() | ||
// exceedingly rare that the stream would have an error, | ||
@@ -315,0 +294,0 @@ // but just in case we proxy it to the stream in use. |
@@ -80,3 +80,2 @@ 'use strict' | ||
ecdhCurve, | ||
family, | ||
honorCipherOrder, | ||
@@ -86,3 +85,3 @@ key, | ||
pfx, | ||
rejectUnauthorized = true, | ||
rejectUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED !== '0', | ||
secureOptions, | ||
@@ -107,3 +106,2 @@ secureProtocol, | ||
ecdhCurve, | ||
family, | ||
honorCipherOrder, | ||
@@ -216,3 +214,2 @@ key, | ||
ecdhCurve, | ||
family, | ||
honorCipherOrder, | ||
@@ -244,3 +241,2 @@ key, | ||
ecdhCurve, | ||
family, | ||
honorCipherOrder, | ||
@@ -247,0 +243,0 @@ key, |
{ | ||
"name": "minipass-fetch", | ||
"version": "1.3.4", | ||
"version": "1.4.0", | ||
"description": "An implementation of window.fetch in Node.js using Minipass streams", | ||
@@ -25,7 +25,6 @@ "license": "MIT", | ||
"string-to-arraybuffer": "^1.0.2", | ||
"tap": "^14.6.9", | ||
"tap": "^15.0.9", | ||
"whatwg-url": "^7.0.0" | ||
}, | ||
"dependencies": { | ||
"encoding": "^0.1.12", | ||
"minipass": "^3.1.0", | ||
@@ -32,0 +31,0 @@ "minipass-sized": "^1.0.3", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
4
11
42141
1183
1
1
- Removedencoding@^0.1.12