deps: update undici to 5.4.0

PR-URL: #43262 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Darshan Sen <[email protected]>

Author: nodejs-github-bot

deps/undici/src/README.md

@@ -288,6 +288,15 @@ const headers = await fetch(url)
  .then(res=>res.headers)
 ```
 
+##### Forbidden and Safelisted Header Names
+
+*https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
+*https://fetch.spec.whatwg.org/#forbidden-header-name
+*https://fetch.spec.whatwg.org/#forbidden-response-header-name
+*https://github.com/wintercg/fetch/issues/6
+
+The [Fetch Standard](https://fetch.spec.whatwg.org) requires implementations to exclude certain headers from requests and responses. In browser environments, some headers are forbidden so the user agent remains in full control over them. In Undici, these constraints are removed to give more control to the user.
+
 ### `undici.upgrade([url, options]): Promise`
 
 Upgrade to a different protocol. See [MDN - HTTP - Protocol upgrade mechanism](https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism) for more details.

deps/undici/src/docs/api/MockPool.md

@@ -57,6 +57,7 @@ Returns: `MockInterceptor` corresponding to the input options.
 ***method**`string | RegExp | (method: string) => boolean` - a matcher for the HTTP request method.
 ***body**`string | RegExp | (body: string) => boolean` - (optional) - a matcher for the HTTP request body.
 ***headers**`Record<string, string | RegExp | (body: string) => boolean`> - (optional) - a matcher for the HTTP request headers. To be intercepted, a request must match all defined headers. Extra headers not defined here may (or may not) be included in the request and do not affect the interception in any way.
+***query**`Record<string, any> | null` - (optional) - a matcher for the HTTP request query string params.
 
 ### Return: `MockInterceptor`
 

deps/undici/src/lib/client.js

@@ -873,6 +873,11 @@ class Parser{
 // have been queued since then.
 util.destroy(socket,newInformationalError('reset'))
 returnconstants.ERROR.PAUSED
+}elseif(client[kPipelining]===1){
+// We must wait a full event loop cycle to reuse this socket to make sure
+// that non-spec compliant servers are not closing the connection even if they
+// said they won't.
+setImmediate(resume,client)
 }else{
 resume(client)
 }

deps/undici/src/lib/fetch/constants.js

@@ -1,28 +1,5 @@
 'use strict'
 
-constforbiddenHeaderNames=[
-'accept-charset',
-'accept-encoding',
-'access-control-request-headers',
-'access-control-request-method',
-'connection',
-'content-length',
-'cookie',
-'cookie2',
-'date',
-'dnt',
-'expect',
-'host',
-'keep-alive',
-'origin',
-'referer',
-'te',
-'trailer',
-'transfer-encoding',
-'upgrade',
-'via'
-]
-
 constcorsSafeListedMethods=['GET','HEAD','POST']
 
 constnullBodyStatus=[101,204,205,304]
@@ -58,9 +35,6 @@ const requestCache = [
 'only-if-cached'
 ]
 
-// https://fetch.spec.whatwg.org/#forbidden-response-header-name
-constforbiddenResponseHeaderNames=['set-cookie','set-cookie2']
-
 constrequestBodyHeader=[
 'content-encoding',
 'content-language',
@@ -86,20 +60,15 @@ const subresource = [
 ''
 ]
 
-constcorsSafeListedResponseHeaderNames=[]// TODO
-
 module.exports={
  subresource,
- forbiddenResponseHeaderNames,
- corsSafeListedResponseHeaderNames,
  forbiddenMethods,
  requestBodyHeader,
  referrerPolicy,
  requestRedirect,
  requestMode,
  requestCredentials,
  requestCache,
- forbiddenHeaderNames,
  redirectStatus,
  corsSafeListedMethods,
  nullBodyStatus,

deps/undici/src/lib/fetch/formdata.js

@@ -243,8 +243,8 @@ function makeEntry (name, value, filename){
 // object, representing the same bytes, whose name attribute value is "blob".
 if(isBlobLike(value)&&!isFileLike(value)){
 value=valueinstanceofBlob
- ? newFile([value],'blob')
- : newFileLike(value,'blob')
+ ? newFile([value],'blob',value)
+ : newFileLike(value,'blob',value)
 }
 
 // 4. If value is (now) a File object and filename is given, then set value to a
@@ -256,8 +256,8 @@ function makeEntry (name, value, filename){
 // creating one more File instance doesn't make much sense....
 if(isFileLike(value)&&filename!=null){
 value=valueinstanceofFile
- ? newFile([value],filename)
- : newFileLike(value,filename)
+ ? newFile([value],filename,value)
+ : newFileLike(value,filename,value)
 }
 
 // 5. Set entry’s value to value.

deps/undici/src/lib/fetch/headers.js

@@ -6,10 +6,6 @@ const{validateHeaderName, validateHeaderValue } = require('http')
 const{ kHeadersList }=require('../core/symbols')
 const{ kGuard }=require('./symbols')
 const{ kEnumerableProperty }=require('../core/util')
-const{
- forbiddenHeaderNames,
- forbiddenResponseHeaderNames
-}=require('./constants')
 
 constkHeadersMap=Symbol('headers map')
 constkHeadersSortedMap=Symbol('headers map sorted')
@@ -115,6 +111,11 @@ class HeadersList{
 }
 }
 
+clear(){
+this[kHeadersMap].clear()
+this[kHeadersSortedMap]=null
+}
+
 append(name,value){
 this[kHeadersSortedMap]=null
 
@@ -211,22 +212,11 @@ class Headers{
 )
 }
 
-constnormalizedName=normalizeAndValidateHeaderName(String(name))
-
+// Note: undici does not implement forbidden header names
 if(this[kGuard]==='immutable'){
 thrownewTypeError('immutable')
-}elseif(
-this[kGuard]==='request'&&
-forbiddenHeaderNames.includes(normalizedName)
-){
-return
 }elseif(this[kGuard]==='request-no-cors'){
 // TODO
-}elseif(
-this[kGuard]==='response'&&
-forbiddenResponseHeaderNames.includes(normalizedName)
-){
-return
 }
 
 returnthis[kHeadersList].append(String(name),String(value))
@@ -244,22 +234,11 @@ class Headers{
 )
 }
 
-constnormalizedName=normalizeAndValidateHeaderName(String(name))
-
+// Note: undici does not implement forbidden header names
 if(this[kGuard]==='immutable'){
 thrownewTypeError('immutable')
-}elseif(
-this[kGuard]==='request'&&
-forbiddenHeaderNames.includes(normalizedName)
-){
-return
 }elseif(this[kGuard]==='request-no-cors'){
 // TODO
-}elseif(
-this[kGuard]==='response'&&
-forbiddenResponseHeaderNames.includes(normalizedName)
-){
-return
 }
 
 returnthis[kHeadersList].delete(String(name))
@@ -307,20 +286,11 @@ class Headers{
 )
 }
 
+// Note: undici does not implement forbidden header names
 if(this[kGuard]==='immutable'){
 thrownewTypeError('immutable')
-}elseif(
-this[kGuard]==='request'&&
-forbiddenHeaderNames.includes(String(name).toLocaleLowerCase())
-){
-return
 }elseif(this[kGuard]==='request-no-cors'){
 // TODO
-}elseif(
-this[kGuard]==='response'&&
-forbiddenResponseHeaderNames.includes(String(name).toLocaleLowerCase())
-){
-return
 }
 
 returnthis[kHeadersList].set(String(name),String(value))

deps/undici/src/lib/fetch/request.js

@@ -384,8 +384,8 @@ class Request{
 // Realm, whose header list is request’s header list and guard is
 // "request".
 this[kHeaders]=newHeaders()
-this[kHeaders][kGuard]='request'
 this[kHeaders][kHeadersList]=request.headersList
+this[kHeaders][kGuard]='request'
 this[kHeaders][kRealm]=this[kRealm]
 
 // 31. If this’s request’s mode is "no-cors", then:
@@ -406,26 +406,25 @@ class Request{
 if(Object.keys(init).length!==0){
 // 1. Let headers be a copy of this’s headers and its associated header
 // list.
-letheaders=newHeaders(this.headers)
+letheaders=newHeaders(this[kHeaders])
 
 // 2. If init["headers"] exists, then set headers to init["headers"].
 if(init.headers!==undefined){
 headers=init.headers
 }
 
 // 3. Empty this’s headers’s header list.
-this[kState].headersList=newHeadersList()
-this[kHeaders][kHeadersList]=this[kState].headersList
+this[kHeaders][kHeadersList].clear()
 
 // 4. If headers is a Headers object, then for each header in its header
 // list, append header’s name/header’s value to this’s headers.
 if(headers.constructor.name==='Headers'){
-for(const[key,val]ofheaders[kHeadersList]||headers){
+for(const[key,val]ofheaders){
 this[kHeaders].append(key,val)
 }
 }else{
 // 5. Otherwise, fill this’s headers with headers.
-fillHeaders(this[kState].headersList,headers)
+fillHeaders(this[kHeaders],headers)
 }
 }
 

deps/undici/src/lib/fetch/response.js

@@ -8,9 +8,7 @@ const{kEnumerableProperty } = util
 const{ responseURL, isValidReasonPhrase, toUSVString, isCancelled, isAborted, serializeJavascriptValueToJSONString }=require('./util')
 const{
  redirectStatus,
- nullBodyStatus,
- forbiddenResponseHeaderNames,
- corsSafeListedResponseHeaderNames
+ nullBodyStatus
 }=require('./constants')
 const{ kState, kHeaders, kGuard, kRealm }=require('./symbols')
 const{ kHeadersList }=require('../core/symbols')
@@ -380,28 +378,6 @@ function makeFilteredResponse (response, state){
 })
 }
 
-functionmakeFilteredHeadersList(headersList,filter){
-returnnewProxy(headersList,{
-get(target,prop){
-// Override methods used by Headers class.
-if(prop==='get'||prop==='has'){
-constdefaultReturn=prop==='has' ? false : null
-return(name)=>filter(name) ? target[prop](name) : defaultReturn
-}elseif(prop===Symbol.iterator){
-returnfunction*(){
-for(constentryoftarget){
-if(filter(entry[0])){
-yieldentry
-}
-}
-}
-}else{
-returntarget[prop]
-}
-}
-})
-}
-
 // https://fetch.spec.whatwg.org/#concept-filtered-response
 functionfilterResponse(response,type){
 // Set response to the following filtered response with response as its
@@ -411,22 +387,21 @@ function filterResponse (response, type){
 // and header list excludes any headers in internal response’s header list
 // whose name is a forbidden response-header name.
 
+// Note: undici does not implement forbidden response-header names
 returnmakeFilteredResponse(response,{
 type: 'basic',
-headersList: makeFilteredHeadersList(
-response.headersList,
-(name)=>!forbiddenResponseHeaderNames.includes(name.toLowerCase())
-)
+headersList: response.headersList
 })
 }elseif(type==='cors'){
 // A CORS filtered response is a filtered response whose type is "cors"
 // and header list excludes any headers in internal response’s header
 // list whose name is not a CORS-safelisted response-header name, given
 // internal response’s CORS-exposed header-name list.
 
+// Note: undici does not implement CORS-safelisted response-header names
 returnmakeFilteredResponse(response,{
 type: 'cors',
-headersList: makeFilteredHeadersList(response.headersList,(name)=>!corsSafeListedResponseHeaderNames.includes(name))
+headersList: response.headersList
 })
 }elseif(type==='opaque'){
 // An opaque filtered response is a filtered response whose type is
@@ -449,7 +424,7 @@ function filterResponse (response, type){
 type: 'opaqueredirect',
 status: 0,
 statusText: '',
-headersList: makeFilteredHeadersList(response.headersList,()=>false),
+headersList: [],
 body: null
 })
 }else{

deps/undici/src/lib/mock/mock-interceptor.js

@@ -10,6 +10,7 @@ const{
  kMockDispatch
 }=require('./mock-symbols')
 const{ InvalidArgumentError }=require('../core/errors')
+const{ buildURL }=require('../core/util')
 
 /**
  * Defines the scope API for an interceptor reply
@@ -70,9 +71,13 @@ class MockInterceptor{
 // As per RFC 3986, clients are not supposed to send URI
 // fragments to servers when they retrieve a document,
 if(typeofopts.path==='string'){
-// Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811
-constparsedURL=newURL(opts.path,'data://')
-opts.path=parsedURL.pathname+parsedURL.search
+if(opts.query){
+opts.path=buildURL(opts.path,opts.query)
+}else{
+// Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811
+constparsedURL=newURL(opts.path,'data://')
+opts.path=parsedURL.pathname+parsedURL.search
+}
 }
 if(typeofopts.method==='string'){
 opts.method=opts.method.toUpperCase()

deps/undici/src/lib/mock/mock-utils.js

@@ -8,6 +8,7 @@ const{
  kOrigin,
  kGetNetConnect
 }=require('./mock-symbols')
+const{ buildURL }=require('../core/util')
 
 functionmatchValue(match,value){
 if(typeofmatch==='string'){
@@ -98,10 +99,12 @@ function getResponseData (data){
 }
 
 functiongetMockDispatch(mockDispatches,key){
+constresolvedPath=key.query ? buildURL(key.path,key.query) : key.path
+
 // Match path
-letmatchedMockDispatches=mockDispatches.filter(({ consumed })=>!consumed).filter(({ path })=>matchValue(path,key.path))
+letmatchedMockDispatches=mockDispatches.filter(({ consumed })=>!consumed).filter(({ path })=>matchValue(path,resolvedPath))
 if(matchedMockDispatches.length===0){
-thrownewMockNotMatchedError(`Mock dispatch not matched for path '${key.path}'`)
+thrownewMockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`)
 }
 
 // Match method
@@ -146,12 +149,13 @@ function deleteMockDispatch (mockDispatches, key){
 }
 
 functionbuildKey(opts){
-const{ path, method, body, headers }=opts
+const{ path, method, body, headers, query}=opts
 return{
  path,
  method,
  body,
- headers
+ headers,
+ query
 }
 }