Merge branch 'master' into remove-llnode-tierlist

.github/workflows/authors.yml

@@ -16,7 +16,9 @@ jobs:
           fetch-depth: '0'  # This is required to actually get all the authors
           persist-credentials: false
       - run: tools/update-authors.mjs  # Run the AUTHORS tool
-      - uses: gr2m/create-or-update-pull-request-action@v1  # Create a PR or update the Action's existing PR
+      - uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
+        # Creates a PR or update the Action's existing PR, or
+        # no-op if the base branch is already up-to-date.
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
         with:

.github/workflows/coverage-linux.yml

@@ -60,6 +60,6 @@ jobs:
       - name: Clean tmp
         run: rm -rf coverage/tmp && rm -rf out
       - name: Upload
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
         with:
           directory: ./coverage

.github/workflows/coverage-windows.yml

@@ -61,6 +61,6 @@ jobs:
       - name: Clean tmp
         run: npx rimraf ./coverage/tmp
       - name: Upload
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
         with:
           directory: ./coverage

.github/workflows/find-inactive-collaborators.yml

@@ -30,7 +30,9 @@ jobs:
         run: tools/find-inactive-collaborators.mjs
 
       - name: Open pull request
-        uses: gr2m/create-or-update-pull-request-action@v1
+      - uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
+        # Creates a PR or update the Action's existing PR, or
+        # no-op if the base branch is already up-to-date.
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
         with:

.github/workflows/find-inactive-tsc.yml

@@ -39,7 +39,9 @@ jobs:
         run: tools/find-inactive-tsc.mjs >> $GITHUB_ENV
 
       - name: Open pull request
-        uses: gr2m/create-or-update-pull-request-action@v1
+      - uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
+        # Creates a PR or update the Action's existing PR, or
+        # no-op if the base branch is already up-to-date.
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
         with:

.github/workflows/license-builder.yml

@@ -15,7 +15,9 @@ jobs:
         with:
           persist-credentials: false
       - run: ./tools/license-builder.sh  # Run the license builder tool
-      - uses: gr2m/[email protected]  # Create a PR or update the Action's existing PR
+      - uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
+        # Creates a PR or update the Action's existing PR, or
+        # no-op if the base branch is already up-to-date.
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/linters.yml

@@ -164,7 +164,7 @@ jobs:
       - uses: actions/checkout@v3
         with:
           persist-credentials: false
-      - uses: mszostok/codeowners-validator@v0.6.0
+      - uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f
         with:
           checks: files,duppatterns
   lint-pr-url:

.github/workflows/notify-force-push.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@master
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_COLOR: '#DE512A'
           SLACK_ICON: https://github.com/nodejs.png?size=48

.github/workflows/tools.yml

@@ -80,7 +80,9 @@ jobs:
         with:
           persist-credentials: false
       - run: ${{ matrix.run }}
-      - uses: gr2m/create-or-update-pull-request-action@v1  # Create a PR or update the Action's existing PR
+      - uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
+        # Creates a PR or update the Action's existing PR, or
+        # no-op if the base branch is already up-to-date.
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
         with:

AUTHORS

@@ -3460,5 +3460,7 @@ William Marlow <[email protected]>
 Keyhan Vakil <[email protected]>
 Feng Yu <[email protected]>
 pupilTong <[email protected]>
+rikapo <[email protected]>
+Meek Simbule <[email protected]>
 
 # Generated by tools/update-authors.mjs

BUILDING.md

@@ -609,7 +609,7 @@ packages:
 * [NetWide Assembler](https://chocolatey.org/packages/nasm)
 
 To install Node.js prerequisites using
-[Boxstarter WebLauncher](https://boxstarter.org/WebLauncher), open
+[Boxstarter WebLauncher](https://boxstarter.org/weblauncher), open
 <https://boxstarter.org/package/nr/url?https://raw.githubusercontent.com/nodejs/node/HEAD/tools/bootstrap/windows_boxstarter>
 with Internet Explorer or Edge browser on the target machine.
 

CHANGELOG.md

@@ -35,12 +35,15 @@ release.
 </tr>
 <tr>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V18.md#18.2.0">18.2.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V18.md#18.3.0">18.3.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V18.md#18.2.0">18.2.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V18.md#18.1.0">18.1.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V18.md#18.0.0">18.0.0</a><br/>
   </td>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V17.md#17.8.0">17.8.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V17.md#17.9.1">17.9.1</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V17.md#17.9.0">17.9.0</a><br/>
+<a href="doc/changelogs/CHANGELOG_V17.md#17.8.0">17.8.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V17.md#17.7.2">17.7.2</a><br/>
 <a href="doc/changelogs/CHANGELOG_V17.md#17.7.1">17.7.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V17.md#17.7.0">17.7.0</a><br/>
@@ -55,7 +58,8 @@ release.
 <a href="doc/changelogs/CHANGELOG_V17.md#17.0.0">17.0.0</a><br/>
     </td>
     <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V16.md#16.15.0">16.15.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V16.md#16.15.1">16.15.1</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V16.md#16.15.0">16.15.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V16.md#16.14.2">16.14.2</a><br/>
 <a href="doc/changelogs/CHANGELOG_V16.md#16.14.1">16.14.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V16.md#16.14.0">16.14.0</a><br/>

deps/undici/src/README.md

@@ -288,6 +288,15 @@ const headers = await fetch(url)
   .then(res => res.headers)
 ```
 
+##### Forbidden and Safelisted Header Names
+
+* https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
+* https://fetch.spec.whatwg.org/#forbidden-header-name
+* https://fetch.spec.whatwg.org/#forbidden-response-header-name
+* https://github.com/wintercg/fetch/issues/6
+
+The [Fetch Standard](https://fetch.spec.whatwg.org) requires implementations to exclude certain headers from requests and responses. In browser environments, some headers are forbidden so the user agent remains in full control over them. In Undici, these constraints are removed to give more control to the user.
+
 ### `undici.upgrade([url, options]): Promise`
 
 Upgrade to a different protocol. See [MDN - HTTP - Protocol upgrade mechanism](https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism) for more details.

deps/undici/src/docs/api/MockPool.md

@@ -57,6 +57,7 @@ Returns: `MockInterceptor` corresponding to the input options.
 * **method** `string | RegExp | (method: string) => boolean` - a matcher for the HTTP request method.
 * **body** `string | RegExp | (body: string) => boolean` - (optional) - a matcher for the HTTP request body.
 * **headers** `Record<string, string | RegExp | (body: string) => boolean`> - (optional) - a matcher for the HTTP request headers. To be intercepted, a request must match all defined headers. Extra headers not defined here may (or may not) be included in the request and do not affect the interception in any way.
+* **query** `Record<string, any> | null` - (optional) - a matcher for the HTTP request query string params.
 
 ### Return: `MockInterceptor`
 

deps/undici/src/lib/client.js

@@ -873,6 +873,11 @@ class Parser {
       // have been queued since then.
       util.destroy(socket, new InformationalError('reset'))
       return constants.ERROR.PAUSED
+    } else if (client[kPipelining] === 1) {
+      // We must wait a full event loop cycle to reuse this socket to make sure
+      // that non-spec compliant servers are not closing the connection even if they
+      // said they won't.
+      setImmediate(resume, client)
     } else {
       resume(client)
     }

deps/undici/src/lib/fetch/constants.js

@@ -1,28 +1,5 @@
 'use strict'
 
-const forbiddenHeaderNames = [
-  'accept-charset',
-  'accept-encoding',
-  'access-control-request-headers',
-  'access-control-request-method',
-  'connection',
-  'content-length',
-  'cookie',
-  'cookie2',
-  'date',
-  'dnt',
-  'expect',
-  'host',
-  'keep-alive',
-  'origin',
-  'referer',
-  'te',
-  'trailer',
-  'transfer-encoding',
-  'upgrade',
-  'via'
-]
-
 const corsSafeListedMethods = ['GET', 'HEAD', 'POST']
 
 const nullBodyStatus = [101, 204, 205, 304]
@@ -58,9 +35,6 @@ const requestCache = [
   'only-if-cached'
 ]
 
-// https://fetch.spec.whatwg.org/#forbidden-response-header-name
-const forbiddenResponseHeaderNames = ['set-cookie', 'set-cookie2']
-
 const requestBodyHeader = [
   'content-encoding',
   'content-language',
@@ -86,20 +60,15 @@ const subresource = [
   ''
 ]
 
-const corsSafeListedResponseHeaderNames = [] // TODO
-
 module.exports = {
   subresource,
-  forbiddenResponseHeaderNames,
-  corsSafeListedResponseHeaderNames,
   forbiddenMethods,
   requestBodyHeader,
   referrerPolicy,
   requestRedirect,
   requestMode,
   requestCredentials,
   requestCache,
-  forbiddenHeaderNames,
   redirectStatus,
   corsSafeListedMethods,
   nullBodyStatus,

deps/undici/src/lib/fetch/formdata.js

@@ -243,8 +243,8 @@ function makeEntry (name, value, filename) {
   // object, representing the same bytes, whose name attribute value is "blob".
   if (isBlobLike(value) && !isFileLike(value)) {
     value = value instanceof Blob
-      ? new File([value], 'blob')
-      : new FileLike(value, 'blob')
+      ? new File([value], 'blob', value)
+      : new FileLike(value, 'blob', value)
   }
 
   // 4. If value is (now) a File object and filename is given, then set value to a
@@ -256,8 +256,8 @@ function makeEntry (name, value, filename) {
   // creating one more File instance doesn't make much sense....
   if (isFileLike(value) && filename != null) {
     value = value instanceof File
-      ? new File([value], filename)
-      : new FileLike(value, filename)
+      ? new File([value], filename, value)
+      : new FileLike(value, filename, value)
   }
 
   // 5. Set entry’s value to value.

deps/undici/src/lib/fetch/headers.js

@@ -6,10 +6,6 @@ const { validateHeaderName, validateHeaderValue } = require('http')
 const { kHeadersList } = require('../core/symbols')
 const { kGuard } = require('./symbols')
 const { kEnumerableProperty } = require('../core/util')
-const {
-  forbiddenHeaderNames,
-  forbiddenResponseHeaderNames
-} = require('./constants')
 
 const kHeadersMap = Symbol('headers map')
 const kHeadersSortedMap = Symbol('headers map sorted')
@@ -115,6 +111,11 @@ class HeadersList {
     }
   }
 
+  clear () {
+    this[kHeadersMap].clear()
+    this[kHeadersSortedMap] = null
+  }
+
   append (name, value) {
     this[kHeadersSortedMap] = null
 
@@ -211,22 +212,11 @@ class Headers {
       )
     }
 
-    const normalizedName = normalizeAndValidateHeaderName(String(name))
-
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(normalizedName)
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(normalizedName)
-    ) {
-      return
     }
 
     return this[kHeadersList].append(String(name), String(value))
@@ -244,22 +234,11 @@ class Headers {
       )
     }
 
-    const normalizedName = normalizeAndValidateHeaderName(String(name))
-
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(normalizedName)
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(normalizedName)
-    ) {
-      return
     }
 
     return this[kHeadersList].delete(String(name))
@@ -307,20 +286,11 @@ class Headers {
       )
     }
 
+    // Note: undici does not implement forbidden header names
     if (this[kGuard] === 'immutable') {
       throw new TypeError('immutable')
-    } else if (
-      this[kGuard] === 'request' &&
-      forbiddenHeaderNames.includes(String(name).toLocaleLowerCase())
-    ) {
-      return
     } else if (this[kGuard] === 'request-no-cors') {
       // TODO
-    } else if (
-      this[kGuard] === 'response' &&
-      forbiddenResponseHeaderNames.includes(String(name).toLocaleLowerCase())
-    ) {
-      return
     }
 
     return this[kHeadersList].set(String(name), String(value))

deps/undici/src/lib/fetch/request.js

@@ -384,8 +384,8 @@ class Request {
     // Realm, whose header list is request’s header list and guard is
     // "request".
     this[kHeaders] = new Headers()
-    this[kHeaders][kGuard] = 'request'
     this[kHeaders][kHeadersList] = request.headersList
+    this[kHeaders][kGuard] = 'request'
     this[kHeaders][kRealm] = this[kRealm]
 
     // 31. If this’s request’s mode is "no-cors", then:
@@ -406,26 +406,25 @@ class Request {
     if (Object.keys(init).length !== 0) {
       // 1. Let headers be a copy of this’s headers and its associated header
       // list.
-      let headers = new Headers(this.headers)
+      let headers = new Headers(this[kHeaders])
 
       // 2. If init["headers"] exists, then set headers to init["headers"].
       if (init.headers !== undefined) {
         headers = init.headers
       }
 
       // 3. Empty this’s headers’s header list.
-      this[kState].headersList = new HeadersList()
-      this[kHeaders][kHeadersList] = this[kState].headersList
+      this[kHeaders][kHeadersList].clear()
 
       // 4. If headers is a Headers object, then for each header in its header
       // list, append header’s name/header’s value to this’s headers.
       if (headers.constructor.name === 'Headers') {
-        for (const [key, val] of headers[kHeadersList] || headers) {
+        for (const [key, val] of headers) {
           this[kHeaders].append(key, val)
         }
       } else {
         // 5. Otherwise, fill this’s headers with headers.
-        fillHeaders(this[kState].headersList, headers)
+        fillHeaders(this[kHeaders], headers)
       }
     }