brianhansonxyz/rspade_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update npm dependencies

Browse Source 
Update npm dependencies

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
root
2025-12-29 22:21:17 +00:00
parent 54c72c21fc
commit 3afb345fbc
15 changed files with 564 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
node_modules/.package-lock.json generated vendored
View File

@@ -4502,9 +4502,9 @@
}
},
"node_modules/caniuse-lite": {
"version": "1.0.30001761",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
"integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
"version": "1.0.30001762",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001762.tgz",
"integrity": "sha512-PxZwGNvH7Ak8WX5iXzoK1KPZttBXNPuaOvI2ZYU7NrlM+d9Ov+TUvlLOBNGzVXAntMSMMlJPd+jY6ovrVjSmUw==",
"funding": [
{
"type": "opencollective",
@@ -10383,9 +10383,9 @@
"license": "MIT"
},
"node_modules/qs": {
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
"integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
"version": "6.14.1",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
"integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.1.0"

2
node_modules/caniuse-lite/package.json generated vendored
View File

@@ -1,6 +1,6 @@
{
"name": "caniuse-lite",
"version": "1.0.30001761",
"version": "1.0.30001762",
"description": "A smaller version of caniuse-db, with only the essentials!",
"main": "dist/unpacker/index.js",
"files": [

39
node_modules/qs/.eslintrc generated vendored
View File

@@ -1,39 +0,0 @@
{
"root": true,
"extends": "@ljharb",
"ignorePatterns": [
"dist/",
],
"rules": {
"complexity": 0,
"consistent-return": 1,
"func-name-matching": 0,
"id-length": [2, { "min": 1, "max": 25, "properties": "never" }],
"indent": [2, 4],
"max-lines": 0,
"max-lines-per-function": [2, { "max": 150 }],
"max-params": [2, 18],
"max-statements": [2, 100],
"multiline-comment-style": 0,
"no-continue": 1,
"no-magic-numbers": 0,
"no-restricted-syntax": [2, "BreakStatement", "DebuggerStatement", "ForInStatement", "LabeledStatement", "WithStatement"],
},
"overrides": [
{
"files": "test/**",
"rules": {
"function-paren-newline": 0,
"max-lines-per-function": 0,
"max-statements": 0,
"no-buffer-constructor": 0,
"no-extend-native": 0,
"no-throw-literal": 0,
},
},
],
}

11
node_modules/qs/.github/SECURITY.md generated vendored Normal file
View File

@@ -0,0 +1,11 @@
# Security
Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
## Incident Response Plan
Please see our [Incident Response Plan](https://github.com/ljharb/.github/blob/main/INCIDENT_RESPONSE_PLAN.md).
## Threat Model
Please see [THREAT_MODEL.md](./THREAT_MODEL.md).

78
node_modules/qs/.github/THREAT_MODEL.md generated vendored Normal file
View File

@@ -0,0 +1,78 @@
## Threat Model for qs (querystring parsing library)
### 1. Library Overview
- **Library Name:** qs
- **Brief Description:** A JavaScript library for parsing and stringifying URL query strings, supporting nested objects and arrays. It is widely used in Node.js and web applications for processing query parameters[2][6][8].
- **Key Public APIs/Functions:** `qs.parse()`, `qs.stringify()`
### 2. Define Scope
This threat model focuses on the core parsing and stringifying functionality, specifically the handling of nested objects and arrays, option validation, and cycle management in stringification.
### 3. Conceptual System Diagram
```
Caller Application → qs.parse(input, options) → Parsing Engine → Output Object
└→ Options Handling
Caller Application → qs.stringify(obj, options) → Stringifying Engine → Output String
└→ Options Handling
└→ Cycle Tracking
```
**Trust Boundaries:**
- **Input string (parse):** May come from untrusted sources (e.g., user input, network requests)
- **Input object (stringify):** May contain cycles, which can lead to infinite loops during stringification
- **Options:** Provided by the caller
- **Cycle Tracking:** Used only during stringification to detect and handle circular references
### 4. Identify Assets
- **Integrity of parsed output:** Prevent malicious manipulation of the output object structure, especially ensuring builtins/globals are not modified as a result of parse[3][4][8].
- **Confidentiality of processed data:** Avoid leaking sensitive information through errors or output.
- **Availability/performance for host application:** Prevent crashes or resource exhaustion in the consuming application.
- **Security of host application:** Prevent the library from being a vector for attacks (e.g., prototype pollution, DoS).
- **Reputation of library:** Maintain trust by avoiding supply chain attacks and vulnerabilities[1].
### 5. Identify Threats
| Component / API / Interaction | S | T | R | I | D | E |
|---------------------------------------|----|----|----|----|----|----|
| Public API Call (`parse`) | | ✓ | | ✓ | ✓ | ✓ |
| Public API Call (`stringify`) | | ✓ | | ✓ | ✓ | |
| Options Handling | ✓ | ✓ | | ✓ | | ✓ |
| Dependency Interaction | | | | | ✓ | |
**Key Threats:**
- **Tampering:** Malicious input can, if not prevented, alter parsed output (e.g., prototype pollution via `__proto__`, modification of builtins/globals)[3][4][8].
- **Information Disclosure:** Error messages may expose internal details or sensitive data.
- **Denial of Service:** Large or malformed input can exhaust memory or CPU.
- **Elevation of Privilege:** Prototype pollution can lead to unintended privilege escalation in the host application[3][4][8].
### 6. Mitigation/Countermeasures
| Threat Identified | Proposed Mitigation |
|---------------------------------------------------|---------------------|
| Tampering (malicious input, prototype pollution) | Strict input validation; keep `allowPrototypes: false` by default; use `plainObjects` for output; ensure builtins/globals are never modified by parse[4][8]. |
| Information Disclosure (error messages) | Generic error messages without stack traces or internal paths. |
| Denial of Service (memory/CPU exhaustion) | Enforce `arrayLimit` and `parameterLimit` with safe defaults; enable `throwOnLimitExceeded`; limit nesting depth[7]. |
| Elevation of Privilege (prototype pollution) | Keep `allowPrototypes: false`; validate options against allowlist; use `plainObjects` to avoid prototype pollution[4][8]. |
### 7. Risk Ranking
- **High:** Denial of Service via array parsing or malformed input (historical vulnerability)
- **Medium:** Prototype pollution via options or input (if `allowPrototypes` enabled)
- **Low:** Information disclosure in errors
### 8. Next Steps & Review
1. **Audit option validation logic.**
2. **Add depth limiting to nested parsing and stringification.**
3. **Implement fuzz testing for parser and stringifier edge cases.**
4. **Regularly review dependencies for vulnerabilities.**
5. **Keep documentation and threat model up to date.**
6. **Ensure builtins/globals are never modified as a result of parse.**
7. **Support round-trip consistency between parse and stringify as a non-security goal, with the right options[5][9].**

9
node_modules/qs/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,12 @@
## **6.14.1**
- [Fix] ensure arrayLength applies to `[]` notation as well
- [Fix] `parse`: when a custom decoder returns `null` for a key, ignore that key
- [Refactor] `parse`: extract key segment splitting helper
- [meta] add threat model
- [actions] add workflow permissions
- [Tests] `stringify`: increase coverage
- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `npmignore`, `es-value-fixtures`, `for-each`, `object-inspect`
## **6.14.0**
- [New] `parse`: add `throwOnParameterLimitExceeded` option (#517)
- [Refactor] `parse`: use `utils.combine` more

28
node_modules/qs/dist/qs.js generated vendored
View File

File diff suppressed because one or more lines are too long

56
node_modules/qs/eslint.config.mjs generated vendored Normal file
View File

@@ -0,0 +1,56 @@
import ljharbConfig from '@ljharb/eslint-config/flat';
export default [
{
ignores: ['dist/'],
},
...ljharbConfig,
{
rules: {
complexity: 'off',
'consistent-return': 'warn',
'func-name-matching': 'off',
'id-length': [
'error',
{
max: 25,
min: 1,
properties: 'never',
},
],
indent: ['error', 4],
'max-lines': 'off',
'max-lines-per-function': [
'error',
{ max: 150 },
],
'max-params': ['error', 18],
'max-statements': ['error', 100],
'multiline-comment-style': 'off',
'no-continue': 'warn',
'no-magic-numbers': 'off',
'no-restricted-syntax': [
'error',
'BreakStatement',
'DebuggerStatement',
'ForInStatement',
'LabeledStatement',
'WithStatement',
],
},
},
{
files: ['test/**'],
rules: {
'function-paren-newline': 'off',
'max-lines-per-function': 'off',
'max-statements': 'off',
'no-buffer-constructor': 'off',
'no-extend-native': 'off',
'no-throw-literal': 'off',
},
},
];

74
node_modules/qs/lib/parse.js generated vendored
View File

@@ -108,6 +108,7 @@ var parseValues = function parseQueryStringValues(str, options) {
} else {
key = options.decoder(part.slice(0, pos), defaults.decoder, charset, 'key');
if (key !== null) {
val = utils.maybeMap(
parseArrayValue(
part.slice(pos + 1),
@@ -119,6 +120,7 @@ var parseValues = function parseQueryStringValues(str, options) {
}
);
}
}
if (val && options.interpretNumericEntities && charset === 'iso-8859-1') {
val = interpretNumericEntities(String(val));
@@ -128,13 +130,20 @@ var parseValues = function parseQueryStringValues(str, options) {
val = isArray(val) ? [val] : val;
}
if (key !== null) {
var existing = has.call(obj, key);
if (existing && options.duplicates === 'combine') {
obj[key] = utils.combine(obj[key], val);
obj[key] = utils.combine(
obj[key],
val,
options.arrayLimit,
options.plainObjects
);
} else if (!existing || options.duplicates === 'last') {
obj[key] = val;
}
}
}
return obj;
};
@@ -153,9 +162,19 @@ var parseObject = function (chain, val, options, valuesParsed) {
var root = chain[i];
if (root === '[]' && options.parseArrays) {
if (utils.isOverflow(leaf)) {
// leaf is already an overflow object, preserve it
obj = leaf;
} else {
obj = options.allowEmptyArrays && (leaf === '' || (options.strictNullHandling && leaf === null))
? []
: utils.combine([], leaf);
: utils.combine(
[],
leaf,
options.arrayLimit,
options.plainObjects
);
}
} else {
obj = options.plainObjects ? { __proto__: null } : {};
var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
@@ -183,29 +202,28 @@ var parseObject = function (chain, val, options, valuesParsed) {
return leaf;
};
var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
if (!givenKey) {
return;
}
// Transform dot notation to bracket notation
var splitKeyIntoSegments = function splitKeyIntoSegments(givenKey, options) {
var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey;
// The regex chunks
if (options.depth <= 0) {
if (!options.plainObjects && has.call(Object.prototype, key)) {
if (!options.allowPrototypes) {
return;
}
}
return [key];
}
var brackets = /(\[[^[\]]*])/;
var child = /(\[[^[\]]*])/g;
// Get the parent
var segment = options.depth > 0 && brackets.exec(key);
var segment = brackets.exec(key);
var parent = segment ? key.slice(0, segment.index) : key;
// Stash the parent if it exists
var keys = [];
if (parent) {
// If we aren't using plain objects, optionally prefix keys that would overwrite object prototype properties
if (!options.plainObjects && has.call(Object.prototype, parent)) {
if (!options.allowPrototypes) {
return;
@@ -215,28 +233,42 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesPars
keys.push(parent);
}
// Loop through children appending to the array until we hit depth
var i = 0;
while (options.depth > 0 && (segment = child.exec(key)) !== null && i < options.depth) {
while ((segment = child.exec(key)) !== null && i < options.depth) {
i += 1;
if (!options.plainObjects && has.call(Object.prototype, segment[1].slice(1, -1))) {
var segmentContent = segment[1].slice(1, -1);
if (!options.plainObjects && has.call(Object.prototype, segmentContent)) {
if (!options.allowPrototypes) {
return;
}
}
keys.push(segment[1]);
}
// If there's a remainder, check strictDepth option for throw, else just add whatever is left
if (segment) {
if (options.strictDepth === true) {
throw new RangeError('Input depth exceeded depth option of ' + options.depth + ' and strictDepth is true');
}
keys.push('[' + key.slice(segment.index) + ']');
}
return keys;
};
var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
if (!givenKey) {
return;
}
var keys = splitKeyIntoSegments(givenKey, options);
if (!keys) {
return;
}
return parseObject(keys, val, options, valuesParsed);
};

58
node_modules/qs/lib/utils.js generated vendored
View File

@@ -1,10 +1,32 @@
'use strict';
var formats = require('./formats');
var getSideChannel = require('side-channel');
var has = Object.prototype.hasOwnProperty;
var isArray = Array.isArray;
// Track objects created from arrayLimit overflow using side-channel
// Stores the current max numeric index for O(1) lookup
var overflowChannel = getSideChannel();
var markOverflow = function markOverflow(obj, maxIndex) {
overflowChannel.set(obj, maxIndex);
return obj;
};
var isOverflow = function isOverflow(obj) {
return overflowChannel.has(obj);
};
var getMaxIndex = function getMaxIndex(obj) {
return overflowChannel.get(obj);
};
var setMaxIndex = function setMaxIndex(obj, maxIndex) {
overflowChannel.set(obj, maxIndex);
};
var hexTable = (function () {
var array = [];
for (var i = 0; i < 256; ++i) {
@@ -54,7 +76,12 @@ var merge = function merge(target, source, options) {
if (isArray(target)) {
target.push(source);
} else if (target && typeof target === 'object') {
if (
if (isOverflow(target)) {
// Add at next numeric index for overflow objects
var newIndex = getMaxIndex(target) + 1;
target[newIndex] = source;
setMaxIndex(target, newIndex);
} else if (
(options && (options.plainObjects || options.allowPrototypes))
|| !has.call(Object.prototype, source)
) {
@@ -68,6 +95,18 @@ var merge = function merge(target, source, options) {
}
if (!target || typeof target !== 'object') {
if (isOverflow(source)) {
// Create new object with target at 0, source values shifted by 1
var sourceKeys = Object.keys(source);
var result = options && options.plainObjects
? { __proto__: null, 0: target }
: { 0: target };
for (var m = 0; m < sourceKeys.length; m++) {
var oldKey = parseInt(sourceKeys[m], 10);
result[oldKey + 1] = source[sourceKeys[m]];
}
return markOverflow(result, getMaxIndex(source) + 1);
}
return [target].concat(source);
}
@@ -239,8 +278,20 @@ var isBuffer = function isBuffer(obj) {
return !!(obj.constructor && obj.constructor.isBuffer && obj.constructor.isBuffer(obj));
};
var combine = function combine(a, b) {
return [].concat(a, b);
var combine = function combine(a, b, arrayLimit, plainObjects) {
// If 'a' is already an overflow object, add to it
if (isOverflow(a)) {
var newIndex = getMaxIndex(a) + 1;
a[newIndex] = b;
setMaxIndex(a, newIndex);
return a;
}
var result = [].concat(a, b);
if (result.length > arrayLimit) {
return markOverflow(arrayToObject(result, { plainObjects: plainObjects }), result.length - 1);
}
return result;
};
var maybeMap = function maybeMap(val, fn) {
@@ -262,6 +313,7 @@ module.exports = {
decode: decode,
encode: encode,
isBuffer: isBuffer,
isOverflow: isOverflow,
isRegExp: isRegExp,
maybeMap: maybeMap,
merge: merge

17
node_modules/qs/package.json generated vendored
View File

@@ -2,7 +2,7 @@
"name": "qs",
"description": "A querystring parser that supports nesting and arrays, with a depth limit",
"homepage": "https://github.com/ljharb/qs",
"version": "6.14.0",
"version": "6.14.1",
"repository": {
"type": "git",
"url": "https://github.com/ljharb/qs.git"
@@ -36,15 +36,15 @@
"devDependencies": {
"@browserify/envify": "^6.0.0",
"@browserify/uglifyify": "^6.0.0",
"@ljharb/eslint-config": "^21.1.1",
"@ljharb/eslint-config": "^22.1.3",
"browserify": "^16.5.2",
"bundle-collapser": "^1.4.0",
"common-shakeify": "~1.0.0",
"eclint": "^2.8.1",
"es-value-fixtures": "^1.7.0",
"eslint": "=8.8.0",
"es-value-fixtures": "^1.7.1",
"eslint": "^9.39.2",
"evalmd": "^0.0.19",
"for-each": "^0.3.3",
"for-each": "^0.3.5",
"glob": "=10.3.7",
"has-bigints": "^1.1.0",
"has-override-mistake": "^1.0.1",
@@ -54,12 +54,13 @@
"iconv-lite": "^0.5.1",
"in-publish": "^2.0.1",
"jackspeak": "=2.1.1",
"jiti": "^0.0.0",
"mkdirp": "^0.5.5",
"mock-property": "^1.1.0",
"module-deps": "^6.2.3",
"npmignore": "^0.3.1",
"npmignore": "^0.3.5",
"nyc": "^10.3.2",
"object-inspect": "^1.13.3",
"object-inspect": "^1.13.4",
"qs-iconv": "^1.0.4",
"safe-publish-latest": "^2.0.0",
"safer-buffer": "^2.1.2",
@@ -76,7 +77,7 @@
"posttest": "npx npm@'>=10.2' audit --production",
"readme": "evalmd README.md",
"postlint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
"lint": "eslint --ext=js,mjs .",
"lint": "eslint .",
"dist": "mkdirp dist && browserify --standalone Qs -g unassertify -g @browserify/envify -g [@browserify/uglifyify --mangle.keep_fnames --compress.keep_fnames --format.indent_level=1 --compress.arrows=false --compress.passes=4 --compress.typeofs=false] -p common-shakeify -p bundle-collapser/plugin lib/index.js > dist/qs.js"
},
"license": "BSD-3-Clause",

128
node_modules/qs/test/parse.js generated vendored
View File

@@ -235,11 +235,11 @@ test('parse()', function (t) {
st.deepEqual(qs.parse('a=b&a[0]=c'), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a[1]=b&a=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a=b&a[1]=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: ['b', 'c'] });
st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
st.end();
@@ -364,7 +364,7 @@ test('parse()', function (t) {
);
st.deepEqual(
qs.parse('a[]=b&a[]&a[]=c&a[]=', { strictNullHandling: true, arrayLimit: 0 }),
{ a: ['b', null, 'c', ''] },
{ a: { 0: 'b', 1: null, 2: 'c', 3: '' } },
'with arrayLimit 0 + array brackets: null then empty string works'
);
@@ -375,7 +375,7 @@ test('parse()', function (t) {
);
st.deepEqual(
qs.parse('a[]=b&a[]=&a[]=c&a[]', { strictNullHandling: true, arrayLimit: 0 }),
{ a: ['b', '', 'c', null] },
{ a: { 0: 'b', 1: '', 2: 'c', 3: null } },
'with arrayLimit 0 + array brackets: empty string then null works'
);
@@ -996,6 +996,20 @@ test('parse()', function (t) {
st.end();
});
t.test('handles a custom decoder returning `null`, with a string key of `null`', function (st) {
st.deepEqual(
qs.parse('null=1&ToNull=2', {
decoder: function (str, defaultDecoder, charset) {
return str === 'ToNull' ? null : defaultDecoder(str, defaultDecoder, charset);
}
}),
{ 'null': '1' },
'"null" key is not overridden by `null` decoder result'
);
st.end();
});
t.test('does not interpret numeric entities in iso-8859-1 when `interpretNumericEntities` is absent', function (st) {
st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1' }), { foo: '&#9786;' });
st.end();
@@ -1274,3 +1288,109 @@ test('qs strictDepth option - non-throw cases', function (t) {
st.end();
});
});
test('DOS', function (t) {
var arr = [];
for (var i = 0; i < 105; i++) {
arr[arr.length] = 'x';
}
var attack = 'a[]=' + arr.join('&a[]=');
var result = qs.parse(attack, { arrayLimit: 100 });
t.notOk(Array.isArray(result.a), 'arrayLimit is respected: result is an object, not an array');
t.equal(Object.keys(result.a).length, 105, 'all values are preserved');
t.end();
});
test('arrayLimit boundary conditions', function (t) {
t.test('exactly at the limit stays as array', function (st) {
var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3 });
st.ok(Array.isArray(result.a), 'result is an array when exactly at limit');
st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
st.end();
});
t.test('one over the limit converts to object', function (st) {
var result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3 });
st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
st.end();
});
t.test('arrayLimit 1 with two values', function (st) {
var result = qs.parse('a[]=1&a[]=2', { arrayLimit: 1 });
st.notOk(Array.isArray(result.a), 'result is not an array');
st.deepEqual(result.a, { 0: '1', 1: '2' }, 'both values preserved');
st.end();
});
t.end();
});
test('mixed array and object notation', function (t) {
t.test('array brackets with object key - under limit', function (st) {
st.deepEqual(
qs.parse('a[]=b&a[c]=d'),
{ a: { 0: 'b', c: 'd' } },
'mixing [] and [key] converts to object'
);
st.end();
});
t.test('array index with object key - under limit', function (st) {
st.deepEqual(
qs.parse('a[0]=b&a[c]=d'),
{ a: { 0: 'b', c: 'd' } },
'mixing [0] and [key] produces object'
);
st.end();
});
t.test('plain value with array brackets - under limit', function (st) {
st.deepEqual(
qs.parse('a=b&a[]=c', { arrayLimit: 20 }),
{ a: ['b', 'c'] },
'plain value combined with [] stays as array under limit'
);
st.end();
});
t.test('array brackets with plain value - under limit', function (st) {
st.deepEqual(
qs.parse('a[]=b&a=c', { arrayLimit: 20 }),
{ a: ['b', 'c'] },
'[] combined with plain value stays as array under limit'
);
st.end();
});
t.test('plain value with array index - under limit', function (st) {
st.deepEqual(
qs.parse('a=b&a[0]=c', { arrayLimit: 20 }),
{ a: ['b', 'c'] },
'plain value combined with [0] stays as array under limit'
);
st.end();
});
t.test('multiple plain values with duplicates combine', function (st) {
st.deepEqual(
qs.parse('a=b&a=c&a=d', { arrayLimit: 20 }),
{ a: ['b', 'c', 'd'] },
'duplicate plain keys combine into array'
);
st.end();
});
t.test('multiple plain values exceeding limit', function (st) {
st.deepEqual(
qs.parse('a=b&a=c&a=d', { arrayLimit: 2 }),
{ a: { 0: 'b', 1: 'c', 2: 'd' } },
'duplicate plain keys convert to object when exceeding limit'
);
st.end();
});
t.end();
});

10
node_modules/qs/test/stringify.js generated vendored
View File

@@ -1293,13 +1293,17 @@ test('stringifies empty keys', function (t) {
});
t.test('stringifies non-string keys', function (st) {
var actual = qs.stringify({ a: 'b', 'false': {} }, {
filter: ['a', false, null],
var S = Object('abc');
S.toString = function () {
return 'd';
};
var actual = qs.stringify({ a: 'b', 'false': {}, 1e+22: 'c', d: 'e' }, {
filter: ['a', false, null, 10000000000000000000000, S],
allowDots: true,
encodeDotInKeys: true
});
st.equal(actual, 'a=b', 'stringifies correctly');
st.equal(actual, 'a=b&1e%2B22=c&d=e', 'stringifies correctly');
st.end();
});

119
node_modules/qs/test/utils.js generated vendored
View File

@@ -68,6 +68,60 @@ test('merge()', function (t) {
}
);
t.test('with overflow objects (from arrayLimit)', function (st) {
st.test('merges primitive into overflow object at next index', function (s2t) {
// Create an overflow object via combine
var overflow = utils.combine(['a'], 'b', 1, false);
s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
var merged = utils.merge(overflow, 'c');
s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c' }, 'adds primitive at next numeric index');
s2t.end();
});
st.test('merges primitive into regular object with numeric keys normally', function (s2t) {
var obj = { 0: 'a', 1: 'b' };
s2t.notOk(utils.isOverflow(obj), 'plain object is not marked as overflow');
var merged = utils.merge(obj, 'c');
s2t.deepEqual(merged, { 0: 'a', 1: 'b', c: true }, 'adds primitive as key (not at next index)');
s2t.end();
});
st.test('merges primitive into object with non-numeric keys normally', function (s2t) {
var obj = { foo: 'bar' };
var merged = utils.merge(obj, 'baz');
s2t.deepEqual(merged, { foo: 'bar', baz: true }, 'adds primitive as key with value true');
s2t.end();
});
st.test('merges overflow object into primitive', function (s2t) {
// Create an overflow object via combine
var overflow = utils.combine([], 'b', 0, false);
s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
var merged = utils.merge('a', overflow);
s2t.ok(utils.isOverflow(merged), 'result is also marked as overflow');
s2t.deepEqual(merged, { 0: 'a', 1: 'b' }, 'creates object with primitive at 0, source values shifted');
s2t.end();
});
st.test('merges overflow object with multiple values into primitive', function (s2t) {
// Create an overflow object via combine
var overflow = utils.combine(['b'], 'c', 1, false);
s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
var merged = utils.merge('a', overflow);
s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c' }, 'shifts all source indices by 1');
s2t.end();
});
st.test('merges regular object into primitive as array', function (s2t) {
var obj = { foo: 'bar' };
var merged = utils.merge('a', obj);
s2t.deepEqual(merged, ['a', { foo: 'bar' }], 'creates array with primitive and object');
s2t.end();
});
st.end();
});
t.end();
});
@@ -132,6 +186,71 @@ test('combine()', function (t) {
st.end();
});
t.test('with arrayLimit', function (st) {
st.test('under the limit', function (s2t) {
var combined = utils.combine(['a', 'b'], 'c', 10, false);
s2t.deepEqual(combined, ['a', 'b', 'c'], 'returns array when under limit');
s2t.ok(Array.isArray(combined), 'result is an array');
s2t.end();
});
st.test('exactly at the limit stays as array', function (s2t) {
var combined = utils.combine(['a', 'b'], 'c', 3, false);
s2t.deepEqual(combined, ['a', 'b', 'c'], 'stays as array when exactly at limit');
s2t.ok(Array.isArray(combined), 'result is an array');
s2t.end();
});
st.test('over the limit', function (s2t) {
var combined = utils.combine(['a', 'b', 'c'], 'd', 3, false);
s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'converts to object when over limit');
s2t.notOk(Array.isArray(combined), 'result is not an array');
s2t.end();
});
st.test('with arrayLimit 0', function (s2t) {
var combined = utils.combine([], 'a', 0, false);
s2t.deepEqual(combined, { 0: 'a' }, 'converts single element to object with arrayLimit 0');
s2t.notOk(Array.isArray(combined), 'result is not an array');
s2t.end();
});
st.test('with plainObjects option', function (s2t) {
var combined = utils.combine(['a'], 'b', 1, true);
var expected = { __proto__: null, 0: 'a', 1: 'b' };
s2t.deepEqual(combined, expected, 'converts to object with null prototype');
s2t.equal(Object.getPrototypeOf(combined), null, 'result has null prototype when plainObjects is true');
s2t.end();
});
st.end();
});
t.test('with existing overflow object', function (st) {
st.test('adds to existing overflow object at next index', function (s2t) {
// Create overflow object first via combine
var overflow = utils.combine(['a'], 'b', 1, false);
s2t.ok(utils.isOverflow(overflow), 'initial object is marked as overflow');
var combined = utils.combine(overflow, 'c', 10, false);
s2t.equal(combined, overflow, 'returns the same object (mutated)');
s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c' }, 'adds value at next numeric index');
s2t.end();
});
st.test('does not treat plain object with numeric keys as overflow', function (s2t) {
var plainObj = { 0: 'a', 1: 'b' };
s2t.notOk(utils.isOverflow(plainObj), 'plain object is not marked as overflow');
// combine treats this as a regular value, not an overflow object to append to
var combined = utils.combine(plainObj, 'c', 10, false);
s2t.deepEqual(combined, [{ 0: 'a', 1: 'b' }, 'c'], 'concatenates as regular values');
s2t.end();
});
st.end();
});
t.end();
});

12
package-lock.json generated
View File

@@ -5464,9 +5464,9 @@
}
},
"node_modules/caniuse-lite": {
"version": "1.0.30001761",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
"integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
"version": "1.0.30001762",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001762.tgz",
"integrity": "sha512-PxZwGNvH7Ak8WX5iXzoK1KPZttBXNPuaOvI2ZYU7NrlM+d9Ov+TUvlLOBNGzVXAntMSMMlJPd+jY6ovrVjSmUw==",
"funding": [
{
"type": "opencollective",
@@ -11373,9 +11373,9 @@
"license": "MIT"
},
"node_modules/qs": {
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
"integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
"version": "6.14.1",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
"integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.1.0"