Update dependency got to v12 [SECURITY] - autoclosed #503
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^11.8.5
->^12.0.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2022-33987
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
Release Notes
sindresorhus/got (got)
v12.0.0
Compare Source
Introducing Got v12.0.0 🎉
Long time no see! The latest Got version (v11.8.2) was released just in February ❄️
We have been working hard on squashing bugs and improving overall experience.
If you find Got useful, you might want to sponsor the Got maintainers.
This package is now pure ESM
Please read this. Also see https://github.com/sindresorhus/got/issues/1789.
[ERR_REQUIRE_ESM]
andMust use import to load ES Module
errors. This is a problem with your setup, not Got.Required Node.js >=14
While working with streams, we encountered more Node.js bugs that needed workarounds.
In order to keep our code clean, we had to drop Node.js v12 as the code would get more messy.
We strongly recommend that you update Node.js to v14 LTS.
HTTP/2 support
Every Node.js release, the native
http2
module gets more stable.Unfortunately there are still some issues on the Node.js side, so we decided to keep HTTP/2 disabled for now.
We may enable it by default in Got v13. It is still possible to turn it on via the
http2
option.To run HTTP/2 requests, it is required to use Node.js v15.10 or above.
Bug fixes
Woah, we possibly couldn't make a release if we didn't fix some bugs!
49c16ee
content-length
on ReadStream (#1510)472b8ef
ff918fb
1107cc6
methodRewriting
option51d88a0
url
not being reused on retry in rare case (#1487)462bc63
a59fac4
77df9c3
62305d7
06a2d3d
1e1e506
response.complete
when using cache9e15d88
Cannot call end
error whenrequest
returns aWritable
226cc39
3c23eea
3c23eea
got.paginate does not call init hooks
(#1574)3c23eea
https
module (#1567)3c23eea
9ecc5ee
searchParams
(#1814)1018c20
732e9bd
2453e5e
439fb82
eda69ff
username
andpassword
encoding in URL (#1169 #1317)d65d0ca
1c4cefc
afterResponse
return checkcbc8902
https.alpnProtocols
not having an effecte1099fb
Improvements
context
option mergeable (#1459)2b8ed1f
6fc04a9
e943672
(blocked by https://github.com/nodejs/node/issues/35923)2675046
1120370
4f21eb3
retry.backoffLimit
option41c4136
noise
retry optione830077
83575d5
fe723a0
(thanks @Giotino)error.code
f27e8d3
options.url
even if some options are invalid8d6a680
2db5ec5
854430f
3df52f3
once
types for Stream API3c23eea
RetryError
which always triggers a new retry when thrown3c23eea
error.options
is now enumerable3c23eea
defaults.handlers
don't need a default handler now3c23eea
Link
header3c23eea
a5dd9aa
Breaking changes
Improved option normalization
Option
class that is specifically designed to parse and validate Got options.It is made of setters and getters that provide fast normalization and more consistent behavior.
When passing an option does not exist, Got will throw an error. In order to retrieve the options before the error, use
error.options
.init
hook now accepts a second argument:self
, which points to anOptions
instance.In order to define your own options, you have to move them to
options.context
in aninit
hook or store them inoptions.context
directly.init
hooks are ran only when passing an options object explicitly.options.merge()
replacedgot.mergeOptions
andRequest.normalizeArguments
This fixes issues like #1450
Url
instances are not supported anymore. You need to use WHATWG URL instead.dnsLookupIpVersion
is now a number (4 or 6) or undefinedredirectUrls
andrequestUrl
now give URL instancesrequest.aborted
torequest.isAborted
Reason: consistency with
options.isStream
.lookup
option todnsLookup
beforeRetry
hook now accepts only two arguments:error
andretryCount
The
options
argument has been removed, however it's still accessible viaerror.options
. All modifications onerror.options
will be reflected in the next requests (no behavior change, same as with Got 11).beforeRedirect
hook's first argument (options) is now a cloned instance of the Request options.This was done to make retrieving the original options possible:
plainResponse.request.options
.redirect
event now takes two arguments in this order:updatedOptions
andplainResponse
.Reason: consistency with the
beforeRedirect
hook.socketPath
option has been removed. Use theunix:
protocol instead.retryWithMergedOptions
function in anafterResponse
hook no longer returns aPromise
.It now throws
RetryError
, so this should this should be the last function being executed.This was done to allow
beforeRetry
hooks getting called.options.agent
tofalse
.To do so, you need to define all the
options.agent
properties:http
,https
andhttp2
.url
option when paginating, it now needs to be an absolute URL - theprefixUrl
option is always reset from now on. The same when retrying in anafterResponse
hook.There was confusion around the
prefixUrl
option. It was counterintuitive if used with the Pagination API. For example, it worked fine if the server replied with a relative URL, but if it was an absolute URL then theprefixUrl
would end up duplicated. In order to fix this, Got now requires an absolute URL - noprefixUrl
will be applied.got.extend(…)
will throw when passing some options that don't accept undefined - undefined no longer retains the old value, as setting undefined explicitly may reset the optionDocumentation
We have redesigned the documentation so it's easier to navigate and find exactly what you are looking for. We hope you like it ❤️
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.