mirror of
https://github.com/actions/checkout.git
synced 2025-11-04 05:19:14 +08:00
Patch to fix the dependbot alert. (#744)
* Patch to fix the dependbot alert. * . * . * .
This commit is contained in:
Tingluo Huang
32
dist/index.js
vendored
32
dist/index.js
vendored
@@ -10195,7 +10195,7 @@ Object.defineProperty(Response.prototype, Symbol.toStringTag, {
|
||||
});
|
||||
|
||||
const INTERNALS$2 = Symbol('Request internals');
|
||||
const URL = whatwgUrl.URL;
|
||||
const URL = Url.URL || whatwgUrl.URL;
|
||||
|
||||
// fix an issue where "format", "parse" aren't a named export for node <10
|
||||
const parse_url = Url.parse;
|
||||
@@ -10458,9 +10458,17 @@ AbortError.prototype = Object.create(Error.prototype);
|
||||
AbortError.prototype.constructor = AbortError;
|
||||
AbortError.prototype.name = 'AbortError';
|
||||
|
||||
const URL$1 = Url.URL || whatwgUrl.URL;
|
||||
|
||||
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10
|
||||
const PassThrough$1 = Stream.PassThrough;
|
||||
const resolve_url = Url.resolve;
|
||||
|
||||
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {
|
||||
const orig = new URL$1(original).hostname;
|
||||
const dest = new URL$1(destination).hostname;
|
||||
|
||||
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);
|
||||
};
|
||||
|
||||
/**
|
||||
* Fetch function
|
||||
@@ -10548,7 +10556,19 @@ function fetch(url, opts) {
|
||||
const location = headers.get('Location');
|
||||
|
||||
// HTTP fetch step 5.3
|
||||
const locationURL = location === null ? null : resolve_url(request.url, location);
|
||||
let locationURL = null;
|
||||
try {
|
||||
locationURL = location === null ? null : new URL$1(location, request.url).toString();
|
||||
} catch (err) {
|
||||
// error here can only be invalid URL in Location: header
|
||||
// do not throw when options.redirect == manual
|
||||
// let the user extract the errorneous redirect URL
|
||||
if (request.redirect !== 'manual') {
|
||||
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));
|
||||
finalize();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// HTTP fetch step 5.5
|
||||
switch (request.redirect) {
|
||||
@@ -10596,6 +10616,12 @@ function fetch(url, opts) {
|
||||
size: request.size
|
||||
};
|
||||
|
||||
if (!isDomainOrSubdomain(request.url, locationURL)) {
|
||||
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
|
||||
requestOpts.headers.delete(name);
|
||||
}
|
||||
}
|
||||
|
||||
// HTTP-redirect fetch step 9
|
||||
if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {
|
||||
reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));
|
||||
|
||||
Reference in New Issue
Block a user