npm · wraithgar · Apr 17, 2023 · Apr 15, 2023 · Apr 15, 2023 · Apr 15, 2023
@@ -106,7 +106,7 @@ class Advisory {
 
     this[_packument] = packument
 
-    const pakuVersions = Object.keys(packument.versions)
+    const pakuVersions = Object.keys(packument.versions || {})
     const allVersions = new Set([...pakuVersions, ...this.versions])
     const versionsAdded = []
     const versionsRemoved = []
@@ -242,7 +242,7 @@ class Advisory {
     // check the dependency of this version on the vulnerable dep
     // if we got a version that's not in the packument, fall back on
     // the spec provided, if possible.
-    const mani = this[_packument].versions[version] || {
+    const mani = this[_packument]?.versions?.[version] || {
       dependencies: {
         [this.dependency]: spec,
       },

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -33,8 +33,8 @@
     ]
   },
   "devDependencies": {
-    "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "4.5.1",
+    "@npmcli/eslint-config": "^4.0.0",
+    "@npmcli/template-oss": "4.13.0",
     "require-inject": "^1.4.4",
     "tap": "^16.0.1"
   },
@@ -49,6 +49,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.5.1"
+    "version": "4.13.0",
+    "publish": "true"
   }
 }
@@ -1,49 +1,70 @@
 const { hasOwnProperty } = Object.prototype
 
-/* istanbul ignore next */
-const eol = typeof process !== 'undefined' &&
-  process.platform === 'win32' ? '\r\n' : '\n'
+const encode = (obj, opt = {}) => {
+  if (typeof opt === 'string') {
+    opt = { section: opt }
+  }
+  opt.align = opt.align === true
+  opt.newline = opt.newline === true
+  opt.sort = opt.sort === true
+  opt.whitespace = opt.whitespace === true || opt.align === true
+  /* istanbul ignore next */
+  opt.platform = opt.platform || process?.platform
+  opt.bracketedArray = opt.bracketedArray !== false
 
-const encode = (obj, opt) => {
+  /* istanbul ignore next */
+  const eol = opt.platform === 'win32' ? '\r\n' : '\n'
+  const separator = opt.whitespace ? ' = ' : '='
   const children = []
-  let out = ''
 
-  if (typeof opt === 'string') {
-    opt = {
-      section: opt,
-      whitespace: false,
-    }
-  } else {
-    opt = opt || Object.create(null)
-    opt.whitespace = opt.whitespace === true
+  const keys = opt.sort ? Object.keys(obj).sort() : Object.keys(obj)
+
+  let padToChars = 0
+  // If aligning on the separator, then padToChars is determined as follows:
+  // 1. Get the keys
+  // 2. Exclude keys pointing to objects unless the value is null or an array
+  // 3. Add `[]` to array keys
+  // 4. Ensure non empty set of keys
+  // 5. Reduce the set to the longest `safe` key
+  // 6. Get the `safe` length
+  if (opt.align) {
+    padToChars = safe(
+      (
+        keys
+          .filter(k => obj[k] === null || Array.isArray(obj[k]) || typeof obj[k] !== 'object')
+          .map(k => Array.isArray(obj[k]) ? `${k}[]` : k)
+      )
+        .concat([''])
+        .reduce((a, b) => safe(a).length >= safe(b).length ? a : b)
+    ).length
   }
 
-  const separator = opt.whitespace ? ' = ' : '='
+  let out = ''
+  const arraySuffix = opt.bracketedArray ? '[]' : ''
 
-  for (const k of Object.keys(obj)) {
+  for (const k of keys) {
     const val = obj[k]
     if (val && Array.isArray(val)) {
       for (const item of val) {
-        out += safe(k + '[]') + separator + safe(item) + eol
+        out += safe(`${k}${arraySuffix}`).padEnd(padToChars, ' ') + separator + safe(item) + eol
       }
     } else if (val && typeof val === 'object') {
       children.push(k)
     } else {
-      out += safe(k) + separator + safe(val) + eol
+      out += safe(k).padEnd(padToChars, ' ') + separator + safe(val) + eol
     }
   }
 
   if (opt.section && out.length) {
-    out = '[' + safe(opt.section) + ']' + eol + out
+    out = '[' + safe(opt.section) + ']' + (opt.newline ? eol + eol : eol) + out
   }
 
   for (const k of children) {
-    const nk = dotSplit(k).join('\\.')
+    const nk = splitSections(k, '.').join('\\.')
     const section = (opt.section ? opt.section + '.' : '') + nk
-    const { whitespace } = opt
     const child = encode(obj[k], {
+      ...opt,
       section,
-      whitespace,
     })
     if (out.length && child.length) {
       out += eol
@@ -55,24 +76,44 @@ const encode = (obj, opt) => {
   return out
 }
 
-const dotSplit = str =>
-  str.replace(/\1/g, '\u0002LITERAL\\1LITERAL\u0002')
-    .replace(/\\\./g, '\u0001')
-    .split(/\./)
-    .map(part =>
-      part.replace(/\1/g, '\\.')
-        .replace(/\2LITERAL\\1LITERAL\2/g, '\u0001'))
+function splitSections (str, separator) {
+  var lastMatchIndex = 0
+  var lastSeparatorIndex = 0
+  var nextIndex = 0
+  var sections = []
+
+  do {
+    nextIndex = str.indexOf(separator, lastMatchIndex)
 
-const decode = str => {
+    if (nextIndex !== -1) {
+      lastMatchIndex = nextIndex + separator.length
+
+      if (nextIndex > 0 && str[nextIndex - 1] === '\\') {
+        continue
+      }
+
+      sections.push(str.slice(lastSeparatorIndex, nextIndex))
+      lastSeparatorIndex = nextIndex + separator.length
+    }
+  } while (nextIndex !== -1)
+
+  sections.push(str.slice(lastSeparatorIndex))
+
+  return sections
+}
+
+const decode = (str, opt = {}) => {
+  opt.bracketedArray = opt.bracketedArray !== false
   const out = Object.create(null)
   let p = out
   let section = null
-  //          section     |key      = value
-  const re = /^\[([^\]]*)\]$|^([^=]+)(=(.*))?$/i
+  //          section          |key      = value
+  const re = /^\[([^\]]*)\]\s*$|^([^=]+)(=(.*))?$/i
   const lines = str.split(/[\r\n]+/g)
+  const duplicates = {}
 
   for (const line of lines) {
-    if (!line || line.match(/^\s*[;#]/)) {
+    if (!line || line.match(/^\s*[;#]/) || line.match(/^\s*$/)) {
       continue
     }
     const match = line.match(re)
@@ -91,7 +132,13 @@ const decode = str => {
       continue
     }
     const keyRaw = unsafe(match[2])
-    const isArray = keyRaw.length > 2 && keyRaw.slice(-2) === '[]'
+    let isArray
+    if (opt.bracketedArray) {
+      isArray = keyRaw.length > 2 && keyRaw.slice(-2) === '[]'
+    } else {
+      duplicates[keyRaw] = (duplicates?.[keyRaw] || 0) + 1
+      isArray = duplicates[keyRaw] > 1
+    }
     const key = isArray ? keyRaw.slice(0, -2) : keyRaw
     if (key === '__proto__') {
       continue
@@ -132,7 +179,7 @@ const decode = str => {
 
     // see if the parent section is also an object.
     // if so, add it to that, and mark this one for deletion
-    const parts = dotSplit(k)
+    const parts = splitSections(k, '.')
     p = out
     const l = parts.pop()
     const nl = l.replace(/\\\./g, '.')

@@ -2,7 +2,7 @@
   "author": "GitHub Inc.",
   "name": "ini",
   "description": "An ini encoder/decoder for node",
-  "version": "3.0.1",
+  "version": "4.1.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/npm/ini.git"
@@ -15,15 +15,12 @@
     "test": "tap",
     "snap": "tap",
     "posttest": "npm run lint",
-    "preversion": "npm test",
-    "postversion": "npm publish",
-    "prepublishOnly": "git push origin --follow-tags",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force"
   },
   "devDependencies": {
-    "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.5.0",
+    "@npmcli/eslint-config": "^4.0.0",
+    "@npmcli/template-oss": "4.13.0",
     "tap": "^16.0.1"
   },
   "license": "ISC",
@@ -32,10 +29,17 @@
     "lib/"
   ],
   "engines": {
-    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+    "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.5.0"
+    "version": "4.13.0",
+    "publish": "true"
+  },
+  "tap": {
+    "nyc-arg": [
+      "--exclude",
+      "tap-snapshots/**"
+    ]
   }
 }
@@ -99,6 +99,12 @@ const getMetadata = (request, response, options) => {
     }
   }
 
+  for (const name of options.cacheAdditionalHeaders) {
+    if (response.headers.has(name)) {
+      metadata.resHeaders[name] = response.headers.get(name)
+    }
+  }
+
   return metadata
 }
 
@@ -331,6 +337,7 @@ class CacheEntry {
       // that reads from cacache and attach it to a new Response
       const body = new Minipass()
       const headers = { ...this.policy.responseHeaders() }
+
       const onResume = () => {
         const cacheStream = cacache.get.stream.byDigest(
           this.options.cachePath, this.entry.integrity, { memoize: this.options.memoize }
@@ -417,6 +424,24 @@ class CacheEntry {
         }
       }
 
+      for (const name of options.cacheAdditionalHeaders) {
+        const inMeta = hasOwnProperty(metadata.resHeaders, name)
+        const inEntry = hasOwnProperty(this.entry.metadata.resHeaders, name)
+        const inPolicy = hasOwnProperty(this.policy.response.headers, name)
+
+        // if the header is in the existing entry, but it is not in the metadata
+        // then we need to write it to the metadata as this will refresh the on-disk cache
+        if (!inMeta && inEntry) {
+          metadata.resHeaders[name] = this.entry.metadata.resHeaders[name]
+        }
+        // if the header is in the metadata, but not in the policy, then we need to set
+        // it in the policy so that it's included in the immediate response. future
+        // responses will load a new cache entry, so we don't need to change that
+        if (!inPolicy && inMeta) {
+          this.policy.response.headers[name] = metadata.resHeaders[name]
+        }
+      }
+
       try {
         await cacache.index.insert(options.cachePath, this.key, this.entry.integrity, {
           size: this.entry.size,

@@ -40,6 +40,8 @@ const configureOptions = (opts) => {
     }
   }
 
+  options.cacheAdditionalHeaders = options.cacheAdditionalHeaders || []
+
   // cacheManager is deprecated, but if it's set and
   // cachePath is not we should copy it to the new field
   if (options.cacheManager && !options.cachePath) {

@@ -1,6 +1,6 @@
 {
   "name": "make-fetch-happen",
-  "version": "11.0.3",
+  "version": "11.1.0",
   "description": "Opinionated, caching, retrying fetch client",
   "main": "lib/index.js",
   "files": [
@@ -51,7 +51,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.11.3",
+    "@npmcli/template-oss": "4.13.0",
     "nock": "^13.2.4",
     "safe-buffer": "^5.2.1",
     "standard-version": "^9.3.2",
@@ -72,6 +72,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.11.3"
+    "version": "4.13.0",
+    "publish": "true"
   }
 }