From 6847a42aa80a40e029ee97718f520c0259795d6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 12:18:36 +0000 Subject: [PATCH 1/2] Bump follow-redirects from 1.15.11 to 1.16.0 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0) --- updated-dependencies: - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index cec7caa6d2..8fba501228 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,7 +25,7 @@ "@octokit/plugin-retry": "^8.1.0", "archiver": "^7.0.1", "fast-deep-equal": "^3.1.3", - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "get-folder-size": "^5.0.0", "https-proxy-agent": "^7.0.6", "js-yaml": "^4.1.1", @@ -5841,9 +5841,9 @@ "license": "ISC" }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "funding": [ { "type": "individual", diff --git a/package.json b/package.json index 4330f05a8b..068d298540 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "@octokit/plugin-retry": "^8.1.0", "archiver": "^7.0.1", "fast-deep-equal": "^3.1.3", - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "get-folder-size": "^5.0.0", "https-proxy-agent": "^7.0.6", "js-yaml": "^4.1.1", From 9df9e9176ee02f21e9f2fd24f95a002d6e567c79 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 12:20:46 +0000 Subject: [PATCH 2/2] Rebuild --- lib/analyze-action-post.js | 17 ++++++++++++++++- lib/analyze-action.js | 17 ++++++++++++++++- lib/autobuild-action.js | 17 ++++++++++++++++- lib/init-action-post.js | 17 ++++++++++++++++- lib/init-action.js | 17 ++++++++++++++++- lib/resolve-environment-action.js | 17 ++++++++++++++++- lib/setup-codeql-action.js | 17 ++++++++++++++++- lib/start-proxy-action-post.js | 17 ++++++++++++++++- lib/upload-lib.js | 17 ++++++++++++++++- lib/upload-sarif-action-post.js | 17 ++++++++++++++++- lib/upload-sarif-action.js | 17 ++++++++++++++++- 11 files changed, 176 insertions(+), 11 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index f188b1944c..a4ef1115dd 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1b11349bfd..a69f58cf1c 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 663cacfcd4..524e0b7cc6 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ee4568d5d8..184f3de1f3 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/init-action.js b/lib/init-action.js index 9d3500a155..9e7483492a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -100314,6 +100314,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100378,6 +100383,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100515,6 +100521,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100620,7 +100629,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100769,6 +100778,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString3(value) { return typeof value === "string" || value instanceof String; } @@ -100781,6 +100793,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index c5eac5c99f..ec5c2398d7 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index edac4b0d27..fb26f2499e 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index f5fff59c70..d79c20a047 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -158271,6 +158271,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -158335,6 +158340,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -158472,6 +158478,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -158577,7 +158586,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -158726,6 +158735,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -158738,6 +158750,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a1bb4fa6a8..ed610a34de 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 47c47703a0..979edc2026 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -158271,6 +158271,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -158335,6 +158340,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -158472,6 +158478,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -158577,7 +158586,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -158726,6 +158735,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -158738,6 +158750,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f7a4b626c7..4a79647c24 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; }