diff --git a/package-lock.json b/package-lock.json index 4338d7478..651a50680 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,8 +9,8 @@ "version": "0.0.0-development", "license": "MIT", "dependencies": { - "@octokit/endpoint": "^10.0.0", - "@octokit/request-error": "^6.0.1", + "@octokit/endpoint": "^10.1.3", + "@octokit/request-error": "^6.1.6", "@octokit/types": "^13.6.2", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" @@ -751,27 +751,18 @@ } }, "node_modules/@octokit/endpoint": { - "version": "10.0.0", + "version": "10.1.3", + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.3.tgz", + "integrity": "sha512-nBRBMpKPhQUxCsQQeW+rCJ/OPSMcj3g0nfHn01zGYZXuNDvvXudF/TYY6APj5THlurerpFN4a/dQAIAaM6BYhA==", "license": "MIT", "dependencies": { - "@octokit/types": "^12.0.0", + "@octokit/types": "^13.6.2", "universal-user-agent": "^7.0.2" }, "engines": { "node": ">= 18" } }, - "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": { - "version": "20.0.0", - "license": "MIT" - }, - "node_modules/@octokit/endpoint/node_modules/@octokit/types": { - "version": "12.6.0", - "license": "MIT", - "dependencies": { - "@octokit/openapi-types": "^20.0.0" - } - }, "node_modules/@octokit/oauth-authorization-url": { "version": "7.1.1", "dev": true, @@ -813,10 +804,12 @@ } }, "node_modules/@octokit/request-error": { - "version": "6.1.1", + "version": "6.1.6", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.6.tgz", + "integrity": "sha512-pqnVKYo/at0NuOjinrgcQYpEbv4snvP3bKMRqHaD9kIsk9u1LCpb2smHZi8/qJfgeNqLo5hNW4Z7FezNdEo0xg==", "license": "MIT", "dependencies": { - "@octokit/types": "^13.0.0" + "@octokit/types": "^13.6.2" }, "engines": { "node": ">= 18" diff --git a/package.json b/package.json index b50287a82..2fec0f841 100644 --- a/package.json +++ b/package.json @@ -25,8 +25,8 @@ "author": "Gregor Martynus (https://github.com/gr2m)", "license": "MIT", "dependencies": { - "@octokit/endpoint": "^10.0.0", - "@octokit/request-error": "^6.0.1", + "@octokit/endpoint": "^10.1.3", + "@octokit/request-error": "^6.1.6", "@octokit/types": "^13.6.2", "fast-content-type-parse": "^2.0.0", "universal-user-agent": "^7.0.2" diff --git a/test/request.test.ts b/test/request.test.ts index 897ec4838..d1eafcd2d 100644 --- a/test/request.test.ts +++ b/test/request.test.ts @@ -23,26 +23,29 @@ function stringToArrayBuffer(str: string) { describe("request()", () => { it("Test ReDoS - attack string", () => { - const originalFetch = globalThis.fetch; - globalThis.fetch = async (url, options) => { - const response = await originalFetch(url, options); + const fakeFetch = async (url, options) => { + const response = await fetch(url, options); const fakeHeaders = new Headers(response.headers); fakeHeaders.set("link", "<".repeat(100000) + ">"); fakeHeaders.set("deprecation", "true"); return new Response(response.body, { status: response.status, statusText: response.statusText, - headers: fakeHeaders + headers: fakeHeaders, }); }; const startTime = performance.now(); - request("GET /repos/octocat/hello-world"); + request("GET /repos/octocat/hello-world", { + request: { fetch: fakeFetch }, + }); const endTime = performance.now(); const elapsedTime = endTime - startTime; - const reDosThreshold = 2000; + const reDosThreshold = 2000; expect(elapsedTime).toBeLessThanOrEqual(reDosThreshold); if (elapsedTime > reDosThreshold) { - console.warn(`🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(2)} ms, exceeding threshold of ${reDosThreshold} ms.`); + console.warn( + `🚨 Potential ReDoS Attack! getDuration method took ${elapsedTime.toFixed(2)} ms, exceeding threshold of ${reDosThreshold} ms.`, + ); } });