chore(deps): update dependency got to v12 [security]

[renovate]

BEGIN_COMMIT_OVERRIDE
fix: update dependency got to v12 [security]
END_COMMIT_OVERRIDE

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
got			9.6.0 -> 11.8.5
got	dependencies	major	^10.0.0 -> ^11.0.0

GitHub Vulnerability Alerts

CVE-2022-33987

The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.

---

Release Notes

sindresorhus/got

v11.8.5

Compare Source

• Backport security fix sindresorhus/got@861ccd9
  • CVE-2022-33987

v11.8.3

Compare Source

• Bump cacheable-request dependency (#​1921) 9463bb6
• Fix HTTPError missing .code property (#​1739) 0e167b8

v11.8.2

Compare Source

• Make the dnsCache option lazy (#​1529) 3bd245f
  This slightly improves Got startup performance and fixes an issue with Jest.

v11.8.1

Compare Source

• Do not throw on custom stack traces (#​1491) 4c815c3

v11.8.0

Compare Source

• Fix for sending files with size 0 on stat (#​1488) 7acd380
• beforeRetry allows stream body if different from original (#​1501) 3dd2273
• Set default value for an options object (#​1495) 390b145

v11.7.0

Compare Source

Improvements

• Add pfx HTTPS option (#​1364) c33df7f
• Update body after beforeRequest (#​1453) e1c1844
• Don't allocate buffer twice (#​1403) 7bc69d9

Fixes

• Fix a regression where body was sent after redirect 88b32ea
• Fix destructure error on promise.json() c97ce7c
• Do not ignore userinfo on a redirect to the same origin 52de13b

v11.6.2

Compare Source

Bug fixes

• Inherit the prefixUrl option from parent if it's undefined (#​1448) a3da70a
• Prepare a fix for hanging promise on Node.js 14.10.x 29d4e32
• Prepare for Node.js 15.0.0 c126ff1

Docs

• Point travis-ci.org badge to travis-ci.com (#​1442) 2b352d3
• Clarify the retry mechanism f248618
• Fix RequestError links 3ed4af6

Tests

• Downgrade Travis CI Node.js version to 14.9.0 (#​1454) 27470b5

v11.6.1

Compare Source

Fixes

• Fix options.port on redirect (#​1439) 408e22a

Meta

• Welcome @​Giotino as a maintainer 🎉 5031843
• Showcase companies using Got (#​1432) d12d6af

v11.6.0

Compare Source

Improvements

• Add retry stream event (#​1384) 7072198
• Add types for http-cache-semantics options 2e2295f
• Make CancelError inherit RequestError 1f132e8
• Add retryAfter to RetryObject 643a305
• Add documentation comments to exported TypeScript types (#​1278) eaf1e02
• Move cache options into a cacheOptions property 9c16d90

Bug fixes

• Got promise shouldn't retry when the body is a stream 6e1aeae

Docs

• Add an example of nock integration with retrying f7bbc37
• Fix CancelError docs 28c400f
• Fix retry delay function in the README (#​1425) 38bbb04

v11.5.2

Compare Source

Docs

• Add hpagent to proxy section (#​1363) a3e171c
• Mention header lowercasing inrequest migration guide (#​1387) a748343
• Fixed deprecationWarning on https options (#​1391) 9a309bd

Bug fixes

• Fix duplicated hooks when paginating e02845f
• Fix dnsCache: true having no effect 043c950

v11.5.1

Compare Source

Enhancements

• Upgrade http2-wrapper to 1.0.0-beta.5.0 16e7f03
• Compatibility fix to ignore incorrect Node.js 12 typings f7a1379 61d6f61

Bug fixes

• Prevent uncaught errors on HTTP errors 2d96679 1ef053d

Docs

• Mention HTTP/2 proxying in readme.md 4ebd26a
• Update the comparison table bd2d532 c833939
• Document the hierarchy of error classes (#​1359) 559526e
• Fix example code for HTTPS proxy (#​1360) 4083347

v11.5.0

Compare Source

Improvements

• Add backoff option to pagination (#​1182) 4be7446
• Upgrade dependencies (#​1345) b9a855d 476c026 8d697bc
• Upgrade to TypeScript 3.9 (#​1267) b51d836

Fixes

• Fix TypeScript types for Promise API (#​1344) 676be6d
• Fix cache not working with HTTP2 ac5f67d
• Fix response event not being emitted on cache verify request (#​1305) da4769e
• Work around a bug in Node.js <=12.18.2 f33e8bc
• Remove request error handler after response is downloaded e1afe82
• Revert "Remove request error handler after response is downloaded" aeb2e07

Docs

• Mention advanced usage of a beforeRequest hook 779062a
• Mention to end the stream if there's no body 044767e

v11.4.0

Compare Source

• Fix hanging promise on timeout on HTTP error 934211f
• Use async iterators to get response body (#​1256) 7dcd145
• Fix promise not returning Buffer on compressed response 5028c11
• Clarify options.encoding docs 04f3ea4
• Fix unhandled The server aborted pending request rejection 728aef9
• Add missing ECONNRESET code to an abort error d325d35
• Fix prefixUrl not working when the url argument is empty 8d3412a
• Improve the searchParams option 4dbada9
• Fix non-enumerable options [such as body] not being used 8f775c7

v11.3.0

Compare Source

• Deep merge https options (#​1304) c98f0d7
• Add options to customize parsing/stringifying JSON (#​1298) cb4da8d
• Add dnsLookupIpVersion option (#​1264) 7f643bb

v11.2.0

Compare Source

• Provide an overload for unknown responseType (#​1276) b9ba18a
• Fix overriding some options in a beforeRequest hook (#​1293) d8c00cf
• Fix hanging promise on aborted requests on Node v14.3.0 (#​1296) 2ccc4c2
• Do not wait for ready event if the file descriptor is already opened (#​1289) 2c8fe19
• General improvements to HTTPS API (#​1255) 697de37

v11.1.4

Compare Source

• Clarify docs for got.HTTPError (#​1244) 3f125f1
• Upgrade cacheable-lookup to 5.0.3 9770e54
• Add a Runkit example (#​1253) 48bbb36
• Mention options.rejectUnauthorized in the documentation 9b04963
• Test responseType set to undefined 0e8582f
• Slightly improve RunKit example 6f84051
• Make got.paginate() an alias for got.paginate.each() 5480b31
• Don't force query string normalization (#​1246) 761b8e0
• Upgrade decompress-response to 6.0.0 c2bc014
• Migrate from lolex to @sinonjs/fake-timers (#​1270) df333dd
• Make calculateDelay promisable (#​1266) 3745efc

v11.1.3

Compare Source

• Do not use deprecated request.abort() (#​1242) ab338a7
• Remove the host header on redirect (#​1241) 8ff71d9
• Prevent URL pollution (#​1243) 7dbb9ee
• Fix duplicated searchParams for pagination API (#​1229) 91aa0ac
• Add a test for stringified searchParams in merge (#​1208) 7d7361c
• Fix reusing options when paginating 8862270
• Fix an invalid pagination test 47c1afe 5131dc2

v11.1.2

Compare Source

Bug fixes

• Disable options.dnsCache by default 79507c2

This should stay disabled when making requests to internal hostnames such as localhost, database.local etc.
CacheableLookup uses dns.resolver4(..) and dns.resolver6(...) under the hood and fall backs to dns.lookup(...) when the first two fail, which may lead to additional delay.

Enhancements

• Add test cases for issues #​1221 and #​1223 (#​1231) 822bfa7
• Update dependencies 05ff878

v11.1.1

Compare Source

• Improve Node.js 14 compatibility 50ef99a
• Fix got.mergeOptions() regression 157e02b
• Fix hanging promise when using cache 7b19e8f
• Make options.responseType optional when using a template 9ed0a39

v11.1.0

Compare Source

• Add pagination.stackAllItems option (#​1214) c1208d1
• Allow response body to be typed for pagination API (#​1212) c127f5b
• Fix some options not working with the pagination API 278c421

v11.0.3

Compare Source

Fixes

• Limit number of requests in pagination to prevent accidental overflows (#​1181) 4344c3a
• Fix promise rejecting before retry b927e2d
• Fix options.searchParams duplicates 429db40
• Prevent calling .abort() on a destroyed request 63c1b72

Docs

• Fix incorrect usage in the readme examples (#​1203) 16ff82f
• Note that cache and dnsCache can be false 7c5290d

v11.0.2

Compare Source

• Fix response.statusMessage being null 965bd03
• Update the http2-wrapper dependency to 1.0.0-beta.4.4 4e8de8e
• Use Merge as it's stricter than the intersection operator d3b972e
• Prevent silent rejections in rare cases 8501c69
• Do not alter options.body 835c70b

v11.0.1

Compare Source

Fixed two regressions:

• HTTPErrors have unspecified response body (#​1162)
• Options are duplicated while merging (#​1163)

Improved TypeScript types for errors inherited from RequestError

v11.0.0

Compare Source

Introducing Got 11! 🎉 The last major version was in December last year. ❄️ Since then, a huge amount of bugs has been fixed. There are also many new features, for example, HTTP2 support is finally live! 🌐

If you find Got useful, you might want to sponsor the Got maintainers.

---

Breaking changes

Removed support for electron.net

Due to the inconsistencies between the Electron's net module and the Node.js http module, we have decided to officially drop support for it. Therefore, the useElectronNet option has been removed.

You'll still be able to use Got in the Electron main process and in the renderer process through the electron.remote module or if you use Node.js shims.

The Pagination API is now stable

We haven't seen any bugs yet, so please give it a try!
If you want to leave some feedback, you can do it here. Any suggestion is greatly appreciated!

 {
-    _pagination: {...}
+    pagination: {...}
 }

API

• The options.encoding behavior has been reverted back to the Got 9 behavior.
  In other words, the options is only meant for the Got promise API.
  To set the encoding for streams, simply call stream.setEncoding(encoding).

-got.stream('https://sindresorhus.com', {encoding: 'base64'});
+got.stream('https://sindresorhus.com').setEncoding('base64');

// Promises stay untouched
await got('https://sindresorhus.com', {encoding: 'base64'});

• The error name GotError has been renamed to RequestError for better readability and to comply with the documentation.

-const {GotError} = require('got');
+const {RequestError} = require('got');

• The agent option now accepts only an object with http, https and http2 properties.
  While the http and https properties accept native http(s).Agent instances, the http2 property must be an instance of http2wrapper.Agent or be undefined.

{
-    agent: new https.Agent({keepAlive: true})
}

{
+    agent: {
+        http: new http.Agent({keepAlive: true}),
+        https: new https.Agent({keepAlive: true}),
+        http2: new http2wrapper.Agent()
+    }
}

• The dnsCache option is now set to a default instance of CacheableLookup. It cannot be a Map-like instance anymore. The underlying cacheable-lookup package has received many improvements, for example, it has received hosts file support! Additionally, the cacheAdapter option has been renamed to cache. Note that it's no longer passed to Keyv, so you need to pass a Keyv instance it if you want to save the data for later.

{
-    dnsCache: new CacheableLookup({
-        cacheAdapter: new Map()
-    })
}

{
+    dnsCache: new CacheableLookup({
+        cache: new Keyv({
+            cacheAdapter: new Map()
+        })
+    })
}

// Default:

{
    dnsCache: new CacheableLookup()
}

• Errors thrown in init hooks will be converted to instances of RequestError. RequestErrors provide much more useful information, for example, you can access the Got options (through error.options), which is very useful when debugging.

const got = require('got');

(async () => {
    try {
        await got('https://sindresorhus.com', {
            hooks: {
                init: [
                    options => {
                        if (!options.context) {
                            throw new Error('You need to pass a `context` option');
                        }
                    }
                ]
            }
        });
    } catch (error) {
        console.log(`Request failed: ${error.message}`);
        console.log('Here are the options:', error.options);
    }
})();

• The options passed in an init hook may not have a url property. To modify the request URL you should use a beforeRequest hook instead.

{
    hooks: {
-        init: [
+        beforeRequest: [
            options => {
                options.url = 'https://sindresorhus.com';
            }
        ]
    }
}

Note that this example shows a simple use case. In more complicated algorithms, you need to split the init hook into another init hook and a beforeRequest hook.

• The error.request property is no longer a ClientRequest instance. Instead, it gives a Got stream, which provides a set of useful properties.

const got = require('got');

(async () => {
    try {
        await got('https://sindresorhus.com/notfound');
    } catch (error) {
        console.log(`Request failed: ${error.message}`);
        console.log('Download progress:', error.request.downloadProgress);
    }
})();

Renamed TypeScript types

Some of the TypeScript types have been renamed to improve the readability:

Old type	New type
ResponseObject	Response
Defaults	InstanceDefaults
DefaultOptions	Defaults
DefaultRetryOptions	RequiredRetryOptions
GotOptions	Options
GotRequestMethod	GotRequestFunction

Other

• Now requires Node.js 10.19 or later.

Enhancements

HTTP2 support is here! Excited? Yay! Unfortunately, it's off by default to make the migration smoother. Many Got users have set up their own Agents and we didn't want to break them. But fear no more, it will come enabled by default in Got 12.

const got = require('got');

(async () => {
    const response = await got('https://nghttp2.org/httpbin/anything', {http2: true});
    console.log(response.socket.alpnProtocol);
    //=> 'h2'
})();

1. The merge function is slow (#​1016)
2. Use error.code instead of error.message to compare errors (#​981)
3. Pass error thrown in the init hook to beforeError hook (#​929)
4. Errors have undefined body when using streams (#​1138)
5. Spaces should be normalized as + in query strings (#​1113)
6. Modify response headers while using got.stream(...) (#​1129)
7. Make error.request a Got stream (af0b147).

Known bugs

1. When some errors occur, the timings may indicate that the request was successful although it failed.
2. When some errors occur, the downloadProgress object may show incorrect data.

Bug fixes

1. Requests to UNIX sockets are missing query strings (#​1036)
2. beforeRequest hooks aren't called on redirects (#​994)
3. Errors are swallowed when using stream.pipeline(got.stream(...), ...) (#​1026)
4. Cannot use the cache along with the body option (#​1021)
5. Got doesn't throw on leading slashes (#​1057)
6. Got throws when passing already frozen options (#​1050)
7. Cannot type Got options properly due to missing types (#​954)
8. got.mergeOptions(...) doesn't merge URLSearchParams instances (#​1011)
9. The authorization header is leaking (#​1090)
10. Pagination should ignore the resolveBodyOnly option (#​1140)
11. Cannot reuse user-provided options (#​1118)
12. Broken with Node.js ≥ 13.10.0 (#​1107)
13. Cache is not decompressed (#​1158)
14. beforeRetry hooks are missing options.context (#​1141)
15. promise.json() doesn't throw ParseError (#​1069)
16. Not compatible with tough-cookie@4.0.0 (#​1131)
17. Shortcuts give body from the failed request on token renewal (#​1120)
18. No effect when replacing the cache option in a Got instance (#​1098)
19. Memory leak when using cache (#​1128)
20. Got doesn't throw on aborted requests by the server (#​1096)

All changes

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

This pull request adds or modifies JavaScript (.js, .cjs, .mjs) files.
Consider converting them to TypeScript.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

[danez]

@lukasholzer Update got to v12 as v11 does not work with TS.

[lukasholzer]

Awesome! 🥳