From dc0a508e7ce876ff0d3f01138de16afc1402da83 Mon Sep 17 00:00:00 2001
From: Gar <gar+gh@danger.computer>
Date: Fri, 14 Apr 2023 19:34:32 -0700
Subject: [PATCH] deps: minipass-fetch@3.0.2

---
 node_modules/minipass-fetch/lib/index.js    | 16 ++++++++++++++--
 node_modules/minipass-fetch/lib/request.js  |  1 +
 node_modules/minipass-fetch/package.json    |  7 ++++---
 node_modules/normalize-package-data/AUTHORS |  4 ++++
 node_modules/tuf-js/dist/utils/url.js       | 14 ++++++++++++++
 package-lock.json                           |  6 +++---
 6 files changed, 40 insertions(+), 8 deletions(-)
 create mode 100644 node_modules/normalize-package-data/AUTHORS
 create mode 100644 node_modules/tuf-js/dist/utils/url.js

diff --git a/node_modules/minipass-fetch/lib/index.js b/node_modules/minipass-fetch/lib/index.js
index b1878ac0c06b5..f81492db095f1 100644
--- a/node_modules/minipass-fetch/lib/index.js
+++ b/node_modules/minipass-fetch/lib/index.js
@@ -143,8 +143,20 @@ const fetch = async (url, opts) => {
         const location = headers.get('Location')
 
         // HTTP fetch step 5.3
-        const locationURL = location === null ? null
-          : (new URL(location, request.url)).toString()
+        let locationURL = null
+        try {
+          locationURL = location === null ? null : new URL(location, request.url).toString()
+        } catch {
+          // error here can only be invalid URL in Location: header
+          // do not throw when options.redirect == manual
+          // let the user extract the errorneous redirect URL
+          if (request.redirect !== 'manual') {
+            /* eslint-disable-next-line max-len */
+            reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'))
+            finalize()
+            return
+          }
+        }
 
         // HTTP fetch step 5.5
         if (request.redirect === 'error') {
diff --git a/node_modules/minipass-fetch/lib/request.js b/node_modules/minipass-fetch/lib/request.js
index e620df6de2c01..1126f6a84dd80 100644
--- a/node_modules/minipass-fetch/lib/request.js
+++ b/node_modules/minipass-fetch/lib/request.js
@@ -265,6 +265,7 @@ class Request extends Body {
       secureProtocol,
       servername,
       sessionIdContext,
+      timeout: request.timeout,
     }
   }
 }
diff --git a/node_modules/minipass-fetch/package.json b/node_modules/minipass-fetch/package.json
index fc6f88473317a..16127ec14efcf 100644
--- a/node_modules/minipass-fetch/package.json
+++ b/node_modules/minipass-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "minipass-fetch",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "An implementation of window.fetch in Node.js using Minipass streams",
   "license": "MIT",
   "main": "lib/index.js",
@@ -24,7 +24,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.10.0",
+    "@npmcli/template-oss": "4.13.0",
     "@ungap/url-search-params": "^0.2.2",
     "abort-controller": "^3.0.0",
     "abortcontroller-polyfill": "~1.7.3",
@@ -63,6 +63,7 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.10.0"
+    "version": "4.13.0",
+    "publish": "true"
   }
 }
diff --git a/node_modules/normalize-package-data/AUTHORS b/node_modules/normalize-package-data/AUTHORS
new file mode 100644
index 0000000000000..66282ba1d1197
--- /dev/null
+++ b/node_modules/normalize-package-data/AUTHORS
@@ -0,0 +1,4 @@
+# Names sorted by how much code was originally theirs.
+Isaac Z. Schlueter <i@izs.me>
+Meryn Stol <merynstol@gmail.com>
+Robert Kowalski <rok@kowalski.gd>
diff --git a/node_modules/tuf-js/dist/utils/url.js b/node_modules/tuf-js/dist/utils/url.js
new file mode 100644
index 0000000000000..ce67fe2c23053
--- /dev/null
+++ b/node_modules/tuf-js/dist/utils/url.js
@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.join = void 0;
+const url_1 = require("url");
+function join(base, path) {
+    return new url_1.URL(ensureTrailingSlash(base) + removeLeadingSlash(path)).toString();
+}
+exports.join = join;
+function ensureTrailingSlash(path) {
+    return path.endsWith('/') ? path : path + '/';
+}
+function removeLeadingSlash(path) {
+    return path.startsWith('/') ? path.slice(1) : path;
+}
diff --git a/package-lock.json b/package-lock.json
index 03f1e28874a3f..16ea2859439ac 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8581,9 +8581,9 @@
       }
     },
     "node_modules/minipass-fetch": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.1.tgz",
-      "integrity": "sha512-t9/wowtf7DYkwz8cfMSt0rMwiyNIBXf5CKZ3S5ZMqRqMYT0oLTp0x1WorMI9WTwvaPg21r1JbFxJMum8JrLGfw==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.2.tgz",
+      "integrity": "sha512-/ZpF1CQaWYqjbhfFgKNt3azxztEpc/JUPuMkqOgrnMQqcU8CbE409AUdJYTIWryl3PP5CBaTJZT71N49MXP/YA==",
       "inBundle": true,
       "dependencies": {
         "minipass": "^4.0.0",