From 0b614758cc73de66947e2817871e509c4802653b Mon Sep 17 00:00:00 2001 From: "Node.js GitHub Bot" Date: Sun, 7 Jun 2026 01:22:09 +0000 Subject: [PATCH] deps: update undici to 8.4.0 --- deps/undici/src/README.md | 77 ++++++--- deps/undici/src/SECURITY.md | 13 +- deps/undici/src/docs/docs/api/Agent.md | 3 + deps/undici/src/docs/docs/api/Client.md | 48 +++++- deps/undici/src/docs/docs/api/Connector.md | 1 + deps/undici/src/docs/docs/api/Dispatcher.md | 7 + deps/undici/src/docs/docs/api/Errors.md | 12 ++ deps/undici/src/docs/docs/api/EventSource.md | 53 +++++- deps/undici/src/docs/docs/api/Fetch.md | 4 +- deps/undici/src/docs/docs/api/H2CClient.md | 4 +- deps/undici/src/docs/docs/api/Pool.md | 3 + .../src/docs/docs/api/RedirectHandler.md | 5 +- deps/undici/src/lib/core/connect.js | 33 +++- deps/undici/src/lib/core/util.js | 14 +- deps/undici/src/lib/dispatcher/client-h2.js | 65 ++++++-- deps/undici/src/lib/dispatcher/client.js | 25 ++- .../src/lib/handler/redirect-handler.js | 47 ++++-- deps/undici/src/lib/interceptor/redirect.js | 6 +- deps/undici/src/lib/llhttp/wasm_build_env.txt | 2 +- deps/undici/src/lib/mock/mock-call-history.js | 2 +- deps/undici/src/lib/mock/snapshot-agent.js | 10 +- deps/undici/src/lib/web/fetch/index.js | 20 ++- deps/undici/src/lib/web/fetch/request.js | 35 +++- deps/undici/src/package-lock.json | 16 +- deps/undici/src/package.json | 2 +- .../src/repro-h2-pipelining-default.mjs | 78 +++++++++ deps/undici/src/types/connector.d.ts | 1 + deps/undici/src/types/fetch.d.ts | 5 +- deps/undici/src/types/interceptors.d.ts | 2 +- deps/undici/undici.js | 151 ++++++++++++++---- src/undici_version.h | 2 +- 31 files changed, 625 insertions(+), 121 deletions(-) create mode 100644 deps/undici/src/repro-h2-pipelining-default.mjs diff --git a/deps/undici/src/README.md b/deps/undici/src/README.md index b5a1cc17c04fd5..0700dfb6bf3e55 100644 --- a/deps/undici/src/README.md +++ b/deps/undici/src/README.md @@ -21,28 +21,65 @@ npm i undici ## Benchmarks -The benchmark is a simple getting data [example](https://github.com/nodejs/undici/blob/main/benchmarks/benchmark.js) using a -50 TCP connections with a pipelining depth of 10 running on Node 22.11.0. +The benchmark is a simple getting data [example](https://github.com/nodejs/undici/blob/main/benchmarks/benchmark.js) using +50 TCP connections with a pipelining depth of 10 running on Node 24.14.1. + +### HTTP/1.1 ``` ┌────────────────────────┬─────────┬────────────────────┬────────────┬─────────────────────────┐ │ Tests │ Samples │ Result │ Tolerance │ Difference with slowest │ ├────────────────────────┼─────────┼────────────────────┼────────────┼─────────────────────────┤ -│ 'axios' │ 15 │ '5708.26 req/sec' │ '± 2.91 %' │ '-' │ -│ 'http - no keepalive' │ 10 │ '5809.80 req/sec' │ '± 2.30 %' │ '+ 1.78 %' │ -│ 'request' │ 30 │ '5828.80 req/sec' │ '± 2.91 %' │ '+ 2.11 %' │ -│ 'undici - fetch' │ 40 │ '5903.78 req/sec' │ '± 2.87 %' │ '+ 3.43 %' │ -│ 'node-fetch' │ 10 │ '5945.40 req/sec' │ '± 2.13 %' │ '+ 4.15 %' │ -│ 'got' │ 35 │ '6511.45 req/sec' │ '± 2.84 %' │ '+ 14.07 %' │ -│ 'http - keepalive' │ 65 │ '9193.24 req/sec' │ '± 2.92 %' │ '+ 61.05 %' │ -│ 'superagent' │ 35 │ '9339.43 req/sec' │ '± 2.95 %' │ '+ 63.61 %' │ -│ 'undici - pipeline' │ 50 │ '13364.62 req/sec' │ '± 2.93 %' │ '+ 134.13 %' │ -│ 'undici - stream' │ 95 │ '18245.36 req/sec' │ '± 2.99 %' │ '+ 219.63 %' │ -│ 'undici - request' │ 50 │ '18340.17 req/sec' │ '± 2.84 %' │ '+ 221.29 %' │ -│ 'undici - dispatch' │ 40 │ '22234.42 req/sec' │ '± 2.94 %' │ '+ 289.51 %' │ +│ 'node-fetch' │ 50 │ '4711.86 req/sec' │ '± 2.92 %' │ '-' │ +│ 'undici - fetch' │ 75 │ '5438.50 req/sec' │ '± 2.97 %' │ '+ 15.42 %' │ +│ 'axios' │ 45 │ '5448.08 req/sec' │ '± 2.98 %' │ '+ 15.62 %' │ +│ 'request' │ 65 │ '5809.63 req/sec' │ '± 2.90 %' │ '+ 23.30 %' │ +│ 'http - no keepalive' │ 35 │ '5910.77 req/sec' │ '± 2.87 %' │ '+ 25.44 %' │ +│ 'got' │ 50 │ '6047.80 req/sec' │ '± 2.91 %' │ '+ 28.35 %' │ +│ 'superagent' │ 60 │ '7534.53 req/sec' │ '± 2.97 %' │ '+ 59.91 %' │ +│ 'http - keepalive' │ 75 │ '9343.41 req/sec' │ '± 2.90 %' │ '+ 98.30 %' │ +│ 'undici - pipeline' │ 65 │ '13470.70 req/sec' │ '± 2.93 %' │ '+ 185.89 %' │ +│ 'undici - request' │ 80 │ '16850.87 req/sec' │ '± 2.93 %' │ '+ 257.63 %' │ +│ 'undici - stream' │ 101 │ '18488.56 req/sec' │ '± 3.81 %' │ '+ 292.38 %' │ +│ 'undici - dispatch' │ 101 │ '20786.44 req/sec' │ '± 3.08 %' │ '+ 341.15 %' │ └────────────────────────┴─────────┴────────────────────┴────────────┴─────────────────────────┘ ``` +### HTTP/1.1 over HTTPS + +Using [benchmark-https.js](https://github.com/nodejs/undici/blob/main/benchmarks/benchmark-https.js) against an h1-over-TLS server (50 connections, pipelining depth 10, Node 24.14.1). + +``` +┌────────────────────────┬─────────┬───────────────────┬────────────┬─────────────────────────┐ +│ Tests │ Samples │ Result │ Tolerance │ Difference with slowest │ +├────────────────────────┼─────────┼───────────────────┼────────────┼─────────────────────────┤ +│ 'https - no keepalive'│ 10 │ '1358.40 req/sec' │ '± 1.99 %' │ '-' │ +│ 'undici - fetch' │ 30 │ '3721.76 req/sec' │ '± 2.97 %' │ '+ 173.98 %' │ +│ 'https - keepalive' │ 35 │ '5633.91 req/sec' │ '± 2.84 %' │ '+ 314.75 %' │ +│ 'undici - pipeline' │ 15 │ '6254.05 req/sec' │ '± 2.80 %' │ '+ 360.40 %' │ +│ 'undici - request' │ 25 │ '6669.80 req/sec' │ '± 2.73 %' │ '+ 391.01 %' │ +│ 'undici - stream' │ 25 │ '7019.04 req/sec' │ '± 2.77 %' │ '+ 416.71 %' │ +│ 'undici - dispatch' │ 20 │ '7361.85 req/sec' │ '± 2.90 %' │ '+ 441.95 %' │ +└────────────────────────┴─────────┴───────────────────┴────────────┴─────────────────────────┘ +``` + +### HTTP/2 + +Using [benchmark-http2.js](https://github.com/nodejs/undici/blob/main/benchmarks/benchmark-http2.js) against an h2 server (50 connections, pipelining depth 10, Node 24.14.1). + +``` +┌────────────────────────┬─────────┬───────────────────┬────────────┬─────────────────────────┐ +│ Tests │ Samples │ Result │ Tolerance │ Difference with slowest │ +├────────────────────────┼─────────┼───────────────────┼────────────┼─────────────────────────┤ +│ 'undici - fetch' │ 45 │ '3499.03 req/sec' │ '± 2.93 %' │ '-' │ +│ 'native - http2' │ 25 │ '4904.58 req/sec' │ '± 2.81 %' │ '+ 40.17 %' │ +│ 'undici - pipeline' │ 60 │ '5836.82 req/sec' │ '± 2.99 %' │ '+ 66.81 %' │ +│ 'undici - request' │ 65 │ '6831.25 req/sec' │ '± 2.83 %' │ '+ 95.23 %' │ +│ 'undici - stream' │ 55 │ '6874.30 req/sec' │ '± 2.91 %' │ '+ 96.46 %' │ +│ 'undici - dispatch' │ 55 │ '7791.23 req/sec' │ '± 2.96 %' │ '+ 122.67 %' │ +└────────────────────────┴─────────┴───────────────────┴────────────┴─────────────────────────┘ +``` + ## Undici vs. Fetch ### Overview @@ -340,6 +377,9 @@ The `body` mixins are the most common way to format the request/response body. M > [!NOTE] > The body returned from `undici.request` does not implement `.formData()`. +> [!WARNING] +> Calling `body.formData()` on a fetch response causes undici to buffer and parse the entire body. Since this is dictated by the spec, `body.formData()` must only be called on responses from trusted servers. + Example usage: ```js @@ -740,10 +780,11 @@ and `undici.Agent`) which will enable the family autoselection algorithm when es Undici aligns with the Node.js LTS schedule. The following table shows the supported versions: | Undici Version | Bundled in Node.js | Node.js Versions Supported | End of Life | -|----------------|-------------------|----------------------------|-------------| -| 5.x | 18.x | ≥14.0 (tested: 14, 16, 18) | 2024-04-30 | -| 6.x | 20.x, 22.x | ≥18.17 (tested: 18, 20, 21, 22) | 2026-04-30 | -| 7.x | 24.x | ≥20.18.1 (tested: 20, 22, 24) | 2027-04-30 | +|----------------|--------------------|----------------------------|-------------| +| 5.x | 18.x | ≥14.0 (tested: 14, 16, 18) | 2024-04-30 | +| 6.x | 20.x, 22.x | ≥18.17 (tested: 18, 20, 21, 22) | 2027-04-30 | +| 7.x | 24.x | ≥20.18.1 (tested: 20, 22, 24) | 2028-04-30 | +| 8.x | 26.x | ≥22.19.0 (tested: 22, 24, 26) | 2029-04-30 | ## License diff --git a/deps/undici/src/SECURITY.md b/deps/undici/src/SECURITY.md index 96bc98e2cec4d8..f3cdf7f6ea8680 100644 --- a/deps/undici/src/SECURITY.md +++ b/deps/undici/src/SECURITY.md @@ -81,7 +81,7 @@ meet the following criteria: **Undici trusts**: * The application code that uses its APIs, including all configuration, - options, and callbacks provided by the application. + options, callbacks, and decisions about which body-consuming APIs to call. * The operating system and its network stack. * The Node.js runtime undici is running on. * Dependencies installed by the application. @@ -142,6 +142,17 @@ lead to a loss of confidentiality, integrity, or availability. resources, that is not considered a vulnerability. Applications are responsible for setting appropriate limits on response sizes. +#### Calling `body.formData()` on untrusted responses + +* `body.formData()` buffers and parses the entire response body. Multipart + parsing has inherent security risks, especially when the body is supplied by + an untrusted or user-controlled server. Applications must only call + `body.formData()` on responses from trusted servers. For untrusted responses, + applications should use a dedicated streaming multipart parser and enforce + application-specific limits. Resource exhaustion or parser exposure caused by + calling `body.formData()` on untrusted responses is considered an application + responsibility, not a vulnerability in undici. + #### Application Misconfiguration * Issues arising from incorrect or insecure use of undici APIs (such as diff --git a/deps/undici/src/docs/docs/api/Agent.md b/deps/undici/src/docs/docs/api/Agent.md index 0131b103975bf0..e4c73cb9a1482e 100644 --- a/deps/undici/src/docs/docs/api/Agent.md +++ b/deps/undici/src/docs/docs/api/Agent.md @@ -21,6 +21,9 @@ Extends: [`PoolOptions`](/docs/docs/api/Pool.md#parameter-pooloptions) * **factory** `(origin: URL, opts: Object) => Dispatcher` - Default: `(origin, opts) => new Pool(origin, opts)` * **maxOrigins** `number` (optional) - Default: `Infinity` - Limits the total number of origins that can receive requests at a time, throwing an `MaxOriginsReachedError` error when attempting to dispatch when the max is reached. If `Infinity`, no limit is enforced. +> [!NOTE] +> Like `Pool`, `Agent` inherits all [`ClientOptions`](/docs/docs/api/Client.md#parameter-clientoptions). `allowH2` defaults to `true` and `maxConcurrentStreams` to `100`. The per-origin `Pool` it creates uses the default unlimited `connections`, so concurrent requests to the same origin land on separate `Client` instances and separate TCP/TLS sockets — HTTP/2 multiplexing on a shared session does not apply unless `connections` is set to a small value. See [`PoolOptions`](/docs/docs/api/Pool.md#parameter-pooloptions). + ## Instance Properties ### `Agent.closed` diff --git a/deps/undici/src/docs/docs/api/Client.md b/deps/undici/src/docs/docs/api/Client.md index 1eb6baab4825b3..726de4dbad2cba 100644 --- a/deps/undici/src/docs/docs/api/Client.md +++ b/deps/undici/src/docs/docs/api/Client.md @@ -26,14 +26,16 @@ Returns: `Client` * **maxResponseSize** `number | null` (optional) - Default: `-1` - The maximum length of response body in bytes. Set to `-1` to disable. * **webSocket** `WebSocketOptions` (optional) - WebSocket-specific configuration options. * **maxPayloadSize** `number` (optional) - Default: `134217728` (128 MB) - Maximum allowed payload size in bytes for WebSocket messages. Applied to uncompressed messages, compressed frame payloads, and decompressed (permessage-deflate) messages. Set to 0 to disable the limit. -* **pipelining** `number | null` (optional) - Default: `1` - The amount of concurrent requests to be sent over the single TCP/TLS connection according to [RFC7230](https://tools.ietf.org/html/rfc7230#section-6.3.2). Carefully consider your workload and environment before enabling concurrent requests as pipelining may reduce performance if used incorrectly. Pipelining is sensitive to network stack settings as well as head of line blocking caused by e.g. long running requests. Set to `0` to disable keep-alive connections. -* **connect** `ConnectOptions | Function | null` (optional) - Default: `null`. +* **pipelining** `number | null` (optional) - Default: `1` - The amount of concurrent requests to be sent over the single TCP/TLS connection according to [RFC7230](https://tools.ietf.org/html/rfc7230#section-6.3.2). Carefully consider your workload and environment before enabling concurrent requests as pipelining may reduce performance if used incorrectly. Pipelining is sensitive to network stack settings as well as head of line blocking caused by e.g. long running requests. Set to `0` to disable keep-alive connections. This option has no effect once HTTP/2 is negotiated — see `maxConcurrentStreams` for the h2 dispatch ceiling. +* **connect** `ConnectOptions | Function | null` (optional) - Default: `null` - Configures how undici establishes TCP/TLS connections. Accepts two forms: + * **Object (`ConnectOptions`)**: Options passed directly to the internal [`buildConnector()`](/docs/docs/api/Connector.md). This is the simplest way to customize TLS or socket behavior (e.g., setting `rejectUnauthorized`, `ca`, `socketPath`). See [`ConnectOptions`](#parameter-connectoptions) for available fields. + * **Function**: A custom connector with the signature `(options, callback)`, where `options` contains `{ hostname, host, protocol, port, servername, localAddress, httpSocket }` and `callback` follows `(error, socket)`. Useful when you need full control over socket creation, such as adding custom validation or proxy logic. When a function is provided, undici wraps it to automatically inject `socketPath` and `allowH2` into the `options` argument if those values are set on the client. * **strictContentLength** `Boolean` (optional) - Default: `true` - Whether to treat request content length mismatches as errors. If true, an error is thrown when the request content-length header doesn't match the length of the request body. **Security Warning:** Disabling this option can expose your application to HTTP Request Smuggling attacks, where mismatched content-length headers cause servers and proxies to interpret request boundaries differently. This can lead to cache poisoning, credential hijacking, and bypassing security controls. Only disable this in controlled environments where you fully trust the request source. * **autoSelectFamily**: `boolean` (optional) - Default: depends on local Node version, on Node 18.13.0 and above is `false`. Enables a family autodetection algorithm that loosely implements section 5 of [RFC 8305](https://tools.ietf.org/html/rfc8305#section-5). See [here](https://nodejs.org/api/net.html#socketconnectoptions-connectlistener) for more details. This option is ignored if not supported by the current Node version. * **autoSelectFamilyAttemptTimeout**: `number` - Default: depends on local Node version, on Node 18.13.0 and above is `250`. The amount of time in milliseconds to wait for a connection attempt to finish before trying the next address when using the `autoSelectFamily` option. See [here](https://nodejs.org/api/net.html#socketconnectoptions-connectlistener) for more details. * **allowH2**: `boolean` - Default: `true`. Enables support for H2 if the server has assigned bigger priority to it through ALPN negotiation. * **useH2c**: `boolean` - Default: `false`. Enforces h2c for non-https connections. -* **maxConcurrentStreams**: `number` - Default: `100`. Dictates the maximum number of concurrent streams for a single H2 session. It can be overridden by a SETTINGS remote frame. +* **maxConcurrentStreams**: `number` - Default: `100`. The maximum number of concurrent HTTP/2 streams per session. When `allowH2` negotiates h2, this — not `pipelining` (which is HTTP/1.1 only, per [RFC7230](https://tools.ietf.org/html/rfc7230#section-6.3.2)) — is the ceiling the Client uses to dispatch in-flight requests on a shared session. The same value is advertised to the server as `peerMaxConcurrentStreams`, capping how many streams the server may push back. The initial value is replaced by the server's `SETTINGS_MAX_CONCURRENT_STREAMS` whenever the server sends one, so a user-supplied value acts as a pre-`SETTINGS` default rather than a hard cap. * **initialWindowSize**: `number` (optional) - Default: `262144` (256KB). Sets the HTTP/2 stream-level flow-control window size (SETTINGS_INITIAL_WINDOW_SIZE). Must be a positive integer greater than 0. This default is higher than Node.js core's default (65535 bytes) to improve throughput, Node's choice is very conservative for current high-bandwith networks. See [RFC 7540 Section 6.9.2](https://datatracker.ietf.org/doc/html/rfc7540#section-6.9.2) for more details. * **connectionWindowSize**: `number` (optional) - Default `524288` (512KB). Sets the HTTP/2 connection-level flow-control window size using `ClientHttp2Session.setLocalWindowSize()`. Must be a positive integer greater than 0. This provides better flow control for the entire connection across multiple streams. See [Node.js HTTP/2 documentation](https://nodejs.org/api/http2.html#clienthttp2sessionsetlocalwindowsize) for more details. * **pingInterval**: `number` - Default: `60e3`. The time interval in milliseconds between PING frames sent to the server. Set to `0` to disable PING frames. This is only applicable for HTTP/2 connections. This will emit a `ping` event on the client with the duration of the ping in milliseconds. @@ -72,9 +74,43 @@ import { Client } from 'undici' const client = new Client('http://localhost:3000') ``` -### Example - Custom connector +### Example - Connect with TLS options (object form) -This will allow you to perform some additional check on the socket that will be used for the next request. +Pass a `ConnectOptions` object to customize the TLS connection. The options are forwarded to the internal `buildConnector()`. + +```js +'use strict' +import { Client } from 'undici' +import fs from 'node:fs' + +const client = new Client('https://localhost:3000', { + connect: { + rejectUnauthorized: false, + ca: fs.readFileSync('./ca-cert.pem') + } +}) +``` + +### Example - Connect via Unix domain socket + +Use the `socketPath` option to connect through an IPC endpoint instead of a TCP connection. + +```js +'use strict' +import { Client } from 'undici' + +const client = new Client('http://localhost:3000', { + connect: { + socketPath: '/var/run/docker.sock' + } +}) +``` + +### Example - Custom connector (function form) + +Pass a function for full control over socket creation. This allows you to perform additional checks on the socket, use a proxy, or implement custom connection logic. + +> **Note:** When a function is provided, undici wraps it to automatically inject `socketPath` and `allowH2` into the first argument (`options`) when those values are set on the client. ```js 'use strict' @@ -97,6 +133,8 @@ const client = new Client('https://localhost:3000', { }) ``` +For more details on building custom connectors, see [Connector](/docs/docs/api/Connector.md). + ## Instance Methods ### `Client.close([callback])` diff --git a/deps/undici/src/docs/docs/api/Connector.md b/deps/undici/src/docs/docs/api/Connector.md index 56821bd6430279..c30f69b5a6ee83 100644 --- a/deps/undici/src/docs/docs/api/Connector.md +++ b/deps/undici/src/docs/docs/api/Connector.md @@ -13,6 +13,7 @@ Every Tls option, see [here](https://nodejs.org/api/tls.html#tls_tls_connect_opt Furthermore, the following options can be passed: * **socketPath** `string | null` (optional) - Default: `null` - An IPC endpoint, either Unix domain socket or Windows named pipe. +* **preferH2** `boolean` (optional) - Default: `false` - Only effective together with `allowH2`. When `true`, ALPN is offered as `['h2', 'http/1.1']` (HTTP/2 first) instead of the default `['http/1.1', 'h2']`. Use this when the server selects the ALPN protocol by *client* preference (e.g. some load balancers) so that HTTP/2 is negotiated whenever the server supports it. If the server does not support HTTP/2, ALPN transparently falls back to `http/1.1`. * **maxCachedSessions** `number | null` (optional) - Default: `100` - Maximum number of TLS cached sessions. Use 0 to disable TLS session caching. Default: `100`. * **timeout** `number | null` (optional) - In milliseconds. Default `10e3`. * **servername** `string | null` (optional) diff --git a/deps/undici/src/docs/docs/api/Dispatcher.md b/deps/undici/src/docs/docs/api/Dispatcher.md index b1674b3092aa38..2137e174a8ae74 100644 --- a/deps/undici/src/docs/docs/api/Dispatcher.md +++ b/deps/undici/src/docs/docs/api/Dispatcher.md @@ -991,6 +991,13 @@ The `redirect` interceptor allows you to customize the way your dispatcher handl It accepts the same arguments as the [`RedirectHandler` constructor](/docs/docs/api/RedirectHandler.md). +Options: + +- **maxRedirections** `number` - Maximum number of redirections allowed. +- **throwOnMaxRedirect** `boolean` - Throw when the maximum number of redirections is reached. +- **stripHeadersOnRedirect** `string[]` - Header names to remove from all redirected requests. +- **stripHeadersOnCrossOriginRedirect** `string[]` - Header names to remove from cross-origin redirected requests. + **Example - Basic Redirect Interceptor** ```js diff --git a/deps/undici/src/docs/docs/api/Errors.md b/deps/undici/src/docs/docs/api/Errors.md index 4402db47593cf1..58e29790fe455a 100644 --- a/deps/undici/src/docs/docs/api/Errors.md +++ b/deps/undici/src/docs/docs/api/Errors.md @@ -27,8 +27,20 @@ import { errors } from 'undici' | `ResponseExceededMaxSizeError` | `UND_ERR_RES_EXCEEDED_MAX_SIZE` | response body exceed the max size allowed | | `SecureProxyConnectionError` | `UND_ERR_PRX_TLS` | tls connection to a proxy failed | | `MessageSizeExceededError` | `UND_ERR_WS_MESSAGE_SIZE_EXCEEDED` | WebSocket decompressed message exceeded the maximum allowed size | +| `AbortError` | `UND_ERR_ABORT` | the operation was aborted (base class of `RequestAbortedError`). | +| `RequestRetryError` | `UND_ERR_REQ_RETRY` | request failed and could not be retried; carries `statusCode`, `headers` and `data`. | +| `ResponseError` | `UND_ERR_RESPONSE` | response returned an error status code; carries `statusCode`, `headers` and `body`. | +| `MaxOriginsReachedError` | `UND_ERR_MAX_ORIGINS_REACHED` | the maximum number of allowed origins has been reached. | +| `BalancedPoolMissingUpstreamError` | `UND_ERR_BPL_MISSING_UPSTREAM` | no upstream has been added to the `BalancedPool`. | +| `Socks5ProxyError` | `UND_ERR_SOCKS5*` | an error occurred during SOCKS5 proxy negotiation. | +| `HTTPParserError` | `HPE_*` | an error occurred while parsing the HTTP response (extends `Error`, not `UndiciError`). | Be aware of the possible difference between the global dispatcher version and the actual undici version you might be using. We recommend to avoid the check `instanceof errors.UndiciError` and seek for the `error.code === ''` instead to avoid inconsistencies. + +### `ConnectTimeoutError` + +When `autoSelectFamily` is enabled and every attempted address fails with a timeout, Node raises an `AggregateError`. Undici surfaces these multi-address timeouts as `ConnectTimeoutError` (so the error shape is the same regardless of whether Node's family-attempt timer or undici's `connectTimeout` wins the race); the original `AggregateError` is preserved on `error.cause`. + ### `SocketError` The `SocketError` has a `.socket` property which holds socket metadata: diff --git a/deps/undici/src/docs/docs/api/EventSource.md b/deps/undici/src/docs/docs/api/EventSource.md index 8244aa77ed9426..e774bc0f29a246 100644 --- a/deps/undici/src/docs/docs/api/EventSource.md +++ b/deps/undici/src/docs/docs/api/EventSource.md @@ -7,7 +7,7 @@ for [Server-Sent Events](https://developer.mozilla.org/en-US/docs/Web/API/Server ## Instantiating EventSource -Undici exports a EventSource class. You can instantiate the EventSource as +Undici exports an EventSource class. You can instantiate the EventSource as follows: ```mjs @@ -19,9 +19,57 @@ eventSource.onmessage = (event) => { } ``` +## Receiving events from a server + +EventSource connects to an HTTP endpoint that responds with a `text/event-stream` +content type. The connection stays open and receives events as the server writes +them. + +```mjs +import { createServer } from 'node:http' +import { EventSource } from 'undici' + +const server = createServer((request, response) => { + response.writeHead(200, { + 'content-type': 'text/event-stream', + 'cache-control': 'no-cache', + connection: 'keep-alive' + }) + + response.write('event: ping\n') + response.write('data: connected\n\n') + + const interval = setInterval(() => { + response.write(`data: ${Date.now()}\n\n`) + }, 1000) + + request.on('close', () => clearInterval(interval)) +}) + +server.listen(3000, () => { + const eventSource = new EventSource('http://localhost:3000') + + eventSource.addEventListener('ping', (event) => { + console.log('ping:', event.data) + }) + + eventSource.onmessage = (event) => { + console.log('message:', event.data) + } + + eventSource.onerror = () => { + eventSource.close() + server.close() + } +}) +``` + +The `message` event receives events without an explicit `event:` field. Use +`addEventListener()` to subscribe to named events. + ## Using a custom Dispatcher -undici allows you to set your own Dispatcher in the EventSource constructor. +Undici allows you to set your own Dispatcher in the EventSource constructor. An example which allows you to modify the request headers is: @@ -38,7 +86,6 @@ class CustomHeaderAgent extends Agent { const eventSource = new EventSource('http://localhost:3000', { dispatcher: new CustomHeaderAgent() }) - ``` More information about the EventSource API can be found on diff --git a/deps/undici/src/docs/docs/api/Fetch.md b/deps/undici/src/docs/docs/api/Fetch.md index a256824891c64f..8588dbaac6599a 100644 --- a/deps/undici/src/docs/docs/api/Fetch.md +++ b/deps/undici/src/docs/docs/api/Fetch.md @@ -41,7 +41,9 @@ This API is implemented as per the standard, you can find documentation on [MDN] - [`.json()`](https://fetch.spec.whatwg.org/#dom-body-json) - [`.text()`](https://fetch.spec.whatwg.org/#dom-body-text) -There is an ongoing discussion regarding `.formData()` and its usefulness and performance in server environments. It is recommended to use a dedicated library for parsing `multipart/form-data` bodies, such as [Busboy](https://www.npmjs.com/package/busboy) or [@fastify/busboy](https://www.npmjs.com/package/@fastify/busboy). +There is an ongoing discussion regarding `body.formData()` and its usefulness, performance, and security in server environments. Calling `body.formData()` causes undici to buffer and parse the entire body. Because multipart parsing has inherent security risks, `body.formData()` must only be called on responses from trusted servers. + +For responses from untrusted or user-controlled servers, use a dedicated streaming library for parsing `multipart/form-data` bodies, such as [Busboy](https://www.npmjs.com/package/busboy) or [@fastify/busboy](https://www.npmjs.com/package/@fastify/busboy), and apply application-specific limits. These libraries can be interfaced with fetch with the following example code: diff --git a/deps/undici/src/docs/docs/api/H2CClient.md b/deps/undici/src/docs/docs/api/H2CClient.md index 19603ebe1ceac0..2c21e5bd717fed 100644 --- a/deps/undici/src/docs/docs/api/H2CClient.md +++ b/deps/undici/src/docs/docs/api/H2CClient.md @@ -46,8 +46,8 @@ Returns: `H2CClient` - **keepAliveTimeoutThreshold** `number | null` (optional) - Default: `2e3` - A number of milliseconds subtracted from server _keep-alive_ hints when overriding `keepAliveTimeout` to account for timing inaccuracies caused by e.g. transport latency. Defaults to 2 seconds. - **maxHeaderSize** `number | null` (optional) - Default: `--max-http-header-size` or `16384` - The maximum length of request headers in bytes. Defaults to Node.js' --max-http-header-size or 16KiB. - **maxResponseSize** `number | null` (optional) - Default: `-1` - The maximum length of response body in bytes. Set to `-1` to disable. -- **maxConcurrentStreams**: `number` - Default: `100`. Dictates the maximum number of concurrent streams for a single H2 session. It can be overridden by a SETTINGS remote frame. -- **pipelining** `number | null` (optional) - Default to `maxConcurrentStreams` - The amount of concurrent requests sent over a single HTTP/2 session in accordance with [RFC-7540](https://httpwg.org/specs/rfc7540.html#StreamsLayer) Stream specification. Streams can be closed up by remote server at any time. +- **maxConcurrentStreams**: `number` - Default: `100`. The maximum number of concurrent HTTP/2 streams per session — also advertised to the server as `peerMaxConcurrentStreams` (the cap on streams the server may push back). The initial value is replaced by the server's `SETTINGS_MAX_CONCURRENT_STREAMS` whenever the server sends one, so a user-supplied value acts as a pre-`SETTINGS` default rather than a hard cap. +- **pipelining** `number | null` (optional) - Default to `maxConcurrentStreams` - The amount of concurrent requests sent over a single HTTP/2 session in accordance with [RFC-7540](https://httpwg.org/specs/rfc7540.html#StreamsLayer) Stream specification. Streams can be closed up by remote server at any time. Unlike on a regular [`Client`](/docs/docs/api/Client.md), `H2CClient` aliases `pipelining` to `maxConcurrentStreams` at construction time, so the two move together. - **pingInterval**: `number` - Default: `60e3`. The time interval in milliseconds between PING frames sent to the server. Set to `0` to disable PING frames. This is only applicable for HTTP/2 connections. - **connect** `ConnectOptions | null` (optional) - Default: `null`. - **strictContentLength** `Boolean` (optional) - Default: `true` - Whether to treat request content length mismatches as errors. If true, an error is thrown when the request content-length header doesn't match the length of the request body. **Security Warning:** Disabling this option can expose your application to HTTP Request Smuggling attacks, where mismatched content-length headers cause servers and proxies to interpret request boundaries differently. This can lead to cache poisoning, credential hijacking, and bypassing security controls. Only disable this in controlled environments where you fully trust the request source. diff --git a/deps/undici/src/docs/docs/api/Pool.md b/deps/undici/src/docs/docs/api/Pool.md index ee0a0d3fe81aca..bfa1721d3109c4 100644 --- a/deps/undici/src/docs/docs/api/Pool.md +++ b/deps/undici/src/docs/docs/api/Pool.md @@ -21,6 +21,9 @@ Extends: [`ClientOptions`](/docs/docs/api/Client.md#parameter-clientoptions) * **connections** `number | null` (optional) - Default: `null` - The number of `Client` instances to create. When set to `null`, the `Pool` instance will create an unlimited amount of `Client` instances. * **clientTtl** `number | null` (optional) - Default: `null` - The amount of time before a `Client` instance is removed from the `Pool` and closed. When set to `null`, `Client` instances will not be removed or closed based on age. +> [!NOTE] +> `Pool` inherits all [`ClientOptions`](/docs/docs/api/Client.md#parameter-clientoptions), including `allowH2` (default `true`) and `maxConcurrentStreams` (default `100`). With the unlimited default of `connections`, `Pool` will open a new `Client` — and therefore a new TCP/TLS socket — per concurrent dispatch, which defeats HTTP/2 multiplexing on a shared session. To benefit from h2 multiplexing on a single session, cap `connections` (e.g. `connections: 1`) so that concurrent requests share a session up to `maxConcurrentStreams`. + ## Instance Properties ### `Pool.closed` diff --git a/deps/undici/src/docs/docs/api/RedirectHandler.md b/deps/undici/src/docs/docs/api/RedirectHandler.md index d1dd9d993f9371..5d49653be0d640 100644 --- a/deps/undici/src/docs/docs/api/RedirectHandler.md +++ b/deps/undici/src/docs/docs/api/RedirectHandler.md @@ -8,7 +8,7 @@ Arguments: - **dispatch** `function` - The dispatch function to be called after every retry. - **maxRedirections** `number` - Maximum number of redirections allowed. -- **opts** `object` - Options for handling redirection. +- **opts** `object` - Options for handling redirection. Supports `throwOnMaxRedirect`, `stripHeadersOnRedirect`, and `stripHeadersOnCrossOriginRedirect`. - **handler** `object` - An object containing handlers for different stages of the request lifecycle. Returns: `RedirectHandler` @@ -18,6 +18,9 @@ Returns: `RedirectHandler` - **dispatch** `(options: Dispatch.DispatchOptions, handlers: Dispatch.DispatchHandler) => Promise` (required) - Dispatch function to be called after every redirection. - **maxRedirections** `number` (required) - Maximum number of redirections allowed. - **opts** `object` (required) - Options for handling redirection. + - **throwOnMaxRedirect** `boolean` - Throw when the maximum number of redirections is reached. + - **stripHeadersOnRedirect** `string[]` - Header names to remove from all redirected requests. + - **stripHeadersOnCrossOriginRedirect** `string[]` - Header names to remove from cross-origin redirected requests. - **handler** `object` (required) - Handlers for different stages of the request lifecycle. ### Properties diff --git a/deps/undici/src/lib/core/connect.js b/deps/undici/src/lib/core/connect.js index 4a922c7dcf0378..ad962c31944a57 100644 --- a/deps/undici/src/lib/core/connect.js +++ b/deps/undici/src/lib/core/connect.js @@ -3,7 +3,7 @@ const net = require('node:net') const assert = require('node:assert') const util = require('./util') -const { InvalidArgumentError } = require('./errors') +const { InvalidArgumentError, ConnectTimeoutError } = require('./errors') let tls // include tls conditionally since it is not always available @@ -59,7 +59,7 @@ const SessionCache = class WeakSessionCache { } } -function buildConnector ({ allowH2, useH2c, maxCachedSessions, socketPath, timeout, session: customSession, ...opts }) { +function buildConnector ({ allowH2, preferH2, useH2c, maxCachedSessions, socketPath, timeout, session: customSession, ...opts }) { if (maxCachedSessions != null && (!Number.isInteger(maxCachedSessions) || maxCachedSessions < 0)) { throw new InvalidArgumentError('maxCachedSessions must be a positive integer or zero') } @@ -89,7 +89,7 @@ function buildConnector ({ allowH2, useH2c, maxCachedSessions, socketPath, timeo servername, session, localAddress, - ALPNProtocols: allowH2 ? ['http/1.1', 'h2'] : ['http/1.1'], + ALPNProtocols: allowH2 ? (preferH2 ? ['h2', 'http/1.1'] : ['http/1.1', 'h2']) : ['http/1.1'], socket: httpSocket, // upgrade socket connection port, host: hostname @@ -142,7 +142,7 @@ function buildConnector ({ allowH2, useH2c, maxCachedSessions, socketPath, timeo if (callback) { const cb = callback callback = null - cb(err) + cb(maybeNormalizeConnectError(err, this, { timeout, hostname, port })) } }) @@ -150,4 +150,29 @@ function buildConnector ({ allowH2, useH2c, maxCachedSessions, socketPath, timeo } } +// `net.connect` with `autoSelectFamily` raises an `AggregateError` when every +// attempted address fails. If any of those failures is a timeout, surface the +// error as a `ConnectTimeoutError` so callers see the same error regardless of +// which timer (Node's internal one or undici's `connectTimeout`) wins the race. +// The original `AggregateError` is preserved on `.cause`. +function maybeNormalizeConnectError (err, socket, opts) { + if ( + err instanceof AggregateError && + (err.code === 'ETIMEDOUT' || err.errors.some((e) => e != null && e.code === 'ETIMEDOUT')) + ) { + let message = 'Connect Timeout Error' + if (Array.isArray(socket.autoSelectFamilyAttemptedAddresses)) { + message += ` (attempted addresses: ${socket.autoSelectFamilyAttemptedAddresses.join(', ')},` + } else { + message += ` (attempted address: ${opts.hostname}:${opts.port},` + } + message += ` timeout: ${opts.timeout}ms)` + + const wrapped = new ConnectTimeoutError(message) + wrapped.cause = err + return wrapped + } + return err +} + module.exports = buildConnector diff --git a/deps/undici/src/lib/core/util.js b/deps/undici/src/lib/core/util.js index 98337c596c76c7..1f6611d64047b7 100644 --- a/deps/undici/src/lib/core/util.js +++ b/deps/undici/src/lib/core/util.js @@ -698,9 +698,8 @@ function isFormDataLike (object) { } function addAbortListener (signal, listener) { - if (signal instanceof AbortSignal) { - const disposable = addAbortListenerNative(signal, listener) - return () => disposable[Symbol.dispose]() + if (!signal || 'aborted' in signal) { + return addAbortListenerNative(signal, listener)[Symbol.dispose] } if (typeof signal.addEventListener === 'function') { @@ -793,8 +792,9 @@ const rangeHeaderRegex = /^bytes (\d+)-(\d+)\/(\d+|\*)?$/ */ function parseRangeHeader (range) { if (range == null || range === '') return { start: 0, end: null, size: null } + if (!range) return null - const m = range ? range.match(rangeHeaderRegex) : null + const m = rangeHeaderRegex.exec(range) return m ? { start: parseInt(m[1]), @@ -943,8 +943,10 @@ function getProtocolFromUrlString (urlString) { return urlString.slice(0, urlString.indexOf(':') + 1) } -const kEnumerableProperty = Object.create(null) -kEnumerableProperty.enumerable = true +const kEnumerableProperty = { + __proto__: null, + enumerable: true +} const normalizedMethodRecordsBase = { delete: 'DELETE', diff --git a/deps/undici/src/lib/dispatcher/client-h2.js b/deps/undici/src/lib/dispatcher/client-h2.js index ba9157cab5b145..e378010513a139 100644 --- a/deps/undici/src/lib/dispatcher/client-h2.js +++ b/deps/undici/src/lib/dispatcher/client-h2.js @@ -8,7 +8,9 @@ const { RequestAbortedError, SocketError, InformationalError, - InvalidArgumentError + InvalidArgumentError, + HeadersTimeoutError, + BodyTimeoutError } = require('../core/errors.js') const { kUrl, @@ -33,6 +35,7 @@ const { kSize, kHTTPContext, kClosed, + kHeadersTimeout, kBodyTimeout, kEnableConnectProtocol, kRemoteSettings, @@ -81,6 +84,29 @@ function getGoAwayError (session, errorCode) { : new SocketError(`HTTP/2: "GOAWAY" frame received with code ${errorCode}`, util.getSocketInfo(session[kSocket]))) } +function resetHttp2Session (session, err) { + const client = session[kClient] + const socket = session[kSocket] + + if (client[kHTTP2Session] === session) { + client[kSocket] = null + client[kHTTPContext] = null + client[kHTTP2Session] = null + } + + if (socket != null && socket[kError] == null) { + socket[kError] = err + } + + if (!session.closed && !session.destroyed) { + try { + session.destroy(err) + } catch {} + } + + util.destroy(socket, err) +} + function getGoAwayPendingIdx (client, lastStreamID) { const maxAcceptedStreamID = Number.isInteger(lastStreamID) ? lastStreamID : Number.MAX_SAFE_INTEGER @@ -122,6 +148,10 @@ function clearRequestStream (request) { cleanup?.(stream) } +function requeueUnsentRequest (client, request) { + client[kQueue].splice(client[kPendingIdx] + 1, 0, request) +} + function canRetryRequestAfterGoAway (request) { const { body } = request @@ -629,7 +659,7 @@ function onUpgradeStreamEnd () { function onUpgradeStreamTimeout () { const state = this[kRequestStreamState] - failUpgradeStream(state, new InformationalError(`HTTP/2: "stream timeout after ${state.requestTimeout}"`)) + failUpgradeStream(state, new InformationalError(`HTTP/2: "stream timeout after ${state.headersTimeout}"`)) } function onUpgradeResponse (headers, _flags) { @@ -654,7 +684,7 @@ function onUpgradeResponse (headers, _flags) { } function setupUpgradeStream (stream, state) { - const { request, requestTimeout, session } = state + const { request, headersTimeout, session } = state stream[kHTTP2Stream] = true stream[kHTTP2Session] = session @@ -669,11 +699,12 @@ function setupUpgradeStream (stream, state) { stream.once('close', onUpgradeStreamClose) ++session[kOpenStreams] - stream.setTimeout(requestTimeout) + stream.setTimeout(headersTimeout) } function writeH2 (client, request) { - const requestTimeout = request.bodyTimeout ?? client[kBodyTimeout] + const headersTimeout = request.headersTimeout ?? client[kHeadersTimeout] + const bodyTimeout = request.bodyTimeout ?? client[kBodyTimeout] const session = client[kHTTP2Session] const { method, path, host, upgrade, expectContinue, signal, protocol, headers: reqHeaders } = request let { body } = request @@ -736,8 +767,14 @@ function writeH2 (client, request) { try { return session.request(headers, options) } catch (err) { - if (err?.code !== 'ERR_HTTP2_INVALID_CONNECTION_HEADERS') { - throw err + if (err?.code === 'ERR_HTTP2_INVALID_SESSION') { + const wrappedErr = new SocketError(err.message, util.getSocketInfo(session[kSocket])) + wrappedErr.cause = err + session[kError] = wrappedErr + resetHttp2Session(session, wrappedErr) + requeueUnsentRequest(client, request) + + return null } const wrappedErr = new InformationalError(err.message, { cause: err }) @@ -771,7 +808,8 @@ function writeH2 (client, request) { abort, finalizeRequest, request, - requestTimeout, + headersTimeout, + bodyTimeout, responseReceived: false, session, stream: null @@ -912,7 +950,8 @@ function writeH2 (client, request) { expectsPayload, finalizeRequest, request, - requestTimeout, + headersTimeout, + bodyTimeout, responseReceived: false, session, stream: null @@ -929,11 +968,10 @@ function writeH2 (client, request) { stream[kHTTP2Stream] = true stream[kRequestStreamState] = state state.stream = stream - bindRequestToStream(request, stream, null) // Increment counter as we have new streams open ++session[kOpenStreams] - stream.setTimeout(requestTimeout) + stream.setTimeout(headersTimeout) stream[kHTTP2Session] = session stream.once('close', onRequestStreamClose) @@ -1017,6 +1055,7 @@ function onResponse (headers) { delete headers[HTTP2_HEADER_STATUS] request.onResponseStarted() state.responseReceived = true + stream.setTimeout(state.bodyTimeout) // Due to the stream nature, it is possible we face a race condition // where the stream has been assigned, but the request has been aborted @@ -1087,7 +1126,9 @@ function onTimeout () { releaseRequestStream(stream) - const err = new InformationalError(`HTTP/2: "stream timeout after ${state.requestTimeout}"`) + const err = state.responseReceived + ? new BodyTimeoutError(`HTTP/2: "stream timeout after ${state.bodyTimeout}"`) + : new HeadersTimeoutError(`HTTP/2: "headers timeout after ${state.headersTimeout}"`) state.abort(err) } diff --git a/deps/undici/src/lib/dispatcher/client.js b/deps/undici/src/lib/dispatcher/client.js index c2195f3dd37503..c6cd7d170ebdd5 100644 --- a/deps/undici/src/lib/dispatcher/client.js +++ b/deps/undici/src/lib/dispatcher/client.js @@ -76,6 +76,18 @@ function getPipelining (client) { return client[kPipelining] ?? client[kHTTPContext]?.defaultPipelining ?? 1 } +// Protocol-aware dispatch ceiling. h1 RFC7230 pipelining is unrelated to h2 +// stream multiplexing — over h2 the ceiling is the (server-confirmed) +// maxConcurrentStreams. Before a context is attached we use the h1 +// pipelining factor; once h2 attaches the queued requests can drain in +// one batch up to maxConcurrentStreams. +function getMaxConcurrent (client) { + if (client[kHTTPContext]?.version === 'h2') { + return client[kMaxConcurrentStreams] + } + return getPipelining(client) +} + /** * @type {import('../../types/client.js').default} */ @@ -326,10 +338,17 @@ class Client extends DispatcherBase { } get [kBusy] () { + // The `kPending > 0` check below is the gate Pool uses to decide whether + // to spin up an additional Client. For h1 that fan-out is correct — + // each socket only handles one pipelined request at a time. Once an h2 + // context is attached we want concurrent dispatches to multiplex onto + // the shared session, so suppress that signal in the h2 case. + const allowsMux = this[kHTTPContext]?.version === 'h2' + return Boolean( this[kHTTPContext]?.busy(null) || - (this[kSize] >= (getPipelining(this) || 1)) || - this[kPending] > 0 + (this[kSize] >= (getMaxConcurrent(this) || 1)) || + (this[kPending] > 0 && !allowsMux) ) } @@ -616,7 +635,7 @@ function _resume (client, sync) { return } - if (client[kRunning] >= (getPipelining(client) || 1)) { + if (client[kRunning] >= (getMaxConcurrent(client) || 1)) { return } diff --git a/deps/undici/src/lib/handler/redirect-handler.js b/deps/undici/src/lib/handler/redirect-handler.js index 35a4aa4232e218..8ead972b742e87 100644 --- a/deps/undici/src/lib/handler/redirect-handler.js +++ b/deps/undici/src/lib/handler/redirect-handler.js @@ -29,9 +29,11 @@ class RedirectHandler { this.dispatch = dispatch this.location = null - const { maxRedirections: _, ...cleanOpts } = opts + const { maxRedirections: _, stripHeadersOnRedirect, stripHeadersOnCrossOriginRedirect, ...cleanOpts } = opts this.opts = cleanOpts // opts must be a copy, exclude maxRedirections this.opts.body = util.wrapRequestBody(this.opts.body) + this.stripHeadersOnRedirect = normalizeStripHeaders(stripHeadersOnRedirect, 'stripHeadersOnRedirect') + this.stripHeadersOnCrossOriginRedirect = normalizeStripHeaders(stripHeadersOnCrossOriginRedirect, 'stripHeadersOnCrossOriginRedirect') this.maxRedirections = maxRedirections this.handler = handler this.history = [] @@ -100,7 +102,7 @@ class RedirectHandler { // Remove headers referring to the original URL. // By default it is Host only, unless it's a 303 (see below), which removes also all Content-* headers. // https://tools.ietf.org/html/rfc7231#section-6.4 - this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin) + this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin, this.stripHeadersOnRedirect, this.stripHeadersOnCrossOriginRedirect) this.opts.path = path this.opts.origin = origin this.opts.query = null @@ -152,26 +154,49 @@ class RedirectHandler { } // https://tools.ietf.org/html/rfc7231#section-6.4.4 -function shouldRemoveHeader (header, removeContent, unknownOrigin) { - if (header.length === 4) { - return util.headerNameToString(header) === 'host' +function shouldRemoveHeader (header, removeContent, unknownOrigin, stripHeaders, stripHeadersOnCrossOrigin) { + const name = util.headerNameToString(header) + if (name === 'host') { + return true + } + if (stripHeaders?.has(name) || (unknownOrigin && stripHeadersOnCrossOrigin?.has(name))) { + return true } - if (removeContent && util.headerNameToString(header).startsWith('content-')) { + if (removeContent && name.startsWith('content-')) { return true } - if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) { - const name = util.headerNameToString(header) + if (unknownOrigin) { return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization' } return false } // https://tools.ietf.org/html/rfc7231#section-6.4 -function cleanRequestHeaders (headers, removeContent, unknownOrigin) { +function normalizeStripHeaders (headers, optionName) { + if (headers == null) { + return null + } + + if (!Array.isArray(headers)) { + throw new InvalidArgumentError(`${optionName} must be an array`) + } + + const normalized = new Set() + for (const header of headers) { + if (typeof header !== 'string') { + throw new InvalidArgumentError(`${optionName} must contain header names`) + } + + normalized.add(util.headerNameToString(header)) + } + return normalized +} + +function cleanRequestHeaders (headers, removeContent, unknownOrigin, stripHeaders, stripHeadersOnCrossOrigin) { const ret = [] if (Array.isArray(headers)) { for (let i = 0; i < headers.length; i += 2) { - if (!shouldRemoveHeader(headers[i], removeContent, unknownOrigin)) { + if (!shouldRemoveHeader(headers[i], removeContent, unknownOrigin, stripHeaders, stripHeadersOnCrossOrigin)) { ret.push(headers[i], headers[i + 1]) } } @@ -179,7 +204,7 @@ function cleanRequestHeaders (headers, removeContent, unknownOrigin) { const entries = util.hasSafeIterator(headers) ? headers : Object.entries(headers) for (const [key, value] of entries) { - if (!shouldRemoveHeader(key, removeContent, unknownOrigin)) { + if (!shouldRemoveHeader(key, removeContent, unknownOrigin, stripHeaders, stripHeadersOnCrossOrigin)) { ret.push(key, value) } } diff --git a/deps/undici/src/lib/interceptor/redirect.js b/deps/undici/src/lib/interceptor/redirect.js index 83b4c9a7b2fac0..34e9b32119781f 100644 --- a/deps/undici/src/lib/interceptor/redirect.js +++ b/deps/undici/src/lib/interceptor/redirect.js @@ -2,16 +2,16 @@ const RedirectHandler = require('../handler/redirect-handler') -function createRedirectInterceptor ({ maxRedirections: defaultMaxRedirections, throwOnMaxRedirect: defaultThrowOnMaxRedirect } = {}) { +function createRedirectInterceptor ({ maxRedirections: defaultMaxRedirections, throwOnMaxRedirect: defaultThrowOnMaxRedirect, stripHeadersOnRedirect: defaultStripHeadersOnRedirect, stripHeadersOnCrossOriginRedirect: defaultStripHeadersOnCrossOriginRedirect } = {}) { return (dispatch) => { return function Intercept (opts, handler) { - const { maxRedirections = defaultMaxRedirections, throwOnMaxRedirect = defaultThrowOnMaxRedirect, ...rest } = opts + const { maxRedirections = defaultMaxRedirections, throwOnMaxRedirect = defaultThrowOnMaxRedirect, stripHeadersOnRedirect = defaultStripHeadersOnRedirect, stripHeadersOnCrossOriginRedirect = defaultStripHeadersOnCrossOriginRedirect, ...rest } = opts if (maxRedirections == null || maxRedirections === 0) { return dispatch(opts, handler) } - const dispatchOpts = { ...rest, throwOnMaxRedirect } // Stop sub dispatcher from also redirecting. + const dispatchOpts = { ...rest, throwOnMaxRedirect, stripHeadersOnRedirect, stripHeadersOnCrossOriginRedirect } // Stop sub dispatcher from also redirecting. const redirectHandler = new RedirectHandler(dispatch, maxRedirections, dispatchOpts, handler) return dispatch(dispatchOpts, redirectHandler) } diff --git a/deps/undici/src/lib/llhttp/wasm_build_env.txt b/deps/undici/src/lib/llhttp/wasm_build_env.txt index 3ba57f70d8d37e..a11903eea99064 100644 --- a/deps/undici/src/lib/llhttp/wasm_build_env.txt +++ b/deps/undici/src/lib/llhttp/wasm_build_env.txt @@ -1,5 +1,5 @@ -> undici@8.3.0 build:wasm +> undici@8.4.0 build:wasm > node build/wasm.js --docker > docker run --rm --platform=linux/x86_64 --user 1001:1001 --mount type=bind,source=/home/runner/work/node/node/deps/undici/src/lib/llhttp,target=/home/node/build/lib/llhttp --mount type=bind,source=/home/runner/work/node/node/deps/undici/src/build,target=/home/node/build/build --mount type=bind,source=/home/runner/work/node/node/deps/undici/src/deps,target=/home/node/build/deps -t ghcr.io/nodejs/wasm-builder@sha256:975f391d907e42a75b8c72eb77c782181e941608687d4d8694c3e9df415a0970 node build/wasm.js diff --git a/deps/undici/src/lib/mock/mock-call-history.js b/deps/undici/src/lib/mock/mock-call-history.js index 74de68247c7d2d..d963c3c7427124 100644 --- a/deps/undici/src/lib/mock/mock-call-history.js +++ b/deps/undici/src/lib/mock/mock-call-history.js @@ -35,7 +35,7 @@ function buildAndValidateFilterCallsOptions (options = {}) { } function makeFilterCalls (parameterName) { - return (parameterValue, logs) => { + return (parameterValue, logs = this.logs) => { if (typeof parameterValue === 'string' || parameterValue == null) { return logs.filter((log) => { return log[parameterName] === parameterValue diff --git a/deps/undici/src/lib/mock/snapshot-agent.js b/deps/undici/src/lib/mock/snapshot-agent.js index 362745c414c158..90bc3e0a50dc48 100644 --- a/deps/undici/src/lib/mock/snapshot-agent.js +++ b/deps/undici/src/lib/mock/snapshot-agent.js @@ -354,7 +354,15 @@ class SnapshotAgent extends MockAgent { * @returns {Promise} */ async close () { - await this[kSnapshotRecorder].close() + // In playback mode the recorder must not persist to disk. findSnapshot() + // mutates each matched snapshot's callCount, so saving on close would + // rewrite the snapshot file even though nothing new was recorded. Only + // record/update modes should write snapshots; playback just cleans up. + if (this[kSnapshotMode] === 'playback') { + this[kSnapshotRecorder].destroy() + } else { + await this[kSnapshotRecorder].close() + } await this[kRealAgent]?.close() await super.close() } diff --git a/deps/undici/src/lib/web/fetch/index.js b/deps/undici/src/lib/web/fetch/index.js index 1959f27c04aa96..9745e167d7dfa3 100644 --- a/deps/undici/src/lib/web/fetch/index.js +++ b/deps/undici/src/lib/web/fetch/index.js @@ -11,7 +11,7 @@ const { getResponseState } = require('./response') const { HeadersList } = require('./headers') -const { Request, cloneRequest, getRequestDispatcher, getRequestState } = require('./request') +const { Request, cloneRequest, getRequestDispatcher, getRequestState, removeRequestAbortListener } = require('./request') const zlib = require('node:zlib') const { makePolicyContainer, @@ -208,7 +208,7 @@ function fetch (input, init = undefined) { let controller = null // 11. Add the following abort steps to requestObject’s signal: - addAbortListener( + const removeAbortListener = addAbortListener( requestObject.signal, () => { // 1. Set locallyAborted to true. @@ -228,6 +228,15 @@ function fetch (input, init = undefined) { } ) + // Remove the `abort` listeners registered above and in the Request + // constructor once the fetch has settled. Without this, reusing a single + // signal across many requests leaks listeners and Node.js emits a + // MaxListenersExceededWarning. See https://github.com/nodejs/undici/issues/5285 + const cleanupAbortListeners = () => { + removeAbortListener() + removeRequestAbortListener(requestObject) + } + // 12. Let handleFetchDone given response response be to finalize and // report timing with response, globalObject, and "fetch". // see function handleFetchDone @@ -252,6 +261,7 @@ function fetch (input, init = undefined) { // deserializedError. abortFetch(p, request, responseObject, controller.serializedAbortReason, controller.controller) + cleanupAbortListeners() return } @@ -259,6 +269,7 @@ function fetch (input, init = undefined) { // and terminate these substeps. if (response.type === 'error') { p.reject(new TypeError('fetch failed', { cause: response.error })) + cleanupAbortListeners() return } @@ -273,7 +284,10 @@ function fetch (input, init = undefined) { controller = fetching({ request, - processResponseEndOfBody: handleFetchDone, + processResponseEndOfBody: (response) => { + handleFetchDone(response) + cleanupAbortListeners() + }, processResponse, dispatcher: getRequestDispatcher(requestObject), // undici // Keep requestObject alive to prevent its AbortController from being GC'd diff --git a/deps/undici/src/lib/web/fetch/request.js b/deps/undici/src/lib/web/fetch/request.js index 6ef40f99920840..1fb6b8a45e5b7e 100644 --- a/deps/undici/src/lib/web/fetch/request.js +++ b/deps/undici/src/lib/web/fetch/request.js @@ -97,6 +97,13 @@ class Request { #state + /** + * Removes the `abort` listener that makes this request's signal follow the + * passed signal. `null` when no such listener was registered. + * @type {(() => void) | null} + */ + #abortCleanup = null + // https://fetch.spec.whatwg.org/#dom-request constructor (input, init = undefined) { webidl.util.markAsUncloneable(this) @@ -436,12 +443,23 @@ class Request { setMaxListeners(1500, signal) } - util.addAbortListener(signal, abort) + const removeAbortListener = util.addAbortListener(signal, abort) // The third argument must be a registry key to be unregistered. // Without it, you cannot unregister. // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/FinalizationRegistry // abort is used as the unregister key. (because it is unique) requestFinalizer.register(ac, { signal, abort }, abort) + + // Allow the listener to be removed deterministically once the fetch + // that owns this request has settled, instead of relying solely on the + // FinalizationRegistry (i.e. garbage collection). Reusing a single + // signal across many requests would otherwise leak listeners. + // See https://github.com/nodejs/undici/issues/5285 + this.#abortCleanup = () => { + requestFinalizer.unregister(abort) + removeAbortListener() + this.#abortCleanup = null + } } } @@ -868,15 +886,25 @@ class Request { static setRequestState (request, newState) { request.#state = newState } + + /** + * Removes the `abort` listener that makes this request's signal follow the + * signal passed to its constructor, if any. Idempotent. + * @param {Request} request + */ + static removeRequestAbortListener (request) { + request.#abortCleanup?.() + } } -const { setRequestSignal, getRequestDispatcher, setRequestDispatcher, setRequestHeaders, getRequestState, setRequestState } = Request +const { setRequestSignal, getRequestDispatcher, setRequestDispatcher, setRequestHeaders, getRequestState, setRequestState, removeRequestAbortListener } = Request Reflect.deleteProperty(Request, 'setRequestSignal') Reflect.deleteProperty(Request, 'getRequestDispatcher') Reflect.deleteProperty(Request, 'setRequestDispatcher') Reflect.deleteProperty(Request, 'setRequestHeaders') Reflect.deleteProperty(Request, 'getRequestState') Reflect.deleteProperty(Request, 'setRequestState') +Reflect.deleteProperty(Request, 'removeRequestAbortListener') mixinBody(Request, getRequestState) @@ -1111,5 +1139,6 @@ module.exports = { fromInnerRequest, cloneRequest, getRequestDispatcher, - getRequestState + getRequestState, + removeRequestAbortListener } diff --git a/deps/undici/src/package-lock.json b/deps/undici/src/package-lock.json index dcfc6ca55f2bff..d574145badb9f2 100644 --- a/deps/undici/src/package-lock.json +++ b/deps/undici/src/package-lock.json @@ -1,12 +1,12 @@ { "name": "undici", - "version": "8.3.0", + "version": "8.4.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "undici", - "version": "8.3.0", + "version": "8.4.0", "license": "MIT", "devDependencies": { "@fastify/busboy": "3.2.0", @@ -7284,9 +7284,9 @@ } }, "node_modules/jsondiffpatch": { - "version": "0.7.3", - "resolved": "https://registry.npmjs.org/jsondiffpatch/-/jsondiffpatch-0.7.3.tgz", - "integrity": "sha512-zd4dqFiXSYyant2WgSXAZ9+yYqilNVvragVNkNRn2IFZKgjyULNrKRznqN4Zon0MkLueCg+3QaPVCnDAVP20OQ==", + "version": "0.7.6", + "resolved": "https://registry.npmjs.org/jsondiffpatch/-/jsondiffpatch-0.7.6.tgz", + "integrity": "sha512-zE9+AXFq+MkTolDor2Cw1nJzLC0aleqPkYf52Kb4Kn4mJcka/gFHpGI2JBVEJCfWOvBl0OoxZS+wuLdislQcqg==", "dev": true, "license": "MIT", "dependencies": { @@ -10491,9 +10491,9 @@ } }, "node_modules/ws": { - "version": "8.20.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz", - "integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "license": "MIT", "engines": { diff --git a/deps/undici/src/package.json b/deps/undici/src/package.json index b9d007ade7cf0c..6fb07c18274458 100644 --- a/deps/undici/src/package.json +++ b/deps/undici/src/package.json @@ -1,6 +1,6 @@ { "name": "undici", - "version": "8.3.0", + "version": "8.4.0", "description": "An HTTP/1.1 client, written from scratch for Node.js", "homepage": "https://undici.nodejs.org", "bugs": { diff --git a/deps/undici/src/repro-h2-pipelining-default.mjs b/deps/undici/src/repro-h2-pipelining-default.mjs new file mode 100644 index 00000000000000..82616363fed822 --- /dev/null +++ b/deps/undici/src/repro-h2-pipelining-default.mjs @@ -0,0 +1,78 @@ +// Repro for the H2 default-pipelining bottleneck described in #4143. +// +// Since 8.0.0 allowH2 defaults to true, but pipelining still defaults to 1. +// On a single shared H2 session (connections=1) that serializes concurrent +// fetch() calls into one in-flight stream at a time, instead of multiplexing. +// Without connections set, Agent works around it by opening one TCP socket +// per concurrent request — defeating H2 multiplexing entirely and creating +// extra TLS handshakes. +// +// Run: +// node repro-h2-pipelining-default.mjs +// +// Expected output on main: +// default (allowH2=true, p=1) total~=1s sockets=5 h2sessions=5 (one socket per req) +// connections=1, p=1 (default) total~=5s sockets=1 h2sessions=1 (serialized!) +// connections=1, pipelining=100 total~=1s sockets=1 h2sessions=1 (multiplexed) + +import { createSecureServer } from 'node:http2' +import { once } from 'node:events' +import pem from '@metcoder95/https-pem' +import { fetch, Agent } from './index.js' + +const N = 5 +const DELAY = 1000 + +const server = createSecureServer({ + ...(await pem.generate({ opts: { keySize: 2048 } })), + allowHTTP1: true +}) +let inFlight = 0 +let peakInFlight = 0 +const arrivedAt = [] +const sockets = new Set() +const sessions = new Set() +server.on('session', (s) => sessions.add(s)) +server.on('connection', (sock) => sockets.add(sock)) +server.on('stream', (stream) => { + arrivedAt.push(Date.now()) + inFlight++ + peakInFlight = Math.max(peakInFlight, inFlight) + setTimeout(() => { + inFlight-- + stream.respond({ ':status': 200 }) + stream.end('ok') + }, DELAY) +}) +server.listen(0) +await once(server, 'listening') +const url = `https://localhost:${server.address().port}/` + +async function run (label, dispatcher) { + arrivedAt.length = 0 + peakInFlight = 0 + sockets.clear() + sessions.clear() + const t0 = Date.now() + await Promise.all( + Array.from({ length: N }, () => + fetch(url, { dispatcher }).then(r => r.text()) + ) + ) + const total = Date.now() - t0 + const spreadMs = arrivedAt.at(-1) - arrivedAt[0] + console.log( + `${label.padEnd(28)} total=${total}ms ` + + `peak=${peakInFlight} ` + + `sockets=${sockets.size} h2sessions=${sessions.size} ` + + `spread=${spreadMs}ms` + ) + await dispatcher.close() +} + +const tlsOpts = { connect: { rejectUnauthorized: false } } +await run('default (allowH2=true, p=1)', new Agent(tlsOpts)) +await run('connections=1, p=1 (default)', new Agent({ ...tlsOpts, connections: 1 })) +await run('connections=1, pipelining=100', new Agent({ ...tlsOpts, connections: 1, pipelining: 100 })) + +server.close() diff --git a/deps/undici/src/types/connector.d.ts b/deps/undici/src/types/connector.d.ts index 34606a320fdc73..b089942f980c31 100644 --- a/deps/undici/src/types/connector.d.ts +++ b/deps/undici/src/types/connector.d.ts @@ -7,6 +7,7 @@ declare function buildConnector (options?: buildConnector.BuildOptions): buildCo declare namespace buildConnector { export type BuildOptions = (ConnectionOptions | TcpNetConnectOpts | IpcNetConnectOpts) & { allowH2?: boolean; + preferH2?: boolean; maxCachedSessions?: number | null; socketPath?: string | null; timeout?: number | null; diff --git a/deps/undici/src/types/fetch.d.ts b/deps/undici/src/types/fetch.d.ts index a2dbf67656f71d..d4fc1d2219658c 100644 --- a/deps/undici/src/types/fetch.d.ts +++ b/deps/undici/src/types/fetch.d.ts @@ -36,7 +36,10 @@ export class BodyMixin { readonly bytes: () => Promise /** * @deprecated This method is not recommended for parsing multipart/form-data bodies in server environments. - * It is recommended to use a library such as [@fastify/busboy](https://www.npmjs.com/package/@fastify/busboy) as follows: + * Calling body.formData() buffers and parses the entire body. Since this is dictated by the spec, + * this method must only be called on responses from trusted servers. + * For responses from untrusted or user-controlled servers, use a dedicated streaming parser such as + * [@fastify/busboy](https://www.npmjs.com/package/@fastify/busboy) and apply application-specific limits as follows: * * @example * ```js diff --git a/deps/undici/src/types/interceptors.d.ts b/deps/undici/src/types/interceptors.d.ts index 3b90a28592f9b1..d21d717cec517e 100644 --- a/deps/undici/src/types/interceptors.d.ts +++ b/deps/undici/src/types/interceptors.d.ts @@ -8,7 +8,7 @@ export default Interceptors declare namespace Interceptors { export type DumpInterceptorOpts = { maxSize?: number } export type RetryInterceptorOpts = RetryHandler.RetryOptions - export type RedirectInterceptorOpts = { maxRedirections?: number, throwOnMaxRedirect?: boolean } + export type RedirectInterceptorOpts = { maxRedirections?: number, throwOnMaxRedirect?: boolean, stripHeadersOnRedirect?: string[], stripHeadersOnCrossOriginRedirect?: string[] } export type DecompressInterceptorOpts = { skipErrorResponses?: boolean skipStatusCodes?: number[] diff --git a/deps/undici/undici.js b/deps/undici/undici.js index 20e38982a91d47..c62257ae159057 100644 --- a/deps/undici/undici.js +++ b/deps/undici/undici.js @@ -1988,9 +1988,8 @@ var require_util = __commonJS({ } __name(isFormDataLike, "isFormDataLike"); function addAbortListener(signal, listener) { - if (signal instanceof AbortSignal) { - const disposable = addAbortListenerNative(signal, listener); - return () => disposable[Symbol.dispose](); + if (!signal || "aborted" in signal) { + return addAbortListenerNative(signal, listener)[Symbol.dispose]; } if (typeof signal.addEventListener === "function") { signal.addEventListener("abort", listener, { once: true }); @@ -2298,7 +2297,8 @@ var require_util = __commonJS({ var rangeHeaderRegex = /^bytes (\d+)-(\d+)\/(\d+|\*)?$/; function parseRangeHeader(range) { if (range == null || range === "") return { start: 0, end: null, size: null }; - const m = range ? range.match(rangeHeaderRegex) : null; + if (!range) return null; + const m = rangeHeaderRegex.exec(range); return m ? { start: parseInt(m[1]), end: m[2] ? parseInt(m[2]) : null, @@ -2391,8 +2391,10 @@ var require_util = __commonJS({ return urlString.slice(0, urlString.indexOf(":") + 1); } __name(getProtocolFromUrlString, "getProtocolFromUrlString"); - var kEnumerableProperty = /* @__PURE__ */ Object.create(null); - kEnumerableProperty.enumerable = true; + var kEnumerableProperty = { + __proto__: null, + enumerable: true + }; var normalizedMethodRecordsBase = { delete: "DELETE", DELETE: "DELETE", @@ -3132,7 +3134,7 @@ var require_connect = __commonJS({ var net = require("node:net"); var assert = require("node:assert"); var util = require_util(); - var { InvalidArgumentError } = require_errors(); + var { InvalidArgumentError, ConnectTimeoutError } = require_errors(); var tls; var SessionCache = class WeakSessionCache { static { @@ -3177,7 +3179,7 @@ var require_connect = __commonJS({ this._sessionRegistry.register(session, sessionKey); } }; - function buildConnector({ allowH2, useH2c, maxCachedSessions, socketPath, timeout, session: customSession, ...opts }) { + function buildConnector({ allowH2, preferH2, useH2c, maxCachedSessions, socketPath, timeout, session: customSession, ...opts }) { if (maxCachedSessions != null && (!Number.isInteger(maxCachedSessions) || maxCachedSessions < 0)) { throw new InvalidArgumentError("maxCachedSessions must be a positive integer or zero"); } @@ -3203,7 +3205,7 @@ var require_connect = __commonJS({ servername, session, localAddress, - ALPNProtocols: allowH2 ? ["http/1.1", "h2"] : ["http/1.1"], + ALPNProtocols: allowH2 ? preferH2 ? ["h2", "http/1.1"] : ["http/1.1", "h2"] : ["http/1.1"], socket: httpSocket, // upgrade socket connection port, @@ -3244,13 +3246,29 @@ var require_connect = __commonJS({ if (callback) { const cb = callback; callback = null; - cb(err); + cb(maybeNormalizeConnectError(err, this, { timeout, hostname, port })); } }); return socket; }, "connect"); } __name(buildConnector, "buildConnector"); + function maybeNormalizeConnectError(err, socket, opts) { + if (err instanceof AggregateError && (err.code === "ETIMEDOUT" || err.errors.some((e) => e != null && e.code === "ETIMEDOUT"))) { + let message = "Connect Timeout Error"; + if (Array.isArray(socket.autoSelectFamilyAttemptedAddresses)) { + message += ` (attempted addresses: ${socket.autoSelectFamilyAttemptedAddresses.join(", ")},`; + } else { + message += ` (attempted address: ${opts.hostname}:${opts.port},`; + } + message += ` timeout: ${opts.timeout}ms)`; + const wrapped = new ConnectTimeoutError(message); + wrapped.cause = err; + return wrapped; + } + return err; + } + __name(maybeNormalizeConnectError, "maybeNormalizeConnectError"); module2.exports = buildConnector; } }); @@ -8186,7 +8204,9 @@ var require_client_h2 = __commonJS({ RequestAbortedError, SocketError, InformationalError, - InvalidArgumentError + InvalidArgumentError, + HeadersTimeoutError, + BodyTimeoutError } = require_errors(); var { kUrl, @@ -8211,6 +8231,7 @@ var require_client_h2 = __commonJS({ kSize, kHTTPContext, kClosed, + kHeadersTimeout, kBodyTimeout, kEnableConnectProtocol, kRemoteSettings, @@ -8249,6 +8270,26 @@ var require_client_h2 = __commonJS({ return session[kError] || (errorCode === NGHTTP2_NO_ERROR ? new InformationalError(`HTTP/2: "GOAWAY" frame received with code ${errorCode}`) : new SocketError(`HTTP/2: "GOAWAY" frame received with code ${errorCode}`, util.getSocketInfo(session[kSocket]))); } __name(getGoAwayError, "getGoAwayError"); + function resetHttp2Session(session, err) { + const client = session[kClient]; + const socket = session[kSocket]; + if (client[kHTTP2Session] === session) { + client[kSocket] = null; + client[kHTTPContext] = null; + client[kHTTP2Session] = null; + } + if (socket != null && socket[kError] == null) { + socket[kError] = err; + } + if (!session.closed && !session.destroyed) { + try { + session.destroy(err); + } catch { + } + } + util.destroy(socket, err); + } + __name(resetHttp2Session, "resetHttp2Session"); function getGoAwayPendingIdx(client, lastStreamID) { const maxAcceptedStreamID = Number.isInteger(lastStreamID) ? lastStreamID : Number.MAX_SAFE_INTEGER; for (let i = client[kRunningIdx]; i < client[kPendingIdx]; i++) { @@ -8286,6 +8327,10 @@ var require_client_h2 = __commonJS({ cleanup?.(stream); } __name(clearRequestStream, "clearRequestStream"); + function requeueUnsentRequest(client, request) { + client[kQueue].splice(client[kPendingIdx] + 1, 0, request); + } + __name(requeueUnsentRequest, "requeueUnsentRequest"); function canRetryRequestAfterGoAway(request) { const { body } = request; return body == null || util.isBuffer(body) || util.isBlobLike(body); @@ -8684,7 +8729,7 @@ var require_client_h2 = __commonJS({ __name(onUpgradeStreamEnd, "onUpgradeStreamEnd"); function onUpgradeStreamTimeout() { const state = this[kRequestStreamState]; - failUpgradeStream(state, new InformationalError(`HTTP/2: "stream timeout after ${state.requestTimeout}"`)); + failUpgradeStream(state, new InformationalError(`HTTP/2: "stream timeout after ${state.headersTimeout}"`)); } __name(onUpgradeStreamTimeout, "onUpgradeStreamTimeout"); function onUpgradeResponse(headers, _flags) { @@ -8704,7 +8749,7 @@ var require_client_h2 = __commonJS({ } __name(onUpgradeResponse, "onUpgradeResponse"); function setupUpgradeStream(stream, state) { - const { request, requestTimeout, session } = state; + const { request, headersTimeout, session } = state; stream[kHTTP2Stream] = true; stream[kHTTP2Session] = session; stream[kRequestStreamState] = state; @@ -8716,11 +8761,12 @@ var require_client_h2 = __commonJS({ stream.on("timeout", onUpgradeStreamTimeout); stream.once("close", onUpgradeStreamClose); ++session[kOpenStreams]; - stream.setTimeout(requestTimeout); + stream.setTimeout(headersTimeout); } __name(setupUpgradeStream, "setupUpgradeStream"); function writeH2(client, request) { - const requestTimeout = request.bodyTimeout ?? client[kBodyTimeout]; + const headersTimeout = request.headersTimeout ?? client[kHeadersTimeout]; + const bodyTimeout = request.bodyTimeout ?? client[kBodyTimeout]; const session = client[kHTTP2Session]; const { method, path, host, upgrade, expectContinue, signal, protocol, headers: reqHeaders } = request; let { body } = request; @@ -8762,8 +8808,13 @@ var require_client_h2 = __commonJS({ try { return session.request(headers2, options); } catch (err) { - if (err?.code !== "ERR_HTTP2_INVALID_CONNECTION_HEADERS") { - throw err; + if (err?.code === "ERR_HTTP2_INVALID_SESSION") { + const wrappedErr2 = new SocketError(err.message, util.getSocketInfo(session[kSocket])); + wrappedErr2.cause = err; + session[kError] = wrappedErr2; + resetHttp2Session(session, wrappedErr2); + requeueUnsentRequest(client, request); + return null; } const wrappedErr = new InformationalError(err.message, { cause: err }); session[kError] = wrappedErr; @@ -8788,7 +8839,8 @@ var require_client_h2 = __commonJS({ abort, finalizeRequest, request, - requestTimeout, + headersTimeout, + bodyTimeout, responseReceived: false, session, stream: null @@ -8872,7 +8924,8 @@ var require_client_h2 = __commonJS({ expectsPayload, finalizeRequest, request, - requestTimeout, + headersTimeout, + bodyTimeout, responseReceived: false, session, stream: null @@ -8887,9 +8940,8 @@ var require_client_h2 = __commonJS({ stream[kHTTP2Stream] = true; stream[kRequestStreamState] = state; state.stream = stream; - bindRequestToStream(request, stream, null); ++session[kOpenStreams]; - stream.setTimeout(requestTimeout); + stream.setTimeout(headersTimeout); stream[kHTTP2Session] = session; stream.once("close", onRequestStreamClose); bindRequestToStream(request, stream, releaseRequestStream); @@ -8960,6 +9012,7 @@ var require_client_h2 = __commonJS({ delete headers[HTTP2_HEADER_STATUS]; request.onResponseStarted(); state.responseReceived = true; + stream.setTimeout(state.bodyTimeout); if (request.aborted) { releaseRequestStream(stream); return; @@ -9010,7 +9063,7 @@ var require_client_h2 = __commonJS({ const stream = this; const state = stream[kRequestStreamState]; releaseRequestStream(stream); - const err = new InformationalError(`HTTP/2: "stream timeout after ${state.requestTimeout}"`); + const err = state.responseReceived ? new BodyTimeoutError(`HTTP/2: "stream timeout after ${state.bodyTimeout}"`) : new HeadersTimeoutError(`HTTP/2: "headers timeout after ${state.headersTimeout}"`); state.abort(err); } __name(onTimeout, "onTimeout"); @@ -9293,6 +9346,13 @@ var require_client = __commonJS({ return client[kPipelining] ?? client[kHTTPContext]?.defaultPipelining ?? 1; } __name(getPipelining, "getPipelining"); + function getMaxConcurrent(client) { + if (client[kHTTPContext]?.version === "h2") { + return client[kMaxConcurrentStreams]; + } + return getPipelining(client); + } + __name(getMaxConcurrent, "getMaxConcurrent"); var Client = class extends DispatcherBase { static { __name(this, "Client"); @@ -9486,8 +9546,9 @@ var require_client = __commonJS({ return !!this[kHTTPContext] && !this[kConnecting] && !this[kHTTPContext].destroyed; } get [kBusy]() { + const allowsMux = this[kHTTPContext]?.version === "h2"; return Boolean( - this[kHTTPContext]?.busy(null) || this[kSize] >= (getPipelining(this) || 1) || this[kPending] > 0 + this[kHTTPContext]?.busy(null) || this[kSize] >= (getMaxConcurrent(this) || 1) || this[kPending] > 0 && !allowsMux ); } [kConnect](cb) { @@ -9716,7 +9777,7 @@ var require_client = __commonJS({ if (client[kPending] === 0) { return; } - if (client[kRunning] >= (getPipelining(client) || 1)) { + if (client[kRunning] >= (getMaxConcurrent(client) || 1)) { return; } const request = client[kQueue][client[kPendingIdx]]; @@ -12279,6 +12340,12 @@ var require_request2 = __commonJS({ /** @type {Headers} */ #headers; #state; + /** + * Removes the `abort` listener that makes this request's signal follow the + * passed signal. `null` when no such listener was registered. + * @type {(() => void) | null} + */ + #abortCleanup = null; // https://fetch.spec.whatwg.org/#dom-request constructor(input, init = void 0) { webidl.util.markAsUncloneable(this); @@ -12476,8 +12543,13 @@ var require_request2 = __commonJS({ if (abortSignalHasEventHandlerLeakWarning && getMaxListeners(signal) === defaultMaxListeners) { setMaxListeners(1500, signal); } - util.addAbortListener(signal, abort); + const removeAbortListener = util.addAbortListener(signal, abort); requestFinalizer.register(ac, { signal, abort }, abort); + this.#abortCleanup = () => { + requestFinalizer.unregister(abort); + removeAbortListener(); + this.#abortCleanup = null; + }; } } this.#headers = new Headers(kConstruct); @@ -12756,14 +12828,23 @@ var require_request2 = __commonJS({ static setRequestState(request, newState) { request.#state = newState; } + /** + * Removes the `abort` listener that makes this request's signal follow the + * signal passed to its constructor, if any. Idempotent. + * @param {Request} request + */ + static removeRequestAbortListener(request) { + request.#abortCleanup?.(); + } }; - var { setRequestSignal, getRequestDispatcher, setRequestDispatcher, setRequestHeaders, getRequestState, setRequestState } = Request; + var { setRequestSignal, getRequestDispatcher, setRequestDispatcher, setRequestHeaders, getRequestState, setRequestState, removeRequestAbortListener } = Request; Reflect.deleteProperty(Request, "setRequestSignal"); Reflect.deleteProperty(Request, "getRequestDispatcher"); Reflect.deleteProperty(Request, "setRequestDispatcher"); Reflect.deleteProperty(Request, "setRequestHeaders"); Reflect.deleteProperty(Request, "getRequestState"); Reflect.deleteProperty(Request, "setRequestState"); + Reflect.deleteProperty(Request, "removeRequestAbortListener"); mixinBody(Request, getRequestState); function makeRequest(init) { return { @@ -12960,7 +13041,8 @@ var require_request2 = __commonJS({ fromInnerRequest, cloneRequest, getRequestDispatcher, - getRequestState + getRequestState, + removeRequestAbortListener }; } }); @@ -13120,7 +13202,7 @@ var require_fetch = __commonJS({ getResponseState } = require_response(); var { HeadersList } = require_headers(); - var { Request, cloneRequest, getRequestDispatcher, getRequestState } = require_request2(); + var { Request, cloneRequest, getRequestDispatcher, getRequestState, removeRequestAbortListener } = require_request2(); var zlib = require("node:zlib"); var { makePolicyContainer, @@ -13262,7 +13344,7 @@ var require_fetch = __commonJS({ let responseObject = null; let locallyAborted = false; let controller = null; - addAbortListener( + const removeAbortListener = addAbortListener( requestObject.signal, () => { locallyAborted = true; @@ -13272,16 +13354,22 @@ var require_fetch = __commonJS({ abortFetch(p, request, realResponse, requestObject.signal.reason, controller.controller); } ); + const cleanupAbortListeners = /* @__PURE__ */ __name(() => { + removeAbortListener(); + removeRequestAbortListener(requestObject); + }, "cleanupAbortListeners"); const processResponse = /* @__PURE__ */ __name((response) => { if (locallyAborted) { return; } if (response.aborted) { abortFetch(p, request, responseObject, controller.serializedAbortReason, controller.controller); + cleanupAbortListeners(); return; } if (response.type === "error") { p.reject(new TypeError("fetch failed", { cause: response.error })); + cleanupAbortListeners(); return; } responseObject = new WeakRef(fromInnerResponse(response, "immutable")); @@ -13290,7 +13378,10 @@ var require_fetch = __commonJS({ }, "processResponse"); controller = fetching({ request, - processResponseEndOfBody: handleFetchDone, + processResponseEndOfBody: /* @__PURE__ */ __name((response) => { + handleFetchDone(response); + cleanupAbortListeners(); + }, "processResponseEndOfBody"), processResponse, dispatcher: getRequestDispatcher(requestObject), // undici diff --git a/src/undici_version.h b/src/undici_version.h index c2e57bda323fa5..438598cb5da9ac 100644 --- a/src/undici_version.h +++ b/src/undici_version.h @@ -2,5 +2,5 @@ // Refer to tools/dep_updaters/update-undici.sh #ifndef SRC_UNDICI_VERSION_H_ #define SRC_UNDICI_VERSION_H_ -#define UNDICI_VERSION "8.3.0" +#define UNDICI_VERSION "8.4.0" #endif // SRC_UNDICI_VERSION_H_