Merge branch 'main' into on-start

.github/workflows/bench.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
           ref: ${{ github.base_ref }}
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
       - name: Setup Node
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
           ref: ${{ github.base_ref }}
@@ -77,7 +77,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
       - name: Setup Node

.github/workflows/codeql.yml

@@ -46,7 +46,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/fuzz.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
 

.github/workflows/nightly.yml

@@ -5,26 +5,40 @@ on:
   schedule:
     - cron: "0 10 * * *"
 
+permissions:
+  contents: read
+
 jobs:
-  test:
+  test-linux:
+    if: github.repository == 'nodejs/undici'
+    uses: ./.github/workflows/test.yml
+    with:
+      node-version: 22-nightly
+      runs-on: ubuntu-latest
+    secrets: inherit
+
+  test-windows:
+    if: github.repository == 'nodejs/undici'
+    uses: ./.github/workflows/test.yml
+    with:
+      node-version: 22-nightly
+      runs-on: windows-latest
+    secrets: inherit
+
+  test-macos:
     if: github.repository == 'nodejs/undici'
-    strategy:
-      fail-fast: false
-      max-parallel: 0
-      matrix:
-        runs-on:
-          - ubuntu-latest
-          - windows-latest
-          - macos-latest
     uses: ./.github/workflows/test.yml
     with:
       node-version: 22-nightly
-      runs-on: ${{ matrix.runs-on }}
+      runs-on: macos-latest
     secrets: inherit
 
   report-failure:
-    if: failure()
-    needs: test
+    if: ${{ always() && (needs.test-linux.result == 'failure' && needs.test-windows.result == 'failure' && needs.test-macos.result == 'failure') }}
+    needs:
+      - test-linux
+      - test-windows
+      - test-macos
     runs-on: ubuntu-latest
     permissions:
       issues: write

.github/workflows/nodejs.yml

@@ -23,7 +23,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
 
@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false          
 
@@ -69,13 +69,84 @@ jobs:
       runs-on: ${{ matrix.runs-on }}
     secrets: inherit
 
+  test-without-intl:
+    name: Test with Node.js ${{ matrix.version }} compiled --without-intl
+    strategy:
+      fail-fast: false
+      max-parallel: 0
+      matrix:
+        version: [20, 21]
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          persist-credentials: false
+
+      # Setup node, install deps, and build undici prior to building icu-less node and testing
+      - name: Setup Node.js@${{ inputs.version }}
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: ${{ inputs.version }}
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Build undici
+        run: npm run build:node
+
+      - name: Determine latest release
+        id: release
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          result-encoding: string
+          script: |
+            const req = await fetch('https://nodejs.org/download/release/index.json')
+            const releases = await req.json()
+
+            const latest = releases.find((r) => r.version.startsWith('v${{ matrix.version }}'))
+            return latest.version
+
+      - name: Download and extract source
+        run: curl https://nodejs.org/download/release/${{ steps.release.outputs.result }}/node-${{ steps.release.outputs.result }}.tar.xz | tar xfJ -
+
+      - name: Install ninja
+        run: sudo apt-get install ninja-build
+
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@faf867a11c028c0b483fb2ae72b6fc8f7d842714 #v1.2.12
+        with:
+          key: node${{ matrix.version }}
+
+      - name: Build node
+        working-directory: ./node-${{ steps.release.outputs.result }}
+        run: |
+          export CC="ccache gcc"
+          export CXX="ccache g++"
+          ./configure --without-intl --ninja --prefix=./final
+          make
+          make install
+          echo "$(pwd)/final/bin" >> $GITHUB_PATH
+
+      - name: Print version information
+        run: |
+          echo OS: $(node -p "os.version()")
+          echo Node.js: $(node --version)
+          echo npm: $(npm --version)
+          echo git: $(git --version)
+          echo icu config: $(node -e "console.log(process.config)" | grep icu)
+
+      - name: Run tests
+        run: npm run test:javascript:withoutintl
+
   test-types:
     name: Test TypeScript types
     timeout-minutes: 15
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false          
 
@@ -97,12 +168,12 @@ jobs:
       - dependency-review
       - test
       - test-types
+      - test-without-intl
       - lint
     runs-on: ubuntu-latest
     permissions:
       contents: write
       pull-requests: write
-      actions: write
     steps:
       - name: Merge Dependabot PR
         uses: fastify/github-action-merge-dependabot@9e7bfb249c69139d7bdcd8d984f9665edd49020b # v3.10.1

.github/workflows/publish-undici-types.yml

@@ -13,7 +13,7 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: lts/*

.github/workflows/scorecard.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
 

.github/workflows/test.yml

@@ -10,14 +10,17 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Test with Node.js ${{ inputs.node-version }} on ${{ inputs.runs-on }}
     timeout-minutes: 15
     runs-on: ${{ inputs.runs-on }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
           persist-credentials: false
 
@@ -48,6 +51,6 @@ jobs:
 
       - name: Coverage Report
         if: inputs.runs-on == 'ubuntu-latest' && inputs.node-version == 20
-        uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0
+        uses: codecov/codecov-action@c16abc29c95fcf9174b58eb7e1abf4c866893bc8 # v4.1.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

README.md

@@ -7,8 +7,12 @@ An HTTP/1.1 client, written from scratch for Node.js.
 > Undici means eleven in Italian. 1.1 -> 11 -> Eleven -> Undici.
 It is also a Stranger Things reference.
 
+## How to get involved
+
 Have a question about using Undici? Open a [Q&A Discussion](https://github.com/nodejs/undici/discussions/new) or join our official OpenJS [Slack](https://openjs-foundation.slack.com/archives/C01QF9Q31QD) channel.
 
+Looking to contribute? Start by reading the [contributing guide](./CONTRIBUTING.md)
+
 ## Install
 
 ```

benchmarks/fetch/bytes-match.mjs

@@ -0,0 +1,24 @@
+import { createHash } from 'node:crypto'
+import { bench, run } from 'mitata'
+import { bytesMatch } from '../../lib/web/fetch/util.js'
+
+const body = Buffer.from('Hello world!')
+const validSha256Base64 = `sha256-${createHash('sha256').update(body).digest('base64')}`
+const invalidSha256Base64 = `sha256-${createHash('sha256').update(body).digest('base64')}`
+const validSha256Base64Url = `sha256-${createHash('sha256').update(body).digest('base64url')}`
+const invalidSha256Base64Url = `sha256-${createHash('sha256').update(body).digest('base64url')}`
+
+bench('bytesMatch valid sha256 and base64', () => {
+  bytesMatch(body, validSha256Base64)
+})
+bench('bytesMatch invalid sha256 and base64', () => {
+  bytesMatch(body, invalidSha256Base64)
+})
+bench('bytesMatch valid sha256 and base64url', () => {
+  bytesMatch(body, validSha256Base64Url)
+})
+bench('bytesMatch invalid sha256 and base64url', () => {
+  bytesMatch(body, invalidSha256Base64Url)
+})
+
+await run()

lib/core/util.js

@@ -246,9 +246,6 @@ function bufferToLowerCasedHeaderName (value) {
  * @returns {Record<string, string | string[]>}
  */
 function parseHeaders (headers, obj) {
-  // For H2 support
-  if (!Array.isArray(headers)) return headers
-
   if (obj === undefined) obj = {}
   for (let i = 0; i < headers.length; i += 2) {
     const key = headerNameToString(headers[i])

lib/dispatcher/client-h2.js

@@ -79,6 +79,26 @@ const {
   }
 } = http2
 
+function parseH2Headers (headers) {
+  const result = []
+
+  for (const [name, value] of Object.entries(headers)) {
+    // h2 may concat the header value by array
+    // e.g. Set-Cookie
+    if (Array.isArray(value)) {
+      for (const subvalue of value) {
+        // we need to provide each header value of header name
+        // because the headers handler expect name-value pair
+        result.push(Buffer.from(name), Buffer.from(subvalue))
+      }
+    } else {
+      result.push(Buffer.from(name), Buffer.from(value))
+    }
+  }
+
+  return result
+}
+
 async function connectH2 (client, socket) {
   client[kSocket] = socket
 
@@ -414,7 +434,19 @@ function writeH2 (client, request) {
 
   stream.once('response', headers => {
     const { [HTTP2_HEADER_STATUS]: statusCode, ...realHeaders } = headers
-
+
+    // Due to the stream nature, it is possible we face a race condition
+    // where the stream has been assigned, but the request has been aborted
+    // the request remains in-flight and headers hasn't been received yet
+    // for those scenarios, best effort is to destroy the stream immediately
+    // as there's no value to keep it open.
+    if (request.aborted || request.completed) {
+      const err = new RequestAbortedError()
+      errorRequest(client, request, err)
+      util.destroy(stream, err)
+      return
+    }
+
     const resume = stream.resume.bind(stream)
 
     if (request.onStart(new Controller(stream)) === false) {

lib/handler/redirect-handler.js

@@ -205,9 +205,9 @@ function shouldRemoveHeader (header, removeContent, unknownOrigin) {
   if (removeContent && util.headerNameToString(header).startsWith('content-')) {
     return true
   }
-  if (unknownOrigin && (header.length === 13 || header.length === 6)) {
+  if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
     const name = util.headerNameToString(header)
-    return name === 'authorization' || name === 'cookie'
+    return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
   }
   return false
 }

lib/mock/pending-interceptors-formatter.js

@@ -3,6 +3,9 @@
 const { Transform } = require('node:stream')
 const { Console } = require('node:console')
 
+const PERSISTENT = process.versions.icu ? '✅' : 'Y '
+const NOT_PERSISTENT = process.versions.icu ? '❌' : 'N '
+
 /**
  * Gets the output of `console.table(…)` as a string.
  */
@@ -29,7 +32,7 @@ module.exports = class PendingInterceptorsFormatter {
         Origin: origin,
         Path: path,
         'Status code': statusCode,
-        Persistent: persist ? '✅' : '❌',
+        Persistent: persist ? PERSISTENT : NOT_PERSISTENT,
         Invocations: timesInvoked,
         Remaining: persist ? Infinity : times - timesInvoked
       }))