Security maintenance

.all-contributorsrc

@@ -41,7 +41,7 @@
   ],
   "contributorsPerLine": 7,
   "projectName": "httpie",
-  "projectOwner": "MyUnisoft",
+  "projectOwner": "OpenAlly",
   "repoType": "github",
   "repoHost": "https://github.com",
   "skipCi": true,

.github/dependabot.yml

@@ -4,6 +4,8 @@ updates:
     directory: /
     schedule:
       interval: monthly
+    cooldown:
+      default-days: 5
     groups:
       github-actions:
         patterns:
@@ -14,6 +16,8 @@ updates:
     versioning-strategy: widen
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 5
     groups:
       dependencies:
         dependency-type: "production"

.github/workflows/codeql.yml

@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/autobuild@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/node.js.yml

@@ -19,20 +19,20 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [20.x]
+        node-version: [24.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version: ${{ matrix.node-version }}
-    - run: npm i
+    - run: npm i --ignore-scripts
     - run: npm run build
     - run: npm test

.github/workflows/scorecard.yml

@@ -32,17 +32,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
         with:
           sarif_file: results.sarif

.gitignore

@@ -120,3 +120,4 @@ dist
 
 tmp/
 test/download
+nsecure-result.json

.npmrc

@@ -1 +1,3 @@
 package-lock=false
+ignore-scripts=true
+save-exact=true

README.md

@@ -8,20 +8,20 @@
 </p>
 
 <p align="center">
-    <a href="https://github.com/MyUnisoft/httpie">
-      <img src="https://img.shields.io/github/package-json/v/MyUnisoft/httpie?style=flat-square" alt="npm version">
+    <a href="https://github.com/OpenAlly/httpie">
+      <img src="https://img.shields.io/github/package-json/v/OpenAlly/httpie?style=flat-square" alt="npm version">
     </a>
-    <a href="https://github.com/MyUnisoft/httpie">
-      <img src="https://img.shields.io/github/license/MyUnisoft/httpie?style=flat-square" alt="license">
+    <a href="https://github.com/OpenAlly/httpie">
+      <img src="https://img.shields.io/github/license/OpenAlly/httpie?style=flat-square" alt="license">
     </a>
-    <a href="https://api.securityscorecards.dev/projects/github.com/MyUnisoft/httpie">
-      <img src="https://api.securityscorecards.dev/projects/github.com/MyUnisoft/httpie/badge" alt="ossf scorecard">
+    <a href="https://api.securityscorecards.dev/projects/github.com/OpenAlly/httpie">
+      <img src="https://api.securityscorecards.dev/projects/github.com/OpenAlly/httpie/badge" alt="ossf scorecard">
     </a>
-    <a href="https://github.com/MyUnisoft/httpie/actions?query=workflow%3A%22Node.js+CI%22">
-      <img src="https://img.shields.io/github/actions/workflow/status/MyUnisoft/httpie/node.js.yml" alt="github ci workflow">
+    <a href="https://github.com/OpenAlly/httpie/actions?query=workflow%3A%22Node.js+CI%22">
+      <img src="https://img.shields.io/github/actions/workflow/status/OpenAlly/httpie/node.js.yml" alt="github ci workflow">
     </a>
-    <a href="https://github.com/MyUnisoft/httpie">
-      <img src="https://img.shields.io/github/languages/code-size/MyUnisoft/httpie?style=flat-square" alt="size">
+    <a href="https://github.com/OpenAlly/httpie">
+      <img src="https://img.shields.io/github/languages/code-size/OpenAlly/httpie?style=flat-square" alt="size">
     </a>
 </p>
 
@@ -36,12 +36,11 @@ The package is inspired by lukeed [httpie](https://github.com/lukeed/httpie) (Th
 - Includes aliases for common HTTP verbs: `get`, `post`, `put`, `patch`, and `del`.
 - Able to automatically detect domains and paths to assign the right Agent (use a LRU cache to avoid repetitive computation).
 - Allows to use an accurate rate-limiter like `p-ratelimit` with the `limit` option.
-- Built-in retry mechanism with **custom policies**.
 - Safe error handling with Rust-like [Result](https://github.com/OpenAlly/npm-packages/tree/main/src/result).
 
 Thanks to undici:
 
-- Support [HTTP redirections](https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections) with the `maxRedirections` argument.
+- Support [redirections](https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections) or retry using interceptors.
 - Implement high-level API for undici **stream** and **pipeline** method.
 - High performance (see [benchmarks](https://undici.nodejs.org/#/?id=benchmarks)).
 - Work well with **newest** Node.js API [AbortController](https://nodejs.org/dist/latest-v16.x/docs/api/globals.html#globals_class_abortcontroller) to cancel http request.
@@ -51,24 +50,24 @@ Light with seriously maintained dependencies:
 ![](./docs/images/nodesecure.PNG)
 
 ## 🚧 Requirements
-- [Node.js](https://nodejs.org/en/) version 20 or higher
+- [Node.js](https://nodejs.org/en/) version 22 or higher
 
 ## 🚀 Getting Started
 
 This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
 
 ```bash
-$ npm i @myunisoft/httpie
+$ npm i @openally/httpie
 # or
-$ yarn add @myunisoft/httpie
+$ yarn add @openally/httpie
 ```
 
 ## 📚 Usage example
 
-The MyUnisoft httpie client is very similar to lukeed httpie http client.
+This client is very similar to lukeed httpie http client.
 
 ```js
-import * as httpie from "@myunisoft/httpie";
+import * as httpie from "@openally/httpie";
 
 try {
   const { data } = await httpie.get("https://jsonplaceholder.typicode.com/posts");
@@ -94,10 +93,10 @@ catch (error) {
 }
 ```
 
-Since v2.0.0 you can also use the `safe` prefix API to get a `Promise<Result<T, E>>`
+You can also use the `safe` prefix API to get a `Promise<Result<T, E>>`
 
 ```ts
-import * as httpie from "@myunisoft/httpie";
+import * as httpie from "@openally/httpie";
 
 const response = (await httpie.safePost("https://jsonplaceholder.typicode.com/posts", {
   body: {
@@ -111,19 +110,18 @@ const response = (await httpie.safePost("https://jsonplaceholder.typicode.com/po
   .unwrap();
 ```
 
-> 👀 For more examples of use please look at the root folder **examples**.
+> [!TIP]
+> More examples available in the root folder **examples**.
 
 ## 📜 API
 
 - [Request API](./docs/request.md)
-- [Retry API](./docs/retry.md)
 - [Work and manage Agents](./docs/agents.md)
 
 ## Error handling
 
 Read the [error documentation](./docs/errors.md).
 
-
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
@@ -138,9 +136,9 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
 <table>
   <tbody>
     <tr>
-      <td align="center" valign="top" width="14.28%"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt="Gentilhomme"/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/MyUnisoft/httpie/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/MyUnisoft/httpie/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/MyUnisoft/httpie/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/MyUnisoft/httpie/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/PierreDemailly"><img src="https://avatars.githubusercontent.com/u/39910767?v=4?s=100" width="100px;" alt="PierreDemailly"/><br /><sub><b>PierreDemailly</b></sub></a><br /><a href="https://github.com/MyUnisoft/httpie/commits?author=PierreDemailly" title="Code">💻</a> <a href="https://github.com/MyUnisoft/httpie/commits?author=PierreDemailly" title="Tests">⚠️</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="http://sofiand.github.io/portfolio-client/"><img src="https://avatars.githubusercontent.com/u/39944043?v=4?s=100" width="100px;" alt="Yefis"/><br /><sub><b>Yefis</b></sub></a><br /><a href="https://github.com/MyUnisoft/httpie/commits?author=SofianD" title="Code">💻</a> <a href="https://github.com/MyUnisoft/httpie/issues?q=author%3ASofianD" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt="Gentilhomme"/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/OpenAlly/httpie/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/OpenAlly/httpie/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/OpenAlly/httpie/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/OpenAlly/httpie/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/PierreDemailly"><img src="https://avatars.githubusercontent.com/u/39910767?v=4?s=100" width="100px;" alt="PierreDemailly"/><br /><sub><b>PierreDemailly</b></sub></a><br /><a href="https://github.com/OpenAlly/httpie/commits?author=PierreDemailly" title="Code">💻</a> <a href="https://github.com/OpenAlly/httpie/commits?author=PierreDemailly" title="Tests">⚠️</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://sofiand.github.io/portfolio-client/"><img src="https://avatars.githubusercontent.com/u/39944043?v=4?s=100" width="100px;" alt="Yefis"/><br /><sub><b>Yefis</b></sub></a><br /><a href="https://github.com/OpenAlly/httpie/commits?author=SofianD" title="Code">💻</a> <a href="https://github.com/OpenAlly/httpie/issues?q=author%3ASofianD" title="Bug reports">🐛</a></td>
     </tr>
   </tbody>
 </table>

SECURITY.md

@@ -1,4 +1,4 @@
 # Reporting Security Issues
-To report a security issue, please email `node@myunisoft.fr` with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+To report a security issue, please [publish a private security advisory](https://github.com/OpenAlly/httpie/security/advisories) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
 
 Our vulnerability management team will respond within one week to your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.

docs/agents.md

@@ -3,7 +3,7 @@
 Agents are custom constructs that are used to describe internal and external services.
 
 ```js
-import { agents } from "@myunisoft/httpie";
+import { agents } from "@openally/httpie";
 
 console.log(agents); // <- push a new agent in this Array
 ```
@@ -12,27 +12,19 @@ Those custom `agents` are described by the following TypeScript interface:
 ```ts
 export interface CustomHttpAgent {
   customPath: string;
-  domains: Set<string>;
+  origin: string;
   agent: Agent;
-  prod: string;
-  preprod: string;
-  dev: string;
 }
 ```
 
 Example with a test custom agent:
 ```ts
 export const test: CustomHttpAgent = {
   customPath: "test",
-  domains: new Set([
-    "test.domain.fr",
-  ]),
   agent: new Agent({
     connections: 30
   }),
-  prod: "",
-  preprod: "",
-  dev: "https://test.domain.fr"
+  origin: "https://test.domain.fr"
 };
 
 // Note: push it to the package agents list

docs/errors.md

@@ -13,14 +13,14 @@ interface HttpieError {
 
 ### isHttpieError
 
-The `isHttpieError` function can be used to find out weither the error is a `@myunisoft/httpie` or a `undici` error.
+The `isHttpieError` function can be used to find out weither the error is a `@openally/httpie` or a `undici` error.
 ```ts
 function isHttpieError(error: unknown): boolean;
 ```
 
 Example:
 ```ts
-import * as httpie from "@myunisoft/httpie";
+import * as httpie from "@openally/httpie";
 
 try {
   await httpie.request("GET", "127.0.0.1");
@@ -48,7 +48,7 @@ function isHTTPError(error: unknown): boolean;
 
 Example:
 ```ts
-import * as httpie from "@myunisoft/httpie";
+import * as httpie from "@openally/httpie";
 
 try {
   await httpie.request("GET", "127.0.0.1");

docs/request.md

@@ -7,8 +7,6 @@ The method **options** and **response** are described by the following TypeScrip
 type ModeOfHttpieResponseHandler = "decompress" | "parse" | "raw";
 
 export interface RequestOptions {
-  /** @default 0 */
-  maxRedirections?: number;
   /** @default{ "user-agent": "httpie" } */
   headers?: IncomingHttpHeaders;
   querystring?: string | URLSearchParams;
@@ -37,7 +35,7 @@ The first **method** argument take an [HTTP Verb](https://developer.mozilla.org/
 
 The options allow you to quickly authenticate and add additional headers:
 ```js
-import { request } from "@myunisoft/httpie";
+import { request } from "@openally/httpie";
 
 const { data } = await request("GET", "https://test.domain.fr/user/info", {
   authorization: "Token here",