From 1d112461ad8dc99e5ff7fabb5177e8c2f89a9755 Mon Sep 17 00:00:00 2001
From: Darcy Clarke <darcy@darcyclarke.me>
Date: Tue, 25 Feb 2020 11:02:56 -0500
Subject: [PATCH] npm-registry-fetch@4.0.3

---
 node_modules/npm-registry-fetch/CHANGELOG.md | 11 +++++++
 node_modules/npm-registry-fetch/README.md    | 31 +++++++++++++++++--
 node_modules/npm-registry-fetch/config.js    |  4 ++-
 node_modules/npm-registry-fetch/index.js     | 32 ++++++++++++++------
 node_modules/npm-registry-fetch/package.json | 25 ++++++++-------
 package-lock.json                            |  6 ++--
 package.json                                 |  2 +-
 7 files changed, 83 insertions(+), 28 deletions(-)

diff --git a/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/npm-registry-fetch/CHANGELOG.md
index 8eee50a4790a3..3599c6b2fcac1 100644
--- a/node_modules/npm-registry-fetch/CHANGELOG.md
+++ b/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+<a name="4.0.3"></a>
+## [4.0.3](https://github.com/npm/registry-fetch/compare/v4.0.2...v4.0.3) (2020-02-13)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([ba8b4fe](https://github.com/npm/registry-fetch/commit/ba8b4fe))
+* use 30s default for timeout as per README ([69c2977](https://github.com/npm/registry-fetch/commit/69c2977)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+
+
 <a name="4.0.2"></a>
 ## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
 
diff --git a/node_modules/npm-registry-fetch/README.md b/node_modules/npm-registry-fetch/README.md
index 0c3f4f9469955..80ce64cda78ef 100644
--- a/node_modules/npm-registry-fetch/README.md
+++ b/node_modules/npm-registry-fetch/README.md
@@ -50,6 +50,25 @@ Happy hacking!
 
 ### API
 
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response.  In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
 #### <a name="fetch"></a> `> fetch(url, [opts]) -> Promise<Response>`
 
 Performs a request to a given URL.
@@ -391,6 +410,9 @@ Force offline mode: no network requests will be done during install. To allow
 This option is only really useful if you're also using
 [`opts.cache`](#opts-cache).
 
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
 ##### <a name="opts-otp"></a> `opts.otp`
 
 * Type: Number | String
@@ -402,7 +424,7 @@ account.
 
 ##### <a name="opts-password"></a> `opts.password`
 
-* Alias: _password
+* Alias: `_password`
 * Type: String
 * Default: null
 
@@ -432,6 +454,9 @@ will be requested from the server. To force full offline mode, use
 This option is generally only useful if you're also using
 [`opts.cache`](#opts-cache).
 
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
 ##### <a name="opts-prefer-online"></a> `opts.prefer-online`
 
 * Type: Boolean
@@ -443,6 +468,8 @@ for updates immediately even for fresh package data.
 This option is generally only useful if you're also using
 [`opts.cache`](#opts-cache).
 
+This option is set to `true` when the request includes `write=true` in the
+query string.
 
 ##### <a name="opts-project-scope"></a> `opts.project-scope`
 
@@ -606,4 +633,4 @@ See also [`opts.password`](#opts-password)
 * Default: null
 
 ** DEPRECATED ** This is a legacy authentication token supported only for
-*compatibility. Please use [`opts.token`](#opts-token) instead.
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/npm-registry-fetch/config.js b/node_modules/npm-registry-fetch/config.js
index 1c43b26eadd4c..d7be3f9b38a16 100644
--- a/node_modules/npm-registry-fetch/config.js
+++ b/node_modules/npm-registry-fetch/config.js
@@ -75,7 +75,9 @@ module.exports = figgyPudding({
   'scope': {},
   'spec': {},
   'strict-ssl': {},
-  'timeout': {},
+  'timeout': {
+    default: 30 * 1000
+  },
   'user-agent': {
     default: `${
       pkg.name
diff --git a/node_modules/npm-registry-fetch/index.js b/node_modules/npm-registry-fetch/index.js
index c18487388b269..9bd0ad32d7c9e 100644
--- a/node_modules/npm-registry-fetch/index.js
+++ b/node_modules/npm-registry-fetch/index.js
@@ -53,26 +53,38 @@ function regFetch (uri, opts) {
       })
     }
   }
-  if (opts.query) {
-    let q = opts.query
+
+  let q = opts.query
+  if (q) {
     if (typeof q === 'string') {
       q = qs.parse(q)
+    } else if (typeof q !== 'object') {
+      throw new TypeError('invalid query option, must be string or object')
     }
     Object.keys(q).forEach(key => {
       if (q[key] === undefined) {
         delete q[key]
       }
     })
-    if (Object.keys(q).length) {
-      const parsed = url.parse(uri)
-      parsed.search = '?' + qs.stringify(
-        parsed.query
-          ? Object.assign(qs.parse(parsed.query), q)
-          : q
-      )
-      uri = url.format(parsed)
+  }
+  const parsed = url.parse(uri)
+
+  const query = parsed.query ? Object.assign(qs.parse(parsed.query), q || {})
+    : Object.keys(q || {}).length ? q
+      : null
+
+  if (query) {
+    if (String(query.write) === 'true' && opts.method === 'GET') {
+      opts = opts.concat({
+        offline: false,
+        'prefer-offline': false,
+        'prefer-online': true
+      })
     }
+    parsed.search = '?' + qs.stringify(query)
+    uri = url.format(parsed)
   }
+
   return opts.Promise.resolve(body).then(body => fetch(uri, {
     agent: opts.agent,
     algorithms: opts.algorithms,
diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json
index 78e3100daa47f..ca6c5f90c6352 100644
--- a/node_modules/npm-registry-fetch/package.json
+++ b/node_modules/npm-registry-fetch/package.json
@@ -1,19 +1,19 @@
 {
-  "_from": "npm-registry-fetch@4.0.2",
-  "_id": "npm-registry-fetch@4.0.2",
+  "_from": "npm-registry-fetch@4.0.3",
+  "_id": "npm-registry-fetch@4.0.3",
   "_inBundle": false,
-  "_integrity": "sha512-Z0IFtPEozNdeZRPh3aHHxdG+ZRpzcbQaJLthsm3VhNf6DScicTFRHZzK82u8RsJUsUHkX+QH/zcB/5pmd20H4A==",
+  "_integrity": "sha512-WGvUx0lkKFhu9MbiGFuT9nG2NpfQ+4dCJwRwwtK2HK5izJEvwDxMeUyqbuMS7N/OkpVCqDorV6rO5E4V9F8lJw==",
   "_location": "/npm-registry-fetch",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "npm-registry-fetch@4.0.2",
+    "raw": "npm-registry-fetch@4.0.3",
     "name": "npm-registry-fetch",
     "escapedName": "npm-registry-fetch",
-    "rawSpec": "4.0.2",
+    "rawSpec": "4.0.3",
     "saveSpec": null,
-    "fetchSpec": "4.0.2"
+    "fetchSpec": "4.0.3"
   },
   "_requiredBy": [
     "#USER",
@@ -28,10 +28,10 @@
     "/npm-profile",
     "/pacote"
   ],
-  "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.2.tgz",
-  "_shasum": "2b1434f93ccbe6b6385f8e45f45db93e16921d7a",
-  "_spec": "npm-registry-fetch@4.0.2",
-  "_where": "/Users/mperrotte/npminc/cli",
+  "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.3.tgz",
+  "_shasum": "3c2179e39e04f9348b1c2979545951d36bee8766",
+  "_spec": "npm-registry-fetch@4.0.3",
+  "_where": "/Users/darcyclarke/Documents/Repos/npm/cli",
   "author": {
     "name": "Kat Marchán",
     "email": "kzm@sykosomatic.org"
@@ -86,6 +86,9 @@
   "license": "ISC",
   "main": "index.js",
   "name": "npm-registry-fetch",
+  "publishConfig": {
+    "tag": "latest-v4"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/npm/registry-fetch.git"
@@ -99,5 +102,5 @@
     "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
     "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
   },
-  "version": "4.0.2"
+  "version": "4.0.3"
 }
diff --git a/package-lock.json b/package-lock.json
index 29fc30d7f8106..4e459b379e226 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3884,9 +3884,9 @@
       }
     },
     "npm-registry-fetch": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.2.tgz",
-      "integrity": "sha512-Z0IFtPEozNdeZRPh3aHHxdG+ZRpzcbQaJLthsm3VhNf6DScicTFRHZzK82u8RsJUsUHkX+QH/zcB/5pmd20H4A==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.3.tgz",
+      "integrity": "sha512-WGvUx0lkKFhu9MbiGFuT9nG2NpfQ+4dCJwRwwtK2HK5izJEvwDxMeUyqbuMS7N/OkpVCqDorV6rO5E4V9F8lJw==",
       "requires": {
         "JSONStream": "^1.3.4",
         "bluebird": "^3.5.1",
diff --git a/package.json b/package.json
index c5ac60c46de74..52b8a9dc34aef 100644
--- a/package.json
+++ b/package.json
@@ -104,7 +104,7 @@
     "npm-packlist": "^1.4.8",
     "npm-pick-manifest": "^3.0.2",
     "npm-profile": "^4.0.2",
-    "npm-registry-fetch": "^4.0.2",
+    "npm-registry-fetch": "^4.0.3",
     "npm-user-validate": "~1.0.0",
     "npmlog": "~4.1.2",
     "once": "~1.4.0",