Merge v5 into master

.eslintignore

@@ -0,0 +1,4 @@
+dist
+node_modules
+test
+jest.config.ts

.eslintrc.json

@@ -1,21 +1,22 @@
 {
-  "extends": ["plugin:prettier/recommended"],
+  "root": true,
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:@typescript-eslint/recommended-requiring-type-checking",
+    "plugin:prettier/recommended"
+  ],
+  "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "ecmaVersion": 6
+    "tsconfigRootDir": "./",
+    "project": ["tsconfig.json"]
   },
+  "reportUnusedDisableDirectives": true,
   "rules": {
-    "no-debugger": "error",
-    "no-var": "error",
-    "prefer-arrow-callback": "error",
-    "prefer-const": "error",
-    "prefer-template": "error",
-    "no-restricted-modules": ["error",
-      // we can't rely on node standard modules in "native" or "browser" environments
-      // - exceptions:
-      //     "punycode": since it's a package.json dependency
-      "assert", "buffer", "child_process", "cluster", "crypto", "dgram", "dns", "domain", "events", "freelist", "fs",
-      "http", "https", "module", "net", "os", "path", "querystring", "readline", "repl", "smalloc", "stream",
-      "string_decoder", "sys", "timers", "tls", "tracing", "tty", "url", "util", "vm", "zlib"
-    ]
+    // this is only needed because `createPromiseCallback` uses arguments to support the callback-style api
+    // we should strongly consider dropping the callback and sync api variants (in say v6) to reduce the
+    // surface area and complexity of tough-cookie
+    "prefer-rest-params": "warn",
+    "max-lines": ["warn", 500]
   }
 }

.github/workflows/integration.yaml

@@ -1,26 +1,28 @@
-name: Actions-CI 
+name: Actions-CI
 
 on:
   push:
-    branches: [ master ]
+    branches: [master, v5]
   pull_request:
-    branches: [ master ]
+    branches: [master, v5]
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
-        node-version: [14.x, 16.x]
+        node-version: [latest, lts/*, lts/-1]
 
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
+          cache: npm
       - name: Install dependencies and test
         run: npm install
       - run: npm test
+      - run: npm run eslint
+      - run: npm run prettier

.gitignore

@@ -5,7 +5,7 @@ npm-debug.log
 docker-compose.override.yml
 .nyc_output
 coverage
-package-lock.json
 .npm
 .config
 .bash_history
+dist/

.prettierignore

@@ -1 +1,2 @@
-lib/version.js
+dist
+test

.prettierrc

@@ -0,0 +1,5 @@
+{
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "all"
+}

CHANGELOG.md

@@ -2,4 +2,3 @@
 
 All notable changes to this project can be found at on the [Releases](https://github.com/salesforce/tough-cookie/releases)
 page.
-

CODE_OF_CONDUCT.md

@@ -8,8 +8,8 @@ culture where everyone feels included.
 
 Salesforce open-source projects are committed to providing a friendly, safe, and
 welcoming environment for all, regardless of gender identity and expression,
-sexual orientation, disability, physical appearance, body size, ethnicity, nationality, 
-race, age, religion, level of experience, education, socioeconomic status, or 
+sexual orientation, disability, physical appearance, body size, ethnicity, nationality,
+race, age, religion, level of experience, education, socioeconomic status, or
 other similar personal characteristics.
 
 The goal of this code of conduct is to specify a baseline standard of behavior so
@@ -25,33 +25,33 @@ Open Source Conduct Committee at [email protected].
 
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of gender 
-identity and expression, sexual orientation, disability, physical appearance, 
-body size, ethnicity, nationality, race, age, religion, level of experience, education, 
+our community a harassment-free experience for everyone, regardless of gender
+identity and expression, sexual orientation, disability, physical appearance,
+body size, ethnicity, nationality, race, age, religion, level of experience, education,
 socioeconomic status, or other similar personal characteristics.
 
 ## Our Standards
 
 Examples of behavior that contributes to creating a positive environment
 include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy toward other community members
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy toward other community members
 
 Examples of unacceptable behavior by participants include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Personal attacks, insulting/derogatory comments, or trolling
-* Public or private harassment
-* Publishing, or threatening to publish, others' private information—such as
-a physical or electronic address—without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-professional setting
-* Advocating for or encouraging any of the above behaviors
+- The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+- Personal attacks, insulting/derogatory comments, or trolling
+- Public or private harassment
+- Publishing, or threatening to publish, others' private information—such as
+  a physical or electronic address—without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+- Advocating for or encouraging any of the above behaviors
 
 ## Our Responsibilities
 
@@ -77,28 +77,28 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the Salesforce Open Source Conduct Committee 
-at [email protected]. All complaints will be reviewed and investigated 
-and will result in a response that is deemed necessary and appropriate to the 
-circumstances. The committee is obligated to maintain confidentiality with 
-regard to the reporter of an incident. Further details of specific enforcement 
+reported by contacting the Salesforce Open Source Conduct Committee
+at [email protected]. All complaints will be reviewed and investigated
+and will result in a response that is deemed necessary and appropriate to the
+circumstances. The committee is obligated to maintain confidentiality with
+regard to the reporter of an incident. Further details of specific enforcement
 policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership and the Salesforce Open Source Conduct 
+members of the project's leadership and the Salesforce Open Source Conduct
 Committee.
 
 ## Attribution
 
 This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant-home],
-version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html. 
-It includes adaptions and additions from [Go Community Code of Conduct][golang-coc], 
+version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html.
+It includes adaptions and additions from [Go Community Code of Conduct][golang-coc],
 [CNCF Code of Conduct][cncf-coc], and [Microsoft Open Source Code of Conduct][microsoft-coc].
 
 This Code of Conduct is licensed under the [Creative Commons Attribution 3.0 License][cc-by-3-us].
 
-[contributor-covenant-home]: https://www.contributor-covenant.org (https://www.contributor-covenant.org/)
+[contributor-covenant-home]: https://www.contributor-covenant.org 'https://www.contributor-covenant.org/'
 [golang-coc]: https://golang.org/conduct
 [cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
 [microsoft-coc]: https://opensource.microsoft.com/codeofconduct/

README.md

@@ -9,31 +9,31 @@
 ## Synopsis
 
 ```javascript
-var tough = require("tough-cookie");
-var Cookie = tough.Cookie;
-var cookie = Cookie.parse(header);
-cookie.value = "somethingdifferent";
-header = cookie.toString();
-var cookiejar = new tough.CookieJar();
+var tough = require('tough-cookie')
+var Cookie = tough.Cookie
+var cookie = Cookie.parse(header)
+cookie.value = 'somethingdifferent'
+header = cookie.toString()
+var cookiejar = new tough.CookieJar()
 
 // Asynchronous!
 var cookie = await cookiejar.setCookie(
   cookie,
-  "https://currentdomain.example.com/path"
-);
-var cookies = await cookiejar.getCookies("https://example.com/otherpath");
+  'https://currentdomain.example.com/path',
+)
+var cookies = await cookiejar.getCookies('https://example.com/otherpath')
 
 // Or with callbacks!
 cookiejar.setCookie(
   cookie,
-  "https://currentdomain.example.com/path",
+  'https://currentdomain.example.com/path',
   function (err, cookie) {
     /* ... */
-  }
-);
-cookiejar.getCookies("http://example.com/otherpath", function (err, cookies) {
+  },
+)
+cookiejar.getCookies('http://example.com/otherpath', function (err, cookies) {
   /* ... */
-});
+})
 ```
 
 Why the name? NPM modules `cookie`, `cookies` and `cookiejar` were already taken.
@@ -113,8 +113,8 @@ For use with `.sort()`, sorts a list of cookies into the recommended order given
 ```javascript
 var cookies = [
   /* unsorted array of Cookie objects */
-];
-cookies = cookies.sort(cookieCompare);
+]
+cookies = cookies.sort(cookieCompare)
 ```
 
 > **Note**: Since the JavaScript `Date` is limited to a 1-ms precision, cookies within the same millisecond are entirely possible. This is especially true when using the `now` option to `.setCookie()`. The `.creationIndex` property is a per-process global counter, assigned during construction with `new Cookie()`, which preserves the spirit of the RFC sorting: older cookies go first. This works great for `MemoryCookieStore` since `Set-Cookie` headers are parsed in order, but is not so great for distributed systems. Sophisticated `Store`s may wish to set this to some other _logical clock_ so that if cookies A and B are created in the same millisecond, but cookie A is created before cookie B, then `A.creationIndex < B.creationIndex`. If you want to alter the global counter, which you probably _shouldn't_ do, it's stored in `Cookie.cookiesCreated`.
@@ -144,9 +144,9 @@ If options is not an object it is ignored, which means it can be used with [`Arr
 To process the Set-Cookie header(s) on a node HTTP/HTTPS response:
 
 ```javascript
-if (Array.isArray(res.headers["set-cookie"]))
-  cookies = res.headers["set-cookie"].map(Cookie.parse);
-else cookies = [Cookie.parse(res.headers["set-cookie"])];
+if (Array.isArray(res.headers['set-cookie']))
+  cookies = res.headers['set-cookie'].map(Cookie.parse)
+else cookies = [Cookie.parse(res.headers['set-cookie'])]
 ```
 
 _Note:_ In version 2.3.3, tough-cookie limited the number of spaces before the `=` to 256 characters. This limitation was removed in version 2.3.4.

jest.config.ts

@@ -0,0 +1,10 @@
+import type { JestConfigWithTsJest } from "ts-jest";
+
+const config: JestConfigWithTsJest = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  rootDir: './lib/',
+  testPathIgnorePatterns: ['./lib/__tests__/data/'],
+}
+
+export default config

lib/__tests__/canonicalDomain.spec.ts

@@ -0,0 +1,44 @@
+import { canonicalDomain } from '../cookie/canonicalDomain'
+
+// port of tests/domain_and_path_test.js (canonicalDomain tests for domain normalization)
+describe('canonicalDomain', () => {
+  it.each([
+    {
+      description: 'already canonical',
+      input: 'example.com',
+      output: 'example.com',
+    },
+    {
+      description: 'simple',
+      input: 'EXAMPLE.com',
+      output: 'example.com',
+    },
+    {
+      description: 'leading dot stripped',
+      input: '.EXAMPLE.com',
+      output: 'example.com',
+    },
+    {
+      description: 'trailing dot',
+      input: 'EXAMPLE.com.',
+      output: 'example.com.',
+    },
+    {
+      description: 'leading and trailing dot',
+      input: '.EXAMPLE.com.',
+      output: 'example.com.',
+    },
+    {
+      description: 'internal dots',
+      input: '.EXAMPLE...com.',
+      output: 'example...com.',
+    },
+    {
+      description: 'IDN: test.test in greek',
+      input: 'δοκιμή.δοκιμή',
+      output: 'xn--jxalpdlp.xn--jxalpdlp',
+    },
+  ])('$description: $input → $output', ({ input, output }) => {
+    expect(canonicalDomain(input)).toBe(output)
+  })
+})