fix(security): fix proxy-Authorization header security issue (#3383)

Refs #3382

Author: char0n

README.md

@@ -57,8 +57,7 @@ Swagger Client Version | Release Date | OpenAPI Spec compatibility             |
 `swagger-client` requires Node.js `>=12.20.0` and uses different `fetch` implementation depending
 on Node.js version.
 
-- `>=12.20.0 <16.8` - [node-fetch@3](https://www.npmjs.com/package/node-fetch)
-- `>=16.8 <18` - [undici](https://www.npmjs.com/package/undici) 
+- `>=12.20.0 <18` - [node-fetch@3](https://www.npmjs.com/package/node-fetch) 
 - `>=18` - [native Node.js fetch](https://nodejs.org/dist/latest-v18.x/docs/api/globals.html#fetch)
 
 > NOTE: swagger-client minimum Node.js runtime version aligns with [Node.js Releases](https://nodejs.org/en/about/releases/)

package-lock.json

@@ -102,6 +102,7 @@
     "rimraf": "=5.0.5",
     "source-map-explorer": "^2.5.3",
     "terser-webpack-plugin": "^5.0.3",
+    "undici": "^5.28.3",
     "webpack": "=5.90.3",
     "webpack-bundle-size-analyzer": "=3.1.0",
     "webpack-cli": "=5.1.4",
@@ -119,11 +120,10 @@
     "fast-json-patch": "^3.0.0-1",
     "is-plain-object": "^5.0.0",
     "js-yaml": "^4.1.0",
-    "node-fetch-commonjs": "^3.3.1",
     "node-abort-controller": "^3.1.1",
+    "node-fetch-commonjs": "^3.3.2",
     "qs": "^6.10.2",
-    "traverse": "~0.6.6",
-    "undici": "^5.24.0"
+    "traverse": "~0.6.6"
   },
   "overrides": {
     "@swagger-api/apidom-reference": {

package.json

@@ -1,12 +1,3 @@
-import {
-  fetch as fetchU,
-  Headers as HeaderU,
-  Request as RequestU,
-  Response as ResponseU,
-  FormData as FormDataU,
-  File as FileU,
-  Blob as BlobU,
-} from './fetch-ponyfill-undici.node.js';
 import {
   fetch as fetchNF,
   Headers as HeadersNF,
@@ -18,23 +9,23 @@ import {
 } from './fetch-ponyfill-node-fetch.node.js';
 
 if (typeof globalThis.fetch === 'undefined') {
-  globalThis.fetch = fetchU || fetchNF;
+  globalThis.fetch = fetchNF;
 }
 if (typeof globalThis.Headers === 'undefined') {
-  globalThis.Headers = HeaderU || HeadersNF;
+  globalThis.Headers = HeadersNF;
 }
 if (typeof globalThis.Request === 'undefined') {
-  globalThis.Request = RequestU || RequestNF;
+  globalThis.Request = RequestNF;
 }
 if (typeof globalThis.Response === 'undefined') {
-  globalThis.Response = ResponseU || ResponseNF;
+  globalThis.Response = ResponseNF;
 }
 if (typeof globalThis.FormData === 'undefined') {
-  globalThis.FormData = FormDataU || FormDataNF;
+  globalThis.FormData = FormDataNF;
 }
 if (typeof globalThis.File === 'undefined') {
-  globalThis.File = FileU || FileNF;
+  globalThis.File = FileNF;
 }
 if (typeof globalThis.Blob === 'undefined') {
-  globalThis.Blob = BlobU || BlobNF;
+  globalThis.Blob = BlobNF;
 }

src/helpers/fetch-polyfill.node.js

@@ -1,17 +1,10 @@
+import { Blob } from 'node:buffer';
 import process from 'node:process';
 import http from 'node:http';
 import path from 'node:path';
 import fs from 'node:fs';
-
-import {
-  fetch,
-  Headers,
-  Request,
-  Response,
-  FormData,
-  File,
-  Blob,
-} from '../src/helpers/fetch-ponyfill-undici.node.js';
+import { ReadableStream } from 'node:stream/web';
+import { fetch, Headers, Request, Response, FormData, File } from 'undici';
 
 // force using undici for testing
 globalThis.fetch = fetch;
@@ -21,6 +14,7 @@ globalThis.Response = Response;
 globalThis.FormData = FormData;
 globalThis.File = File;
 globalThis.Blob = Blob;
+globalThis.ReadableStream = ReadableStream;
 
 // helpers for reading local files
 globalThis.loadFile = (uri) => fs.readFileSync(uri).toString();