diff --git a/node_modules/.bin/mime b/node_modules/.bin/mime
new file mode 100644
index 0000000000000000000000000000000000000000..7751de3cbb456deecd25fb22c6f575bc7a78554d
--- /dev/null
+++ b/node_modules/.bin/mime
@@ -0,0 +1,16 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+ *CYGWIN*|*MINGW*|*MSYS*)
+ if command -v cygpath > /dev/null 2>&1; then
+ basedir=`cygpath -w "$basedir"`
+ fi
+ ;;
+esac
+
+if [ -x "$basedir/node" ]; then
+ exec "$basedir/node" "$basedir/../mime/cli.js" "$@"
+else
+ exec node "$basedir/../mime/cli.js" "$@"
+fi
diff --git a/node_modules/.bin/mime.cmd b/node_modules/.bin/mime.cmd
new file mode 100644
index 0000000000000000000000000000000000000000..54491f12e08014083099d3a46bf7b99f0ec22b56
--- /dev/null
+++ b/node_modules/.bin/mime.cmd
@@ -0,0 +1,17 @@
+@ECHO off
+GOTO start
+:find_dp0
+SET dp0=%~dp0
+EXIT /b
+:start
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+ SET "_prog=%dp0%\node.exe"
+) ELSE (
+ SET "_prog=node"
+ SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+endLocal & goto #_undefined_# 2>NUL || title %COMSPEC% & "%_prog%" "%dp0%\..\mime\cli.js" %*
diff --git a/node_modules/.bin/mime.ps1 b/node_modules/.bin/mime.ps1
new file mode 100644
index 0000000000000000000000000000000000000000..2222f40bcf2aca56c70178225cfe21cc31e2773f
--- /dev/null
+++ b/node_modules/.bin/mime.ps1
@@ -0,0 +1,28 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+ # Fix case when both the Windows and Linux builds of Node
+ # are installed in the same directory
+ $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+ # Support pipeline input
+ if ($MyInvocation.ExpectingInput) {
+ $input | & "$basedir/node$exe" "$basedir/../mime/cli.js" $args
+ } else {
+ & "$basedir/node$exe" "$basedir/../mime/cli.js" $args
+ }
+ $ret=$LASTEXITCODE
+} else {
+ # Support pipeline input
+ if ($MyInvocation.ExpectingInput) {
+ $input | & "node$exe" "$basedir/../mime/cli.js" $args
+ } else {
+ & "node$exe" "$basedir/../mime/cli.js" $args
+ }
+ $ret=$LASTEXITCODE
+}
+exit $ret
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index ff51816960c05fdb9758b6b1d2602bb110a75b02..e3b8737a25a599d924dddbb0ead63e63ab1db2a8 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -28,6 +28,18 @@
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
"integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
},
+ "node_modules/accepts": {
+ "version": "1.3.8",
+ "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+ "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+ "dependencies": {
+ "mime-types": "~2.1.34",
+ "negotiator": "0.6.3"
+ },
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/agent-base": {
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
@@ -86,6 +98,11 @@
"node": ">=10"
}
},
+ "node_modules/array-flatten": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+ "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+ },
"node_modules/aws-ssl-profiles": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/aws-ssl-profiles/-/aws-ssl-profiles-1.1.2.tgz",
@@ -213,6 +230,17 @@
"resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
"integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ=="
},
+ "node_modules/content-disposition": {
+ "version": "0.5.4",
+ "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+ "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+ "dependencies": {
+ "safe-buffer": "5.2.1"
+ },
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/content-type": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
@@ -314,6 +342,14 @@
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
},
+ "node_modules/encodeurl": {
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+ "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/es-define-property": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
@@ -341,6 +377,64 @@
"node": ">= 0.4"
}
},
+ "node_modules/escape-html": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+ "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+ },
+ "node_modules/etag": {
+ "version": "1.8.1",
+ "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+ "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/express": {
+ "version": "4.21.2",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+ "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+ "dependencies": {
+ "accepts": "~1.3.8",
+ "array-flatten": "1.1.1",
+ "body-parser": "1.20.3",
+ "content-disposition": "0.5.4",
+ "content-type": "~1.0.4",
+ "cookie": "0.7.1",
+ "cookie-signature": "1.0.6",
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "finalhandler": "1.3.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "merge-descriptors": "1.0.3",
+ "methods": "~1.1.2",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "path-to-regexp": "0.1.12",
+ "proxy-addr": "~2.0.7",
+ "qs": "6.13.0",
+ "range-parser": "~1.2.1",
+ "safe-buffer": "5.2.1",
+ "send": "0.19.0",
+ "serve-static": "1.16.2",
+ "setprototypeof": "1.2.0",
+ "statuses": "2.0.1",
+ "type-is": "~1.6.18",
+ "utils-merge": "1.0.1",
+ "vary": "~1.1.2"
+ },
+ "engines": {
+ "node": ">= 0.10.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express"
+ }
+ },
"node_modules/express-session": {
"version": "1.18.1",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.1.tgz",
@@ -359,6 +453,52 @@
"node": ">= 0.8.0"
}
},
+ "node_modules/express/node_modules/cookie": {
+ "version": "0.7.1",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+ "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/express/node_modules/cookie-signature": {
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+ "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
+ },
+ "node_modules/finalhandler": {
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+ "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
+ "dependencies": {
+ "debug": "2.6.9",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "statuses": "2.0.1",
+ "unpipe": "~1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
+ "node_modules/forwarded": {
+ "version": "0.2.0",
+ "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+ "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/fresh": {
+ "version": "0.5.2",
+ "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+ "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/fs-minipass": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
@@ -589,6 +729,14 @@
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
},
+ "node_modules/ipaddr.js": {
+ "version": "1.9.1",
+ "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+ "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+ "engines": {
+ "node": ">= 0.10"
+ }
+ },
"node_modules/is-fullwidth-code-point": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
@@ -667,6 +815,33 @@
"node": ">= 0.6"
}
},
+ "node_modules/merge-descriptors": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+ "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/methods": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+ "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/mime": {
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+ "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+ "bin": {
+ "mime": "cli.js"
+ },
+ "engines": {
+ "node": ">=4"
+ }
+ },
"node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -785,6 +960,14 @@
"node": ">=12.0.0"
}
},
+ "node_modules/negotiator": {
+ "version": "0.6.3",
+ "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+ "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/node-addon-api": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.1.0.tgz",
@@ -897,6 +1080,23 @@
"node": ">=0.10.0"
}
},
+ "node_modules/path-to-regexp": {
+ "version": "0.1.12",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+ "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
+ },
+ "node_modules/proxy-addr": {
+ "version": "2.0.7",
+ "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+ "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+ "dependencies": {
+ "forwarded": "0.2.0",
+ "ipaddr.js": "1.9.1"
+ },
+ "engines": {
+ "node": ">= 0.10"
+ }
+ },
"node_modules/qs": {
"version": "6.13.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
@@ -919,6 +1119,14 @@
"node": ">= 0.8"
}
},
+ "node_modules/range-parser": {
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+ "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/raw-body": {
"version": "2.5.2",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
@@ -996,11 +1204,61 @@
"node": ">=10"
}
},
+ "node_modules/send": {
+ "version": "0.19.0",
+ "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+ "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
+ "dependencies": {
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "destroy": "1.2.0",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "mime": "1.6.0",
+ "ms": "2.1.3",
+ "on-finished": "2.4.1",
+ "range-parser": "~1.2.1",
+ "statuses": "2.0.1"
+ },
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
+ "node_modules/send/node_modules/encodeurl": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
+ "node_modules/send/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+ },
"node_modules/seq-queue": {
"version": "0.0.5",
"resolved": "https://registry.npmjs.org/seq-queue/-/seq-queue-0.0.5.tgz",
"integrity": "sha512-hr3Wtp/GZIc/6DAGPDcV4/9WoZhjrkXsi5B/07QgX8tsdc6ilr7BFM6PM6rbdAX1kFSDYeZGLipIZZKyQP0O5Q=="
},
+ "node_modules/serve-static": {
+ "version": "1.16.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+ "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
+ "dependencies": {
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "parseurl": "~1.3.3",
+ "send": "0.19.0"
+ },
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
"node_modules/set-blocking": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -1197,6 +1455,22 @@
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
},
+ "node_modules/utils-merge": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+ "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+ "engines": {
+ "node": ">= 0.4.0"
+ }
+ },
+ "node_modules/vary": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+ "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/webidl-conversions": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
diff --git a/node_modules/accepts/HISTORY.md b/node_modules/accepts/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..cb5990c7c3620f4936a3ac42b3bf335c95eef7e8
--- /dev/null
+++ b/node_modules/accepts/HISTORY.md
@@ -0,0 +1,243 @@
+1.3.8 / 2022-02-02
+==================
+
+ * deps: mime-types@~2.1.34
+ - deps: mime-db@~1.51.0
+ * deps: negotiator@0.6.3
+
+1.3.7 / 2019-04-29
+==================
+
+ * deps: negotiator@0.6.2
+ - Fix sorting charset, encoding, and language with extra parameters
+
+1.3.6 / 2019-04-28
+==================
+
+ * deps: mime-types@~2.1.24
+ - deps: mime-db@~1.40.0
+
+1.3.5 / 2018-02-28
+==================
+
+ * deps: mime-types@~2.1.18
+ - deps: mime-db@~1.33.0
+
+1.3.4 / 2017-08-22
+==================
+
+ * deps: mime-types@~2.1.16
+ - deps: mime-db@~1.29.0
+
+1.3.3 / 2016-05-02
+==================
+
+ * deps: mime-types@~2.1.11
+ - deps: mime-db@~1.23.0
+ * deps: negotiator@0.6.1
+ - perf: improve `Accept` parsing speed
+ - perf: improve `Accept-Charset` parsing speed
+ - perf: improve `Accept-Encoding` parsing speed
+ - perf: improve `Accept-Language` parsing speed
+
+1.3.2 / 2016-03-08
+==================
+
+ * deps: mime-types@~2.1.10
+ - Fix extension of `application/dash+xml`
+ - Update primary extension for `audio/mp4`
+ - deps: mime-db@~1.22.0
+
+1.3.1 / 2016-01-19
+==================
+
+ * deps: mime-types@~2.1.9
+ - deps: mime-db@~1.21.0
+
+1.3.0 / 2015-09-29
+==================
+
+ * deps: mime-types@~2.1.7
+ - deps: mime-db@~1.19.0
+ * deps: negotiator@0.6.0
+ - Fix including type extensions in parameters in `Accept` parsing
+ - Fix parsing `Accept` parameters with quoted equals
+ - Fix parsing `Accept` parameters with quoted semicolons
+ - Lazy-load modules from main entry point
+ - perf: delay type concatenation until needed
+ - perf: enable strict mode
+ - perf: hoist regular expressions
+ - perf: remove closures getting spec properties
+ - perf: remove a closure from media type parsing
+ - perf: remove property delete from media type parsing
+
+1.2.13 / 2015-09-06
+===================
+
+ * deps: mime-types@~2.1.6
+ - deps: mime-db@~1.18.0
+
+1.2.12 / 2015-07-30
+===================
+
+ * deps: mime-types@~2.1.4
+ - deps: mime-db@~1.16.0
+
+1.2.11 / 2015-07-16
+===================
+
+ * deps: mime-types@~2.1.3
+ - deps: mime-db@~1.15.0
+
+1.2.10 / 2015-07-01
+===================
+
+ * deps: mime-types@~2.1.2
+ - deps: mime-db@~1.14.0
+
+1.2.9 / 2015-06-08
+==================
+
+ * deps: mime-types@~2.1.1
+ - perf: fix deopt during mapping
+
+1.2.8 / 2015-06-07
+==================
+
+ * deps: mime-types@~2.1.0
+ - deps: mime-db@~1.13.0
+ * perf: avoid argument reassignment & argument slice
+ * perf: avoid negotiator recursive construction
+ * perf: enable strict mode
+ * perf: remove unnecessary bitwise operator
+
+1.2.7 / 2015-05-10
+==================
+
+ * deps: negotiator@0.5.3
+ - Fix media type parameter matching to be case-insensitive
+
+1.2.6 / 2015-05-07
+==================
+
+ * deps: mime-types@~2.0.11
+ - deps: mime-db@~1.9.1
+ * deps: negotiator@0.5.2
+ - Fix comparing media types with quoted values
+ - Fix splitting media types with quoted commas
+
+1.2.5 / 2015-03-13
+==================
+
+ * deps: mime-types@~2.0.10
+ - deps: mime-db@~1.8.0
+
+1.2.4 / 2015-02-14
+==================
+
+ * Support Node.js 0.6
+ * deps: mime-types@~2.0.9
+ - deps: mime-db@~1.7.0
+ * deps: negotiator@0.5.1
+ - Fix preference sorting to be stable for long acceptable lists
+
+1.2.3 / 2015-01-31
+==================
+
+ * deps: mime-types@~2.0.8
+ - deps: mime-db@~1.6.0
+
+1.2.2 / 2014-12-30
+==================
+
+ * deps: mime-types@~2.0.7
+ - deps: mime-db@~1.5.0
+
+1.2.1 / 2014-12-30
+==================
+
+ * deps: mime-types@~2.0.5
+ - deps: mime-db@~1.3.1
+
+1.2.0 / 2014-12-19
+==================
+
+ * deps: negotiator@0.5.0
+ - Fix list return order when large accepted list
+ - Fix missing identity encoding when q=0 exists
+ - Remove dynamic building of Negotiator class
+
+1.1.4 / 2014-12-10
+==================
+
+ * deps: mime-types@~2.0.4
+ - deps: mime-db@~1.3.0
+
+1.1.3 / 2014-11-09
+==================
+
+ * deps: mime-types@~2.0.3
+ - deps: mime-db@~1.2.0
+
+1.1.2 / 2014-10-14
+==================
+
+ * deps: negotiator@0.4.9
+ - Fix error when media type has invalid parameter
+
+1.1.1 / 2014-09-28
+==================
+
+ * deps: mime-types@~2.0.2
+ - deps: mime-db@~1.1.0
+ * deps: negotiator@0.4.8
+ - Fix all negotiations to be case-insensitive
+ - Stable sort preferences of same quality according to client order
+
+1.1.0 / 2014-09-02
+==================
+
+ * update `mime-types`
+
+1.0.7 / 2014-07-04
+==================
+
+ * Fix wrong type returned from `type` when match after unknown extension
+
+1.0.6 / 2014-06-24
+==================
+
+ * deps: negotiator@0.4.7
+
+1.0.5 / 2014-06-20
+==================
+
+ * fix crash when unknown extension given
+
+1.0.4 / 2014-06-19
+==================
+
+ * use `mime-types`
+
+1.0.3 / 2014-06-11
+==================
+
+ * deps: negotiator@0.4.6
+ - Order by specificity when quality is the same
+
+1.0.2 / 2014-05-29
+==================
+
+ * Fix interpretation when header not in request
+ * deps: pin negotiator@0.4.5
+
+1.0.1 / 2014-01-18
+==================
+
+ * Identity encoding isn't always acceptable
+ * deps: negotiator@~0.4.0
+
+1.0.0 / 2013-12-27
+==================
+
+ * Genesis
diff --git a/node_modules/accepts/LICENSE b/node_modules/accepts/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..06166077be4d1f620d89b9eb33c76d89e75857da
--- /dev/null
+++ b/node_modules/accepts/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/accepts/README.md b/node_modules/accepts/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..82680c530c3886540f630f643990e2ec707319d1
--- /dev/null
+++ b/node_modules/accepts/README.md
@@ -0,0 +1,140 @@
+# accepts
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Higher level content negotiation based on [negotiator](https://www.npmjs.com/package/negotiator).
+Extracted from [koa](https://www.npmjs.com/package/koa) for general use.
+
+In addition to negotiator, it allows:
+
+- Allows types as an array or arguments list, ie `(['text/html', 'application/json'])`
+ as well as `('text/html', 'application/json')`.
+- Allows type shorthands such as `json`.
+- Returns `false` when no types match
+- Treats non-existent headers as `*`
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install accepts
+```
+
+## API
+
+```js
+var accepts = require('accepts')
+```
+
+### accepts(req)
+
+Create a new `Accepts` object for the given `req`.
+
+#### .charset(charsets)
+
+Return the first accepted charset. If nothing in `charsets` is accepted,
+then `false` is returned.
+
+#### .charsets()
+
+Return the charsets that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .encoding(encodings)
+
+Return the first accepted encoding. If nothing in `encodings` is accepted,
+then `false` is returned.
+
+#### .encodings()
+
+Return the encodings that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .language(languages)
+
+Return the first accepted language. If nothing in `languages` is accepted,
+then `false` is returned.
+
+#### .languages()
+
+Return the languages that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .type(types)
+
+Return the first accepted type (and it is returned as the same text as what
+appears in the `types` array). If nothing in `types` is accepted, then `false`
+is returned.
+
+The `types` array can contain full MIME types or file extensions. Any value
+that is not a full MIME types is passed to `require('mime-types').lookup`.
+
+#### .types()
+
+Return the types that the request accepts, in the order of the client's
+preference (most preferred first).
+
+## Examples
+
+### Simple type negotiation
+
+This simple example shows how to use `accepts` to return a different typed
+respond body based on what the client wants to accept. The server lists it's
+preferences in order and will get back the best match between the client and
+server.
+
+```js
+var accepts = require('accepts')
+var http = require('http')
+
+function app (req, res) {
+ var accept = accepts(req)
+
+ // the order of this list is significant; should be server preferred order
+ switch (accept.type(['json', 'html'])) {
+ case 'json':
+ res.setHeader('Content-Type', 'application/json')
+ res.write('{"hello":"world!"}')
+ break
+ case 'html':
+ res.setHeader('Content-Type', 'text/html')
+ res.write('<b>hello, world!</b>')
+ break
+ default:
+ // the fallback is text/plain, so no need to specify it above
+ res.setHeader('Content-Type', 'text/plain')
+ res.write('hello, world!')
+ break
+ }
+
+ res.end()
+}
+
+http.createServer(app).listen(3000)
+```
+
+You can test this out with the cURL program:
+```sh
+curl -I -H'Accept: text/html' http://localhost:3000/
+```
+
+## License
+
+[MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/accepts/master
+[coveralls-url]: https://coveralls.io/r/jshttp/accepts?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/jshttp/accepts/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/accepts/actions/workflows/ci.yml
+[node-version-image]: https://badgen.net/npm/node/accepts
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/accepts
+[npm-url]: https://npmjs.org/package/accepts
+[npm-version-image]: https://badgen.net/npm/v/accepts
diff --git a/node_modules/accepts/index.js b/node_modules/accepts/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..e9b2f63fb16f8ecdeb16c8eced302612794ccf65
--- /dev/null
+++ b/node_modules/accepts/index.js
@@ -0,0 +1,238 @@
+/*!
+ * accepts
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Negotiator = require('negotiator')
+var mime = require('mime-types')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Accepts
+
+/**
+ * Create a new Accepts object for the given req.
+ *
+ * @param {object} req
+ * @public
+ */
+
+function Accepts (req) {
+ if (!(this instanceof Accepts)) {
+ return new Accepts(req)
+ }
+
+ this.headers = req.headers
+ this.negotiator = new Negotiator(req)
+}
+
+/**
+ * Check if the given `type(s)` is acceptable, returning
+ * the best match when true, otherwise `undefined`, in which
+ * case you should respond with 406 "Not Acceptable".
+ *
+ * The `type` value may be a single mime type string
+ * such as "application/json", the extension name
+ * such as "json" or an array `["json", "html", "text/plain"]`. When a list
+ * or array is given the _best_ match, if any is returned.
+ *
+ * Examples:
+ *
+ * // Accept: text/html
+ * this.types('html');
+ * // => "html"
+ *
+ * // Accept: text/*, application/json
+ * this.types('html');
+ * // => "html"
+ * this.types('text/html');
+ * // => "text/html"
+ * this.types('json', 'text');
+ * // => "json"
+ * this.types('application/json');
+ * // => "application/json"
+ *
+ * // Accept: text/*, application/json
+ * this.types('image/png');
+ * this.types('png');
+ * // => undefined
+ *
+ * // Accept: text/*;q=.5, application/json
+ * this.types(['html', 'json']);
+ * this.types('html', 'json');
+ * // => "json"
+ *
+ * @param {String|Array} types...
+ * @return {String|Array|Boolean}
+ * @public
+ */
+
+Accepts.prototype.type =
+Accepts.prototype.types = function (types_) {
+ var types = types_
+
+ // support flattened arguments
+ if (types && !Array.isArray(types)) {
+ types = new Array(arguments.length)
+ for (var i = 0; i < types.length; i++) {
+ types[i] = arguments[i]
+ }
+ }
+
+ // no types, return all requested types
+ if (!types || types.length === 0) {
+ return this.negotiator.mediaTypes()
+ }
+
+ // no accept header, return first given type
+ if (!this.headers.accept) {
+ return types[0]
+ }
+
+ var mimes = types.map(extToMime)
+ var accepts = this.negotiator.mediaTypes(mimes.filter(validMime))
+ var first = accepts[0]
+
+ return first
+ ? types[mimes.indexOf(first)]
+ : false
+}
+
+/**
+ * Return accepted encodings or best fit based on `encodings`.
+ *
+ * Given `Accept-Encoding: gzip, deflate`
+ * an array sorted by quality is returned:
+ *
+ * ['gzip', 'deflate']
+ *
+ * @param {String|Array} encodings...
+ * @return {String|Array}
+ * @public
+ */
+
+Accepts.prototype.encoding =
+Accepts.prototype.encodings = function (encodings_) {
+ var encodings = encodings_
+
+ // support flattened arguments
+ if (encodings && !Array.isArray(encodings)) {
+ encodings = new Array(arguments.length)
+ for (var i = 0; i < encodings.length; i++) {
+ encodings[i] = arguments[i]
+ }
+ }
+
+ // no encodings, return all requested encodings
+ if (!encodings || encodings.length === 0) {
+ return this.negotiator.encodings()
+ }
+
+ return this.negotiator.encodings(encodings)[0] || false
+}
+
+/**
+ * Return accepted charsets or best fit based on `charsets`.
+ *
+ * Given `Accept-Charset: utf-8, iso-8859-1;q=0.2, utf-7;q=0.5`
+ * an array sorted by quality is returned:
+ *
+ * ['utf-8', 'utf-7', 'iso-8859-1']
+ *
+ * @param {String|Array} charsets...
+ * @return {String|Array}
+ * @public
+ */
+
+Accepts.prototype.charset =
+Accepts.prototype.charsets = function (charsets_) {
+ var charsets = charsets_
+
+ // support flattened arguments
+ if (charsets && !Array.isArray(charsets)) {
+ charsets = new Array(arguments.length)
+ for (var i = 0; i < charsets.length; i++) {
+ charsets[i] = arguments[i]
+ }
+ }
+
+ // no charsets, return all requested charsets
+ if (!charsets || charsets.length === 0) {
+ return this.negotiator.charsets()
+ }
+
+ return this.negotiator.charsets(charsets)[0] || false
+}
+
+/**
+ * Return accepted languages or best fit based on `langs`.
+ *
+ * Given `Accept-Language: en;q=0.8, es, pt`
+ * an array sorted by quality is returned:
+ *
+ * ['es', 'pt', 'en']
+ *
+ * @param {String|Array} langs...
+ * @return {Array|String}
+ * @public
+ */
+
+Accepts.prototype.lang =
+Accepts.prototype.langs =
+Accepts.prototype.language =
+Accepts.prototype.languages = function (languages_) {
+ var languages = languages_
+
+ // support flattened arguments
+ if (languages && !Array.isArray(languages)) {
+ languages = new Array(arguments.length)
+ for (var i = 0; i < languages.length; i++) {
+ languages[i] = arguments[i]
+ }
+ }
+
+ // no languages, return all requested languages
+ if (!languages || languages.length === 0) {
+ return this.negotiator.languages()
+ }
+
+ return this.negotiator.languages(languages)[0] || false
+}
+
+/**
+ * Convert extnames to mime.
+ *
+ * @param {String} type
+ * @return {String}
+ * @private
+ */
+
+function extToMime (type) {
+ return type.indexOf('/') === -1
+ ? mime.lookup(type)
+ : type
+}
+
+/**
+ * Check if mime is valid.
+ *
+ * @param {String} type
+ * @return {String}
+ * @private
+ */
+
+function validMime (type) {
+ return typeof type === 'string'
+}
diff --git a/node_modules/accepts/package.json b/node_modules/accepts/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..0f2d15da92b29d328f4da484f494c5442c711b4d
--- /dev/null
+++ b/node_modules/accepts/package.json
@@ -0,0 +1,47 @@
+{
+ "name": "accepts",
+ "description": "Higher-level content negotiation",
+ "version": "1.3.8",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+ ],
+ "license": "MIT",
+ "repository": "jshttp/accepts",
+ "dependencies": {
+ "mime-types": "~2.1.34",
+ "negotiator": "0.6.3"
+ },
+ "devDependencies": {
+ "deep-equal": "1.0.1",
+ "eslint": "7.32.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.25.4",
+ "eslint-plugin-markdown": "2.2.1",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "4.3.1",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "9.2.0",
+ "nyc": "15.1.0"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --check-leaks --bail test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test"
+ },
+ "keywords": [
+ "content",
+ "negotiation",
+ "accept",
+ "accepts"
+ ]
+}
diff --git a/node_modules/array-flatten/LICENSE b/node_modules/array-flatten/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..983fbe8aec3f4e2d4add592bb1083b00d7366f66
--- /dev/null
+++ b/node_modules/array-flatten/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/node_modules/array-flatten/README.md b/node_modules/array-flatten/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..91fa5b637ec2d2a492d6b5c4bf9ba2e76ff2f352
--- /dev/null
+++ b/node_modules/array-flatten/README.md
@@ -0,0 +1,43 @@
+# Array Flatten
+
+[![NPM version][npm-image]][npm-url]
+[![NPM downloads][downloads-image]][downloads-url]
+[![Build status][travis-image]][travis-url]
+[![Test coverage][coveralls-image]][coveralls-url]
+
+> Flatten an array of nested arrays into a single flat array. Accepts an optional depth.
+
+## Installation
+
+```
+npm install array-flatten --save
+```
+
+## Usage
+
+```javascript
+var flatten = require('array-flatten')
+
+flatten([1, [2, [3, [4, [5], 6], 7], 8], 9])
+//=> [1, 2, 3, 4, 5, 6, 7, 8, 9]
+
+flatten([1, [2, [3, [4, [5], 6], 7], 8], 9], 2)
+//=> [1, 2, 3, [4, [5], 6], 7, 8, 9]
+
+(function () {
+ flatten(arguments) //=> [1, 2, 3]
+})(1, [2, 3])
+```
+
+## License
+
+MIT
+
+[npm-image]: https://img.shields.io/npm/v/array-flatten.svg?style=flat
+[npm-url]: https://npmjs.org/package/array-flatten
+[downloads-image]: https://img.shields.io/npm/dm/array-flatten.svg?style=flat
+[downloads-url]: https://npmjs.org/package/array-flatten
+[travis-image]: https://img.shields.io/travis/blakeembrey/array-flatten.svg?style=flat
+[travis-url]: https://travis-ci.org/blakeembrey/array-flatten
+[coveralls-image]: https://img.shields.io/coveralls/blakeembrey/array-flatten.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/blakeembrey/array-flatten?branch=master
diff --git a/node_modules/array-flatten/array-flatten.js b/node_modules/array-flatten/array-flatten.js
new file mode 100644
index 0000000000000000000000000000000000000000..089117b322f5857b8bb6bccf7a659686aca067c0
--- /dev/null
+++ b/node_modules/array-flatten/array-flatten.js
@@ -0,0 +1,64 @@
+'use strict'
+
+/**
+ * Expose `arrayFlatten`.
+ */
+module.exports = arrayFlatten
+
+/**
+ * Recursive flatten function with depth.
+ *
+ * @param {Array} array
+ * @param {Array} result
+ * @param {Number} depth
+ * @return {Array}
+ */
+function flattenWithDepth (array, result, depth) {
+ for (var i = 0; i < array.length; i++) {
+ var value = array[i]
+
+ if (depth > 0 && Array.isArray(value)) {
+ flattenWithDepth(value, result, depth - 1)
+ } else {
+ result.push(value)
+ }
+ }
+
+ return result
+}
+
+/**
+ * Recursive flatten function. Omitting depth is slightly faster.
+ *
+ * @param {Array} array
+ * @param {Array} result
+ * @return {Array}
+ */
+function flattenForever (array, result) {
+ for (var i = 0; i < array.length; i++) {
+ var value = array[i]
+
+ if (Array.isArray(value)) {
+ flattenForever(value, result)
+ } else {
+ result.push(value)
+ }
+ }
+
+ return result
+}
+
+/**
+ * Flatten an array, with the ability to define a depth.
+ *
+ * @param {Array} array
+ * @param {Number} depth
+ * @return {Array}
+ */
+function arrayFlatten (array, depth) {
+ if (depth == null) {
+ return flattenForever(array, [])
+ }
+
+ return flattenWithDepth(array, [], depth)
+}
diff --git a/node_modules/array-flatten/package.json b/node_modules/array-flatten/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..1a24e2a1a1d3fbd694b77bf6673ab1e1c2fd5043
--- /dev/null
+++ b/node_modules/array-flatten/package.json
@@ -0,0 +1,39 @@
+{
+ "name": "array-flatten",
+ "version": "1.1.1",
+ "description": "Flatten an array of nested arrays into a single flat array",
+ "main": "array-flatten.js",
+ "files": [
+ "array-flatten.js",
+ "LICENSE"
+ ],
+ "scripts": {
+ "test": "istanbul cover _mocha -- -R spec"
+ },
+ "repository": {
+ "type": "git",
+ "url": "git://github.com/blakeembrey/array-flatten.git"
+ },
+ "keywords": [
+ "array",
+ "flatten",
+ "arguments",
+ "depth"
+ ],
+ "author": {
+ "name": "Blake Embrey",
+ "email": "hello@blakeembrey.com",
+ "url": "http://blakeembrey.me"
+ },
+ "license": "MIT",
+ "bugs": {
+ "url": "https://github.com/blakeembrey/array-flatten/issues"
+ },
+ "homepage": "https://github.com/blakeembrey/array-flatten",
+ "devDependencies": {
+ "istanbul": "^0.3.13",
+ "mocha": "^2.2.4",
+ "pre-commit": "^1.0.7",
+ "standard": "^3.7.3"
+ }
+}
diff --git a/node_modules/content-disposition/HISTORY.md b/node_modules/content-disposition/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..488effa0c9440f4e214102980665781a62ba7059
--- /dev/null
+++ b/node_modules/content-disposition/HISTORY.md
@@ -0,0 +1,60 @@
+0.5.4 / 2021-12-10
+==================
+
+ * deps: safe-buffer@5.2.1
+
+0.5.3 / 2018-12-17
+==================
+
+ * Use `safe-buffer` for improved Buffer API
+
+0.5.2 / 2016-12-08
+==================
+
+ * Fix `parse` to accept any linear whitespace character
+
+0.5.1 / 2016-01-17
+==================
+
+ * perf: enable strict mode
+
+0.5.0 / 2014-10-11
+==================
+
+ * Add `parse` function
+
+0.4.0 / 2014-09-21
+==================
+
+ * Expand non-Unicode `filename` to the full ISO-8859-1 charset
+
+0.3.0 / 2014-09-20
+==================
+
+ * Add `fallback` option
+ * Add `type` option
+
+0.2.0 / 2014-09-19
+==================
+
+ * Reduce ambiguity of file names with hex escape in buggy browsers
+
+0.1.2 / 2014-09-19
+==================
+
+ * Fix periodic invalid Unicode filename header
+
+0.1.1 / 2014-09-19
+==================
+
+ * Fix invalid characters appearing in `filename*` parameter
+
+0.1.0 / 2014-09-18
+==================
+
+ * Make the `filename` argument optional
+
+0.0.0 / 2014-09-18
+==================
+
+ * Initial release
diff --git a/node_modules/content-disposition/LICENSE b/node_modules/content-disposition/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..84441fbb5709262c2bfc9b5ff0166ad4f024a1b8
--- /dev/null
+++ b/node_modules/content-disposition/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/content-disposition/README.md b/node_modules/content-disposition/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3a0bb055949cdaed008f0f85e111624214213873
--- /dev/null
+++ b/node_modules/content-disposition/README.md
@@ -0,0 +1,142 @@
+# content-disposition
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Create and parse HTTP `Content-Disposition` header
+
+## Installation
+
+```sh
+$ npm install content-disposition
+```
+
+## API
+
+```js
+var contentDisposition = require('content-disposition')
+```
+
+### contentDisposition(filename, options)
+
+Create an attachment `Content-Disposition` header value using the given file name,
+if supplied. The `filename` is optional and if no file name is desired, but you
+want to specify `options`, set `filename` to `undefined`.
+
+```js
+res.setHeader('Content-Disposition', contentDisposition('∫ maths.pdf'))
+```
+
+**note** HTTP headers are of the ISO-8859-1 character set. If you are writing this
+header through a means different from `setHeader` in Node.js, you'll want to specify
+the `'binary'` encoding in Node.js.
+
+#### Options
+
+`contentDisposition` accepts these properties in the options object.
+
+##### fallback
+
+If the `filename` option is outside ISO-8859-1, then the file name is actually
+stored in a supplemental field for clients that support Unicode file names and
+a ISO-8859-1 version of the file name is automatically generated.
+
+This specifies the ISO-8859-1 file name to override the automatic generation or
+disables the generation all together, defaults to `true`.
+
+ - A string will specify the ISO-8859-1 file name to use in place of automatic
+ generation.
+ - `false` will disable including a ISO-8859-1 file name and only include the
+ Unicode version (unless the file name is already ISO-8859-1).
+ - `true` will enable automatic generation if the file name is outside ISO-8859-1.
+
+If the `filename` option is ISO-8859-1 and this option is specified and has a
+different value, then the `filename` option is encoded in the extended field
+and this set as the fallback field, even though they are both ISO-8859-1.
+
+##### type
+
+Specifies the disposition type, defaults to `"attachment"`. This can also be
+`"inline"`, or any other value (all values except inline are treated like
+`attachment`, but can convey additional information if both parties agree to
+it). The type is normalized to lower-case.
+
+### contentDisposition.parse(string)
+
+```js
+var disposition = contentDisposition.parse('attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt')
+```
+
+Parse a `Content-Disposition` header string. This automatically handles extended
+("Unicode") parameters by decoding them and providing them under the standard
+parameter name. This will return an object with the following properties (examples
+are shown for the string `'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt'`):
+
+ - `type`: The disposition type (always lower case). Example: `'attachment'`
+
+ - `parameters`: An object of the parameters in the disposition (name of parameter
+ always lower case and extended versions replace non-extended versions). Example:
+ `{filename: "€ rates.txt"}`
+
+## Examples
+
+### Send a file for download
+
+```js
+var contentDisposition = require('content-disposition')
+var destroy = require('destroy')
+var fs = require('fs')
+var http = require('http')
+var onFinished = require('on-finished')
+
+var filePath = '/path/to/public/plans.pdf'
+
+http.createServer(function onRequest (req, res) {
+ // set headers
+ res.setHeader('Content-Type', 'application/pdf')
+ res.setHeader('Content-Disposition', contentDisposition(filePath))
+
+ // send file
+ var stream = fs.createReadStream(filePath)
+ stream.pipe(res)
+ onFinished(res, function () {
+ destroy(stream)
+ })
+})
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## References
+
+- [RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1][rfc-2616]
+- [RFC 5987: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters][rfc-5987]
+- [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)][rfc-6266]
+- [Test Cases for HTTP Content-Disposition header field (RFC 6266) and the Encodings defined in RFCs 2047, 2231 and 5987][tc-2231]
+
+[rfc-2616]: https://tools.ietf.org/html/rfc2616
+[rfc-5987]: https://tools.ietf.org/html/rfc5987
+[rfc-6266]: https://tools.ietf.org/html/rfc6266
+[tc-2231]: http://greenbytes.de/tech/tc2231/
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/content-disposition.svg
+[npm-url]: https://npmjs.org/package/content-disposition
+[node-version-image]: https://img.shields.io/node/v/content-disposition.svg
+[node-version-url]: https://nodejs.org/en/download
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/content-disposition.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/content-disposition?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/content-disposition.svg
+[downloads-url]: https://npmjs.org/package/content-disposition
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/content-disposition/ci/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/content-disposition?query=workflow%3Aci
diff --git a/node_modules/content-disposition/index.js b/node_modules/content-disposition/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..ecec899a992d46f2e903a87475b1c342f2ce4d30
--- /dev/null
+++ b/node_modules/content-disposition/index.js
@@ -0,0 +1,458 @@
+/*!
+ * content-disposition
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = contentDisposition
+module.exports.parse = parse
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var basename = require('path').basename
+var Buffer = require('safe-buffer').Buffer
+
+/**
+ * RegExp to match non attr-char, *after* encodeURIComponent (i.e. not including "%")
+ * @private
+ */
+
+var ENCODE_URL_ATTR_CHAR_REGEXP = /[\x00-\x20"'()*,/:;<=>?@[\\\]{}\x7f]/g // eslint-disable-line no-control-regex
+
+/**
+ * RegExp to match percent encoding escape.
+ * @private
+ */
+
+var HEX_ESCAPE_REGEXP = /%[0-9A-Fa-f]{2}/
+var HEX_ESCAPE_REPLACE_REGEXP = /%([0-9A-Fa-f]{2})/g
+
+/**
+ * RegExp to match non-latin1 characters.
+ * @private
+ */
+
+var NON_LATIN1_REGEXP = /[^\x20-\x7e\xa0-\xff]/g
+
+/**
+ * RegExp to match quoted-pair in RFC 2616
+ *
+ * quoted-pair = "\" CHAR
+ * CHAR = <any US-ASCII character (octets 0 - 127)>
+ * @private
+ */
+
+var QESC_REGEXP = /\\([\u0000-\u007f])/g // eslint-disable-line no-control-regex
+
+/**
+ * RegExp to match chars that must be quoted-pair in RFC 2616
+ * @private
+ */
+
+var QUOTE_REGEXP = /([\\"])/g
+
+/**
+ * RegExp for various RFC 2616 grammar
+ *
+ * parameter = token "=" ( token | quoted-string )
+ * token = 1*<any CHAR except CTLs or separators>
+ * separators = "(" | ")" | "<" | ">" | "@"
+ * | "," | ";" | ":" | "\" | <">
+ * | "/" | "[" | "]" | "?" | "="
+ * | "{" | "}" | SP | HT
+ * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
+ * qdtext = <any TEXT except <">>
+ * quoted-pair = "\" CHAR
+ * CHAR = <any US-ASCII character (octets 0 - 127)>
+ * TEXT = <any OCTET except CTLs, but including LWS>
+ * LWS = [CRLF] 1*( SP | HT )
+ * CRLF = CR LF
+ * CR = <US-ASCII CR, carriage return (13)>
+ * LF = <US-ASCII LF, linefeed (10)>
+ * SP = <US-ASCII SP, space (32)>
+ * HT = <US-ASCII HT, horizontal-tab (9)>
+ * CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+ * OCTET = <any 8-bit sequence of data>
+ * @private
+ */
+
+var PARAM_REGEXP = /;[\x09\x20]*([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*=[\x09\x20]*("(?:[\x20!\x23-\x5b\x5d-\x7e\x80-\xff]|\\[\x20-\x7e])*"|[!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*/g // eslint-disable-line no-control-regex
+var TEXT_REGEXP = /^[\x20-\x7e\x80-\xff]+$/
+var TOKEN_REGEXP = /^[!#$%&'*+.0-9A-Z^_`a-z|~-]+$/
+
+/**
+ * RegExp for various RFC 5987 grammar
+ *
+ * ext-value = charset "'" [ language ] "'" value-chars
+ * charset = "UTF-8" / "ISO-8859-1" / mime-charset
+ * mime-charset = 1*mime-charsetc
+ * mime-charsetc = ALPHA / DIGIT
+ * / "!" / "#" / "$" / "%" / "&"
+ * / "+" / "-" / "^" / "_" / "`"
+ * / "{" / "}" / "~"
+ * language = ( 2*3ALPHA [ extlang ] )
+ * / 4ALPHA
+ * / 5*8ALPHA
+ * extlang = *3( "-" 3ALPHA )
+ * value-chars = *( pct-encoded / attr-char )
+ * pct-encoded = "%" HEXDIG HEXDIG
+ * attr-char = ALPHA / DIGIT
+ * / "!" / "#" / "$" / "&" / "+" / "-" / "."
+ * / "^" / "_" / "`" / "|" / "~"
+ * @private
+ */
+
+var EXT_VALUE_REGEXP = /^([A-Za-z0-9!#$%&+\-^_`{}~]+)'(?:[A-Za-z]{2,3}(?:-[A-Za-z]{3}){0,3}|[A-Za-z]{4,8}|)'((?:%[0-9A-Fa-f]{2}|[A-Za-z0-9!#$&+.^_`|~-])+)$/
+
+/**
+ * RegExp for various RFC 6266 grammar
+ *
+ * disposition-type = "inline" | "attachment" | disp-ext-type
+ * disp-ext-type = token
+ * disposition-parm = filename-parm | disp-ext-parm
+ * filename-parm = "filename" "=" value
+ * | "filename*" "=" ext-value
+ * disp-ext-parm = token "=" value
+ * | ext-token "=" ext-value
+ * ext-token = <the characters in token, followed by "*">
+ * @private
+ */
+
+var DISPOSITION_TYPE_REGEXP = /^([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*(?:$|;)/ // eslint-disable-line no-control-regex
+
+/**
+ * Create an attachment Content-Disposition header.
+ *
+ * @param {string} [filename]
+ * @param {object} [options]
+ * @param {string} [options.type=attachment]
+ * @param {string|boolean} [options.fallback=true]
+ * @return {string}
+ * @public
+ */
+
+function contentDisposition (filename, options) {
+ var opts = options || {}
+
+ // get type
+ var type = opts.type || 'attachment'
+
+ // get parameters
+ var params = createparams(filename, opts.fallback)
+
+ // format into string
+ return format(new ContentDisposition(type, params))
+}
+
+/**
+ * Create parameters object from filename and fallback.
+ *
+ * @param {string} [filename]
+ * @param {string|boolean} [fallback=true]
+ * @return {object}
+ * @private
+ */
+
+function createparams (filename, fallback) {
+ if (filename === undefined) {
+ return
+ }
+
+ var params = {}
+
+ if (typeof filename !== 'string') {
+ throw new TypeError('filename must be a string')
+ }
+
+ // fallback defaults to true
+ if (fallback === undefined) {
+ fallback = true
+ }
+
+ if (typeof fallback !== 'string' && typeof fallback !== 'boolean') {
+ throw new TypeError('fallback must be a string or boolean')
+ }
+
+ if (typeof fallback === 'string' && NON_LATIN1_REGEXP.test(fallback)) {
+ throw new TypeError('fallback must be ISO-8859-1 string')
+ }
+
+ // restrict to file base name
+ var name = basename(filename)
+
+ // determine if name is suitable for quoted string
+ var isQuotedString = TEXT_REGEXP.test(name)
+
+ // generate fallback name
+ var fallbackName = typeof fallback !== 'string'
+ ? fallback && getlatin1(name)
+ : basename(fallback)
+ var hasFallback = typeof fallbackName === 'string' && fallbackName !== name
+
+ // set extended filename parameter
+ if (hasFallback || !isQuotedString || HEX_ESCAPE_REGEXP.test(name)) {
+ params['filename*'] = name
+ }
+
+ // set filename parameter
+ if (isQuotedString || hasFallback) {
+ params.filename = hasFallback
+ ? fallbackName
+ : name
+ }
+
+ return params
+}
+
+/**
+ * Format object to Content-Disposition header.
+ *
+ * @param {object} obj
+ * @param {string} obj.type
+ * @param {object} [obj.parameters]
+ * @return {string}
+ * @private
+ */
+
+function format (obj) {
+ var parameters = obj.parameters
+ var type = obj.type
+
+ if (!type || typeof type !== 'string' || !TOKEN_REGEXP.test(type)) {
+ throw new TypeError('invalid type')
+ }
+
+ // start with normalized type
+ var string = String(type).toLowerCase()
+
+ // append parameters
+ if (parameters && typeof parameters === 'object') {
+ var param
+ var params = Object.keys(parameters).sort()
+
+ for (var i = 0; i < params.length; i++) {
+ param = params[i]
+
+ var val = param.substr(-1) === '*'
+ ? ustring(parameters[param])
+ : qstring(parameters[param])
+
+ string += '; ' + param + '=' + val
+ }
+ }
+
+ return string
+}
+
+/**
+ * Decode a RFC 5987 field value (gracefully).
+ *
+ * @param {string} str
+ * @return {string}
+ * @private
+ */
+
+function decodefield (str) {
+ var match = EXT_VALUE_REGEXP.exec(str)
+
+ if (!match) {
+ throw new TypeError('invalid extended field value')
+ }
+
+ var charset = match[1].toLowerCase()
+ var encoded = match[2]
+ var value
+
+ // to binary string
+ var binary = encoded.replace(HEX_ESCAPE_REPLACE_REGEXP, pdecode)
+
+ switch (charset) {
+ case 'iso-8859-1':
+ value = getlatin1(binary)
+ break
+ case 'utf-8':
+ value = Buffer.from(binary, 'binary').toString('utf8')
+ break
+ default:
+ throw new TypeError('unsupported charset in extended field')
+ }
+
+ return value
+}
+
+/**
+ * Get ISO-8859-1 version of string.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function getlatin1 (val) {
+ // simple Unicode -> ISO-8859-1 transformation
+ return String(val).replace(NON_LATIN1_REGEXP, '?')
+}
+
+/**
+ * Parse Content-Disposition header string.
+ *
+ * @param {string} string
+ * @return {object}
+ * @public
+ */
+
+function parse (string) {
+ if (!string || typeof string !== 'string') {
+ throw new TypeError('argument string is required')
+ }
+
+ var match = DISPOSITION_TYPE_REGEXP.exec(string)
+
+ if (!match) {
+ throw new TypeError('invalid type format')
+ }
+
+ // normalize type
+ var index = match[0].length
+ var type = match[1].toLowerCase()
+
+ var key
+ var names = []
+ var params = {}
+ var value
+
+ // calculate index to start at
+ index = PARAM_REGEXP.lastIndex = match[0].substr(-1) === ';'
+ ? index - 1
+ : index
+
+ // match parameters
+ while ((match = PARAM_REGEXP.exec(string))) {
+ if (match.index !== index) {
+ throw new TypeError('invalid parameter format')
+ }
+
+ index += match[0].length
+ key = match[1].toLowerCase()
+ value = match[2]
+
+ if (names.indexOf(key) !== -1) {
+ throw new TypeError('invalid duplicate parameter')
+ }
+
+ names.push(key)
+
+ if (key.indexOf('*') + 1 === key.length) {
+ // decode extended value
+ key = key.slice(0, -1)
+ value = decodefield(value)
+
+ // overwrite existing value
+ params[key] = value
+ continue
+ }
+
+ if (typeof params[key] === 'string') {
+ continue
+ }
+
+ if (value[0] === '"') {
+ // remove quotes and escapes
+ value = value
+ .substr(1, value.length - 2)
+ .replace(QESC_REGEXP, '$1')
+ }
+
+ params[key] = value
+ }
+
+ if (index !== -1 && index !== string.length) {
+ throw new TypeError('invalid parameter format')
+ }
+
+ return new ContentDisposition(type, params)
+}
+
+/**
+ * Percent decode a single character.
+ *
+ * @param {string} str
+ * @param {string} hex
+ * @return {string}
+ * @private
+ */
+
+function pdecode (str, hex) {
+ return String.fromCharCode(parseInt(hex, 16))
+}
+
+/**
+ * Percent encode a single character.
+ *
+ * @param {string} char
+ * @return {string}
+ * @private
+ */
+
+function pencode (char) {
+ return '%' + String(char)
+ .charCodeAt(0)
+ .toString(16)
+ .toUpperCase()
+}
+
+/**
+ * Quote a string for HTTP.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function qstring (val) {
+ var str = String(val)
+
+ return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
+}
+
+/**
+ * Encode a Unicode string for HTTP (RFC 5987).
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function ustring (val) {
+ var str = String(val)
+
+ // percent encode as UTF-8
+ var encoded = encodeURIComponent(str)
+ .replace(ENCODE_URL_ATTR_CHAR_REGEXP, pencode)
+
+ return 'UTF-8\'\'' + encoded
+}
+
+/**
+ * Class for parsed Content-Disposition header for v8 optimization
+ *
+ * @public
+ * @param {string} type
+ * @param {object} parameters
+ * @constructor
+ */
+
+function ContentDisposition (type, parameters) {
+ this.type = type
+ this.parameters = parameters
+}
diff --git a/node_modules/content-disposition/package.json b/node_modules/content-disposition/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..43c70ce24a45a9a8f9eec7c6b6a30e0324d3078d
--- /dev/null
+++ b/node_modules/content-disposition/package.json
@@ -0,0 +1,44 @@
+{
+ "name": "content-disposition",
+ "description": "Create and parse Content-Disposition header",
+ "version": "0.5.4",
+ "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "license": "MIT",
+ "keywords": [
+ "content-disposition",
+ "http",
+ "rfc6266",
+ "res"
+ ],
+ "repository": "jshttp/content-disposition",
+ "dependencies": {
+ "safe-buffer": "5.2.1"
+ },
+ "devDependencies": {
+ "deep-equal": "1.0.1",
+ "eslint": "7.32.0",
+ "eslint-config-standard": "13.0.1",
+ "eslint-plugin-import": "2.25.3",
+ "eslint-plugin-markdown": "2.2.1",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "5.2.0",
+ "eslint-plugin-standard": "4.1.0",
+ "istanbul": "0.4.5",
+ "mocha": "9.1.3"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/"
+ }
+}
diff --git a/node_modules/encodeurl/LICENSE b/node_modules/encodeurl/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..8812229bc59b5f365549fb3c799b32a4d4acdabc
--- /dev/null
+++ b/node_modules/encodeurl/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/encodeurl/README.md b/node_modules/encodeurl/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3842493ec68e8eb5a5377fa4c3a33e454be4e882
--- /dev/null
+++ b/node_modules/encodeurl/README.md
@@ -0,0 +1,109 @@
+# Encode URL
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+
+## Installation
+
+```sh
+npm install encodeurl
+```
+
+## API
+
+```js
+var encodeUrl = require('encodeurl')
+```
+
+### encodeUrl(url)
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+
+This function accepts a URL and encodes all the non-URL code points (as UTF-8 byte sequences). It will not encode the "%" character unless it is not part of a valid sequence (`%20` will be left as-is, but `%foo` will be encoded as `%25foo`).
+
+This encode is meant to be "safe" and does not throw errors. It will try as hard as it can to properly encode the given URL, including replacing any raw, unpaired surrogate pairs with the Unicode replacement character prior to encoding.
+
+## Examples
+
+### Encode a URL containing user-controlled data
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+
+http.createServer(function onRequest (req, res) {
+ // get encoded form of inbound url
+ var url = encodeUrl(req.url)
+
+ // create html message
+ var body = '<p>Location ' + escapeHtml(url) + ' not found</p>'
+
+ // send a 404
+ res.statusCode = 404
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+ res.end(body, 'utf-8')
+})
+```
+
+### Encode a URL for use in a header field
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var url = require('url')
+
+http.createServer(function onRequest (req, res) {
+ // parse inbound url
+ var href = url.parse(req)
+
+ // set new host for redirect
+ href.host = 'localhost'
+ href.protocol = 'https:'
+ href.slashes = true
+
+ // create location header
+ var location = encodeUrl(url.format(href))
+
+ // create html message
+ var body = '<p>Redirecting to new site: ' + escapeHtml(location) + '</p>'
+
+ // send a 301
+ res.statusCode = 301
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+ res.setHeader('Location', location)
+ res.end(body, 'utf-8')
+})
+```
+
+## Similarities
+
+This function is _similar_ to the intrinsic function `encodeURI`. However, it will not encode:
+
+* The `\`, `^`, or `|` characters
+* The `%` character when it's part of a valid sequence
+* `[` and `]` (for IPv6 hostnames)
+* Replaces raw, unpaired surrogate pairs with the Unicode replacement character
+
+As a result, the encoding aligns closely with the behavior in the [WHATWG URL specification][whatwg-url]. However, this package only encodes strings and does not do any URL parsing or formatting.
+
+It is expected that any output from `new URL(url)` will not change when used with this package, as the output has already been encoded. Additionally, if we were to encode before `new URL(url)`, we do not expect the before and after encoded formats to be parsed any differently.
+
+## Testing
+
+```sh
+$ npm test
+$ npm run lint
+```
+
+## References
+
+- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986]
+- [WHATWG URL Living Standard][whatwg-url]
+
+[rfc-3986]: https://tools.ietf.org/html/rfc3986
+[whatwg-url]: https://url.spec.whatwg.org/
+
+## License
+
+[MIT](LICENSE)
diff --git a/node_modules/encodeurl/index.js b/node_modules/encodeurl/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..a49ee5a0b62136da6524703314e88b4199c4c208
--- /dev/null
+++ b/node_modules/encodeurl/index.js
@@ -0,0 +1,60 @@
+/*!
+ * encodeurl
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = encodeUrl
+
+/**
+ * RegExp to match non-URL code points, *after* encoding (i.e. not including "%")
+ * and including invalid escape sequences.
+ * @private
+ */
+
+var ENCODE_CHARS_REGEXP = /(?:[^\x21\x23-\x3B\x3D\x3F-\x5F\x61-\x7A\x7C\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g
+
+/**
+ * RegExp to match unmatched surrogate pair.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g
+
+/**
+ * String to replace unmatched surrogate pair with.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2'
+
+/**
+ * Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+ *
+ * This function will take an already-encoded URL and encode all the non-URL
+ * code points. This function will not encode the "%" character unless it is
+ * not part of a valid sequence (`%20` will be left as-is, but `%foo` will
+ * be encoded as `%25foo`).
+ *
+ * This encode is meant to be "safe" and does not throw errors. It will try as
+ * hard as it can to properly encode the given URL, including replacing any raw,
+ * unpaired surrogate pairs with the Unicode replacement character prior to
+ * encoding.
+ *
+ * @param {string} url
+ * @return {string}
+ * @public
+ */
+
+function encodeUrl (url) {
+ return String(url)
+ .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE)
+ .replace(ENCODE_CHARS_REGEXP, encodeURI)
+}
diff --git a/node_modules/encodeurl/package.json b/node_modules/encodeurl/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..313382214599a9b52a408282b40c3f907407a30a
--- /dev/null
+++ b/node_modules/encodeurl/package.json
@@ -0,0 +1,40 @@
+{
+ "name": "encodeurl",
+ "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
+ "version": "2.0.0",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "encode",
+ "encodeurl",
+ "url"
+ ],
+ "repository": "pillarjs/encodeurl",
+ "devDependencies": {
+ "eslint": "5.11.1",
+ "eslint-config-standard": "12.0.0",
+ "eslint-plugin-import": "2.14.0",
+ "eslint-plugin-node": "7.0.1",
+ "eslint-plugin-promise": "4.0.1",
+ "eslint-plugin-standard": "4.0.0",
+ "istanbul": "0.4.5",
+ "mocha": "2.5.3"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ }
+}
diff --git a/node_modules/escape-html/LICENSE b/node_modules/escape-html/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..2e70de9717e715b4fc05c7f8bdc4e8d63a33b859
--- /dev/null
+++ b/node_modules/escape-html/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2013 TJ Holowaychuk
+Copyright (c) 2015 Andreas Lubbe
+Copyright (c) 2015 Tiancheng "Timothy" Gu
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/escape-html/Readme.md b/node_modules/escape-html/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..653d9eaa793317827ce724c4a0756110e9356fc8
--- /dev/null
+++ b/node_modules/escape-html/Readme.md
@@ -0,0 +1,43 @@
+
+# escape-html
+
+ Escape string for use in HTML
+
+## Example
+
+```js
+var escape = require('escape-html');
+var html = escape('foo & bar');
+// -> foo & bar
+```
+
+## Benchmark
+
+```
+$ npm run-script bench
+
+> escape-html@1.0.3 bench nodejs-escape-html
+> node benchmark/index.js
+
+
+ http_parser@1.0
+ node@0.10.33
+ v8@3.14.5.9
+ ares@1.9.0-DEV
+ uv@0.10.29
+ zlib@1.2.3
+ modules@11
+ openssl@1.0.1j
+
+ 1 test completed.
+ 2 tests completed.
+ 3 tests completed.
+
+ no special characters x 19,435,271 ops/sec ±0.85% (187 runs sampled)
+ single special character x 6,132,421 ops/sec ±0.67% (194 runs sampled)
+ many special characters x 3,175,826 ops/sec ±0.65% (193 runs sampled)
+```
+
+## License
+
+ MIT
\ No newline at end of file
diff --git a/node_modules/escape-html/index.js b/node_modules/escape-html/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..bf9e226f4e872bee53a930739e5381d013c47568
--- /dev/null
+++ b/node_modules/escape-html/index.js
@@ -0,0 +1,78 @@
+/*!
+ * escape-html
+ * Copyright(c) 2012-2013 TJ Holowaychuk
+ * Copyright(c) 2015 Andreas Lubbe
+ * Copyright(c) 2015 Tiancheng "Timothy" Gu
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var matchHtmlRegExp = /["'&<>]/;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = escapeHtml;
+
+/**
+ * Escape special characters in the given string of html.
+ *
+ * @param {string} string The string to escape for inserting into HTML
+ * @return {string}
+ * @public
+ */
+
+function escapeHtml(string) {
+ var str = '' + string;
+ var match = matchHtmlRegExp.exec(str);
+
+ if (!match) {
+ return str;
+ }
+
+ var escape;
+ var html = '';
+ var index = 0;
+ var lastIndex = 0;
+
+ for (index = match.index; index < str.length; index++) {
+ switch (str.charCodeAt(index)) {
+ case 34: // "
+ escape = '"';
+ break;
+ case 38: // &
+ escape = '&';
+ break;
+ case 39: // '
+ escape = ''';
+ break;
+ case 60: // <
+ escape = '<';
+ break;
+ case 62: // >
+ escape = '>';
+ break;
+ default:
+ continue;
+ }
+
+ if (lastIndex !== index) {
+ html += str.substring(lastIndex, index);
+ }
+
+ lastIndex = index + 1;
+ html += escape;
+ }
+
+ return lastIndex !== index
+ ? html + str.substring(lastIndex, index)
+ : html;
+}
diff --git a/node_modules/escape-html/package.json b/node_modules/escape-html/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..57ec7bd0754d50af9c5e96a208aed6d85c1e6d5e
--- /dev/null
+++ b/node_modules/escape-html/package.json
@@ -0,0 +1,24 @@
+{
+ "name": "escape-html",
+ "description": "Escape string for use in HTML",
+ "version": "1.0.3",
+ "license": "MIT",
+ "keywords": [
+ "escape",
+ "html",
+ "utility"
+ ],
+ "repository": "component/escape-html",
+ "devDependencies": {
+ "benchmark": "1.0.0",
+ "beautify-benchmark": "0.2.4"
+ },
+ "files": [
+ "LICENSE",
+ "Readme.md",
+ "index.js"
+ ],
+ "scripts": {
+ "bench": "node benchmark/index.js"
+ }
+}
diff --git a/node_modules/etag/HISTORY.md b/node_modules/etag/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..222b293dee9f8712b82a7e453c1f80e6e65348e7
--- /dev/null
+++ b/node_modules/etag/HISTORY.md
@@ -0,0 +1,83 @@
+1.8.1 / 2017-09-12
+==================
+
+ * perf: replace regular expression with substring
+
+1.8.0 / 2017-02-18
+==================
+
+ * Use SHA1 instead of MD5 for ETag hashing
+ - Improves performance for larger entities
+ - Works with FIPS 140-2 OpenSSL configuration
+
+1.7.0 / 2015-06-08
+==================
+
+ * Always include entity length in ETags for hash length extensions
+ * Generate non-Stats ETags using MD5 only (no longer CRC32)
+ * Improve stat performance by removing hashing
+ * Remove base64 padding in ETags to shorten
+ * Use MD5 instead of MD4 in weak ETags over 1KB
+
+1.6.0 / 2015-05-10
+==================
+
+ * Improve support for JXcore
+ * Remove requirement of `atime` in the stats object
+ * Support "fake" stats objects in environments without `fs`
+
+1.5.1 / 2014-11-19
+==================
+
+ * deps: crc@3.2.1
+ - Minor fixes
+
+1.5.0 / 2014-10-14
+==================
+
+ * Improve string performance
+ * Slightly improve speed for weak ETags over 1KB
+
+1.4.0 / 2014-09-21
+==================
+
+ * Support "fake" stats objects
+ * Support Node.js 0.6
+
+1.3.1 / 2014-09-14
+==================
+
+ * Use the (new and improved) `crc` for crc32
+
+1.3.0 / 2014-08-29
+==================
+
+ * Default strings to strong ETags
+ * Improve speed for weak ETags over 1KB
+
+1.2.1 / 2014-08-29
+==================
+
+ * Use the (much faster) `buffer-crc32` for crc32
+
+1.2.0 / 2014-08-24
+==================
+
+ * Add support for file stat objects
+
+1.1.0 / 2014-08-24
+==================
+
+ * Add fast-path for empty entity
+ * Add weak ETag generation
+ * Shrink size of generated ETags
+
+1.0.1 / 2014-08-24
+==================
+
+ * Fix behavior of string containing Unicode
+
+1.0.0 / 2014-05-18
+==================
+
+ * Initial release
diff --git a/node_modules/etag/LICENSE b/node_modules/etag/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..cab251c2b9a81318267600f68130faa3a290e5fd
--- /dev/null
+++ b/node_modules/etag/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/etag/README.md b/node_modules/etag/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..09c2169e7b3ab576199dfe890b2f04cb645c5ac7
--- /dev/null
+++ b/node_modules/etag/README.md
@@ -0,0 +1,159 @@
+# etag
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Create simple HTTP ETags
+
+This module generates HTTP ETags (as defined in RFC 7232) for use in
+HTTP responses.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install etag
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var etag = require('etag')
+```
+
+### etag(entity, [options])
+
+Generate a strong ETag for the given entity. This should be the complete
+body of the entity. Strings, `Buffer`s, and `fs.Stats` are accepted. By
+default, a strong ETag is generated except for `fs.Stats`, which will
+generate a weak ETag (this can be overwritten by `options.weak`).
+
+<!-- eslint-disable no-undef -->
+
+```js
+res.setHeader('ETag', etag(body))
+```
+
+#### Options
+
+`etag` accepts these properties in the options object.
+
+##### weak
+
+Specifies if the generated ETag will include the weak validator mark (that
+is, the leading `W/`). The actual entity tag is the same. The default value
+is `false`, unless the `entity` is `fs.Stats`, in which case it is `true`.
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmark
+
+```bash
+$ npm run-script bench
+
+> etag@1.8.1 bench nodejs-etag
+> node benchmark/index.js
+
+ http_parser@2.7.0
+ node@6.11.1
+ v8@5.1.281.103
+ uv@1.11.0
+ zlib@1.2.11
+ ares@1.10.1-DEV
+ icu@58.2
+ modules@48
+ openssl@1.0.2k
+
+> node benchmark/body0-100b.js
+
+ 100B body
+
+ 4 tests completed.
+
+ buffer - strong x 258,647 ops/sec ±1.07% (180 runs sampled)
+ buffer - weak x 263,812 ops/sec ±0.61% (184 runs sampled)
+ string - strong x 259,955 ops/sec ±1.19% (185 runs sampled)
+ string - weak x 264,356 ops/sec ±1.09% (184 runs sampled)
+
+> node benchmark/body1-1kb.js
+
+ 1KB body
+
+ 4 tests completed.
+
+ buffer - strong x 189,018 ops/sec ±1.12% (182 runs sampled)
+ buffer - weak x 190,586 ops/sec ±0.81% (186 runs sampled)
+ string - strong x 144,272 ops/sec ±0.96% (188 runs sampled)
+ string - weak x 145,380 ops/sec ±1.43% (187 runs sampled)
+
+> node benchmark/body2-5kb.js
+
+ 5KB body
+
+ 4 tests completed.
+
+ buffer - strong x 92,435 ops/sec ±0.42% (188 runs sampled)
+ buffer - weak x 92,373 ops/sec ±0.58% (189 runs sampled)
+ string - strong x 48,850 ops/sec ±0.56% (186 runs sampled)
+ string - weak x 49,380 ops/sec ±0.56% (190 runs sampled)
+
+> node benchmark/body3-10kb.js
+
+ 10KB body
+
+ 4 tests completed.
+
+ buffer - strong x 55,989 ops/sec ±0.93% (188 runs sampled)
+ buffer - weak x 56,148 ops/sec ±0.55% (190 runs sampled)
+ string - strong x 27,345 ops/sec ±0.43% (188 runs sampled)
+ string - weak x 27,496 ops/sec ±0.45% (190 runs sampled)
+
+> node benchmark/body4-100kb.js
+
+ 100KB body
+
+ 4 tests completed.
+
+ buffer - strong x 7,083 ops/sec ±0.22% (190 runs sampled)
+ buffer - weak x 7,115 ops/sec ±0.26% (191 runs sampled)
+ string - strong x 3,068 ops/sec ±0.34% (190 runs sampled)
+ string - weak x 3,096 ops/sec ±0.35% (190 runs sampled)
+
+> node benchmark/stats.js
+
+ stat
+
+ 4 tests completed.
+
+ real - strong x 871,642 ops/sec ±0.34% (189 runs sampled)
+ real - weak x 867,613 ops/sec ±0.39% (190 runs sampled)
+ fake - strong x 401,051 ops/sec ±0.40% (189 runs sampled)
+ fake - weak x 400,100 ops/sec ±0.47% (188 runs sampled)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/etag.svg
+[npm-url]: https://npmjs.org/package/etag
+[node-version-image]: https://img.shields.io/node/v/etag.svg
+[node-version-url]: https://nodejs.org/en/download/
+[travis-image]: https://img.shields.io/travis/jshttp/etag/master.svg
+[travis-url]: https://travis-ci.org/jshttp/etag
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/etag/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/etag?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/etag.svg
+[downloads-url]: https://npmjs.org/package/etag
diff --git a/node_modules/etag/index.js b/node_modules/etag/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..2a585c91f07351e9566d50faec67a0272367ba81
--- /dev/null
+++ b/node_modules/etag/index.js
@@ -0,0 +1,131 @@
+/*!
+ * etag
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = etag
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var crypto = require('crypto')
+var Stats = require('fs').Stats
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var toString = Object.prototype.toString
+
+/**
+ * Generate an entity tag.
+ *
+ * @param {Buffer|string} entity
+ * @return {string}
+ * @private
+ */
+
+function entitytag (entity) {
+ if (entity.length === 0) {
+ // fast-path empty
+ return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"'
+ }
+
+ // compute hash of entity
+ var hash = crypto
+ .createHash('sha1')
+ .update(entity, 'utf8')
+ .digest('base64')
+ .substring(0, 27)
+
+ // compute length of entity
+ var len = typeof entity === 'string'
+ ? Buffer.byteLength(entity, 'utf8')
+ : entity.length
+
+ return '"' + len.toString(16) + '-' + hash + '"'
+}
+
+/**
+ * Create a simple ETag.
+ *
+ * @param {string|Buffer|Stats} entity
+ * @param {object} [options]
+ * @param {boolean} [options.weak]
+ * @return {String}
+ * @public
+ */
+
+function etag (entity, options) {
+ if (entity == null) {
+ throw new TypeError('argument entity is required')
+ }
+
+ // support fs.Stats object
+ var isStats = isstats(entity)
+ var weak = options && typeof options.weak === 'boolean'
+ ? options.weak
+ : isStats
+
+ // validate argument
+ if (!isStats && typeof entity !== 'string' && !Buffer.isBuffer(entity)) {
+ throw new TypeError('argument entity must be string, Buffer, or fs.Stats')
+ }
+
+ // generate entity tag
+ var tag = isStats
+ ? stattag(entity)
+ : entitytag(entity)
+
+ return weak
+ ? 'W/' + tag
+ : tag
+}
+
+/**
+ * Determine if object is a Stats object.
+ *
+ * @param {object} obj
+ * @return {boolean}
+ * @api private
+ */
+
+function isstats (obj) {
+ // genuine fs.Stats
+ if (typeof Stats === 'function' && obj instanceof Stats) {
+ return true
+ }
+
+ // quack quack
+ return obj && typeof obj === 'object' &&
+ 'ctime' in obj && toString.call(obj.ctime) === '[object Date]' &&
+ 'mtime' in obj && toString.call(obj.mtime) === '[object Date]' &&
+ 'ino' in obj && typeof obj.ino === 'number' &&
+ 'size' in obj && typeof obj.size === 'number'
+}
+
+/**
+ * Generate a tag for a stat.
+ *
+ * @param {object} stat
+ * @return {string}
+ * @private
+ */
+
+function stattag (stat) {
+ var mtime = stat.mtime.getTime().toString(16)
+ var size = stat.size.toString(16)
+
+ return '"' + size + '-' + mtime + '"'
+}
diff --git a/node_modules/etag/package.json b/node_modules/etag/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..b06ab803c0f80f56c5c88b8dc394468aee3485f4
--- /dev/null
+++ b/node_modules/etag/package.json
@@ -0,0 +1,47 @@
+{
+ "name": "etag",
+ "description": "Create simple HTTP ETags",
+ "version": "1.8.1",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "David Björklund <david.bjorklund@gmail.com>"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "etag",
+ "http",
+ "res"
+ ],
+ "repository": "jshttp/etag",
+ "devDependencies": {
+ "beautify-benchmark": "0.2.4",
+ "benchmark": "2.1.4",
+ "eslint": "3.19.0",
+ "eslint-config-standard": "10.2.1",
+ "eslint-plugin-import": "2.7.0",
+ "eslint-plugin-markdown": "1.0.0-beta.6",
+ "eslint-plugin-node": "5.1.1",
+ "eslint-plugin-promise": "3.5.0",
+ "eslint-plugin-standard": "3.0.1",
+ "istanbul": "0.4.5",
+ "mocha": "1.21.5",
+ "safe-buffer": "5.1.1",
+ "seedrandom": "2.4.3"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint --plugin markdown --ext js,md .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ }
+}
diff --git a/node_modules/express/History.md b/node_modules/express/History.md
new file mode 100644
index 0000000000000000000000000000000000000000..c234f529cea898151cd58315ee496bc2067a776e
--- /dev/null
+++ b/node_modules/express/History.md
@@ -0,0 +1,3656 @@
+4.21.2 / 2024-11-06
+==========
+
+ * deps: path-to-regexp@0.1.12
+ - Fix backtracking protection
+ * deps: path-to-regexp@0.1.11
+ - Throws an error on invalid path values
+
+4.21.1 / 2024-10-08
+==========
+
+ * Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+
+
+4.21.0 / 2024-09-11
+==========
+
+ * Deprecate `res.location("back")` and `res.redirect("back")` magic string
+ * deps: serve-static@1.16.2
+ * includes send@0.19.0
+ * deps: finalhandler@1.3.1
+ * deps: qs@6.13.0
+
+4.20.0 / 2024-09-10
+==========
+ * deps: serve-static@0.16.0
+ * Remove link renderization in html while redirecting
+ * deps: send@0.19.0
+ * Remove link renderization in html while redirecting
+ * deps: body-parser@0.6.0
+ * add `depth` option to customize the depth level in the parser
+ * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
+ * Remove link renderization in html while using `res.redirect`
+ * deps: path-to-regexp@0.1.10
+ - Adds support for named matching groups in the routes using a regex
+ - Adds backtracking protection to parameters without regexes defined
+ * deps: encodeurl@~2.0.0
+ - Removes encoding of `\`, `|`, and `^` to align better with URL spec
+ * Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
+ - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
+
+4.19.2 / 2024-03-25
+==========
+
+ * Improved fix for open redirect allow list bypass
+
+4.19.1 / 2024-03-20
+==========
+
+ * Allow passing non-strings to res.location with new encoding handling checks
+
+4.19.0 / 2024-03-20
+==========
+
+ * Prevent open redirect allow list bypass due to encodeurl
+ * deps: cookie@0.6.0
+
+4.18.3 / 2024-02-29
+==========
+
+ * Fix routing requests without method
+ * deps: body-parser@1.20.2
+ - Fix strict json error message on Node.js 19+
+ - deps: content-type@~1.0.5
+ - deps: raw-body@2.5.2
+ * deps: cookie@0.6.0
+ - Add `partitioned` option
+
+4.18.2 / 2022-10-08
+===================
+
+ * Fix regression routing a large stack in a single route
+ * deps: body-parser@1.20.1
+ - deps: qs@6.11.0
+ - perf: remove unnecessary object clone
+ * deps: qs@6.11.0
+
+4.18.1 / 2022-04-29
+===================
+
+ * Fix hanging on large stack of sync routes
+
+4.18.0 / 2022-04-25
+===================
+
+ * Add "root" option to `res.download`
+ * Allow `options` without `filename` in `res.download`
+ * Deprecate string and non-integer arguments to `res.status`
+ * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie`
+ * Fix handling very large stacks of sync middleware
+ * Ignore `Object.prototype` values in settings through `app.set`/`app.get`
+ * Invoke `default` with same arguments as types in `res.format`
+ * Support proper 205 responses using `res.send`
+ * Use `http-errors` for `res.format` error
+ * deps: body-parser@1.20.0
+ - Fix error message for json parse whitespace in `strict`
+ - Fix internal error when inflated body exceeds limit
+ - Prevent loss of async hooks context
+ - Prevent hanging when request already read
+ - deps: depd@2.0.0
+ - deps: http-errors@2.0.0
+ - deps: on-finished@2.4.1
+ - deps: qs@6.10.3
+ - deps: raw-body@2.5.1
+ * deps: cookie@0.5.0
+ - Add `priority` option
+ - Fix `expires` option to reject invalid dates
+ * deps: depd@2.0.0
+ - Replace internal `eval` usage with `Function` constructor
+ - Use instance methods on `process` to check for listeners
+ * deps: finalhandler@1.2.0
+ - Remove set content headers that break response
+ - deps: on-finished@2.4.1
+ - deps: statuses@2.0.1
+ * deps: on-finished@2.4.1
+ - Prevent loss of async hooks context
+ * deps: qs@6.10.3
+ * deps: send@0.18.0
+ - Fix emitted 416 error missing headers property
+ - Limit the headers removed for 304 response
+ - deps: depd@2.0.0
+ - deps: destroy@1.2.0
+ - deps: http-errors@2.0.0
+ - deps: on-finished@2.4.1
+ - deps: statuses@2.0.1
+ * deps: serve-static@1.15.0
+ - deps: send@0.18.0
+ * deps: statuses@2.0.1
+ - Remove code 306
+ - Rename `425 Unordered Collection` to standard `425 Too Early`
+
+4.17.3 / 2022-02-16
+===================
+
+ * deps: accepts@~1.3.8
+ - deps: mime-types@~2.1.34
+ - deps: negotiator@0.6.3
+ * deps: body-parser@1.19.2
+ - deps: bytes@3.1.2
+ - deps: qs@6.9.7
+ - deps: raw-body@2.4.3
+ * deps: cookie@0.4.2
+ * deps: qs@6.9.7
+ * Fix handling of `__proto__` keys
+ * pref: remove unnecessary regexp for trust proxy
+
+4.17.2 / 2021-12-16
+===================
+
+ * Fix handling of `undefined` in `res.jsonp`
+ * Fix handling of `undefined` when `"json escape"` is enabled
+ * Fix incorrect middleware execution with unanchored `RegExp`s
+ * Fix `res.jsonp(obj, status)` deprecation message
+ * Fix typo in `res.is` JSDoc
+ * deps: body-parser@1.19.1
+ - deps: bytes@3.1.1
+ - deps: http-errors@1.8.1
+ - deps: qs@6.9.6
+ - deps: raw-body@2.4.2
+ - deps: safe-buffer@5.2.1
+ - deps: type-is@~1.6.18
+ * deps: content-disposition@0.5.4
+ - deps: safe-buffer@5.2.1
+ * deps: cookie@0.4.1
+ - Fix `maxAge` option to reject invalid values
+ * deps: proxy-addr@~2.0.7
+ - Use `req.socket` over deprecated `req.connection`
+ - deps: forwarded@0.2.0
+ - deps: ipaddr.js@1.9.1
+ * deps: qs@6.9.6
+ * deps: safe-buffer@5.2.1
+ * deps: send@0.17.2
+ - deps: http-errors@1.8.1
+ - deps: ms@2.1.3
+ - pref: ignore empty http tokens
+ * deps: serve-static@1.14.2
+ - deps: send@0.17.2
+ * deps: setprototypeof@1.2.0
+
+4.17.1 / 2019-05-25
+===================
+
+ * Revert "Improve error message for `null`/`undefined` to `res.status`"
+
+4.17.0 / 2019-05-16
+===================
+
+ * Add `express.raw` to parse bodies into `Buffer`
+ * Add `express.text` to parse bodies into string
+ * Improve error message for non-strings to `res.sendFile`
+ * Improve error message for `null`/`undefined` to `res.status`
+ * Support multiple hosts in `X-Forwarded-Host`
+ * deps: accepts@~1.3.7
+ * deps: body-parser@1.19.0
+ - Add encoding MIK
+ - Add petabyte (`pb`) support
+ - Fix parsing array brackets after index
+ - deps: bytes@3.1.0
+ - deps: http-errors@1.7.2
+ - deps: iconv-lite@0.4.24
+ - deps: qs@6.7.0
+ - deps: raw-body@2.4.0
+ - deps: type-is@~1.6.17
+ * deps: content-disposition@0.5.3
+ * deps: cookie@0.4.0
+ - Add `SameSite=None` support
+ * deps: finalhandler@~1.1.2
+ - Set stricter `Content-Security-Policy` header
+ - deps: parseurl@~1.3.3
+ - deps: statuses@~1.5.0
+ * deps: parseurl@~1.3.3
+ * deps: proxy-addr@~2.0.5
+ - deps: ipaddr.js@1.9.0
+ * deps: qs@6.7.0
+ - Fix parsing array brackets after index
+ * deps: range-parser@~1.2.1
+ * deps: send@0.17.1
+ - Set stricter CSP header in redirect & error responses
+ - deps: http-errors@~1.7.2
+ - deps: mime@1.6.0
+ - deps: ms@2.1.1
+ - deps: range-parser@~1.2.1
+ - deps: statuses@~1.5.0
+ - perf: remove redundant `path.normalize` call
+ * deps: serve-static@1.14.1
+ - Set stricter CSP header in redirect response
+ - deps: parseurl@~1.3.3
+ - deps: send@0.17.1
+ * deps: setprototypeof@1.1.1
+ * deps: statuses@~1.5.0
+ - Add `103 Early Hints`
+ * deps: type-is@~1.6.18
+ - deps: mime-types@~2.1.24
+ - perf: prevent internal `throw` on invalid type
+
+4.16.4 / 2018-10-10
+===================
+
+ * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
+ * Fix JSDoc for `Router` constructor
+ * deps: body-parser@1.18.3
+ - Fix deprecation warnings on Node.js 10+
+ - Fix stack trace for strict json parse error
+ - deps: depd@~1.1.2
+ - deps: http-errors@~1.6.3
+ - deps: iconv-lite@0.4.23
+ - deps: qs@6.5.2
+ - deps: raw-body@2.3.3
+ - deps: type-is@~1.6.16
+ * deps: proxy-addr@~2.0.4
+ - deps: ipaddr.js@1.8.0
+ * deps: qs@6.5.2
+ * deps: safe-buffer@5.1.2
+
+4.16.3 / 2018-03-12
+===================
+
+ * deps: accepts@~1.3.5
+ - deps: mime-types@~2.1.18
+ * deps: depd@~1.1.2
+ - perf: remove argument reassignment
+ * deps: encodeurl@~1.0.2
+ - Fix encoding `%` as last character
+ * deps: finalhandler@1.1.1
+ - Fix 404 output for bad / missing pathnames
+ - deps: encodeurl@~1.0.2
+ - deps: statuses@~1.4.0
+ * deps: proxy-addr@~2.0.3
+ - deps: ipaddr.js@1.6.0
+ * deps: send@0.16.2
+ - Fix incorrect end tag in default error & redirects
+ - deps: depd@~1.1.2
+ - deps: encodeurl@~1.0.2
+ - deps: statuses@~1.4.0
+ * deps: serve-static@1.13.2
+ - Fix incorrect end tag in redirects
+ - deps: encodeurl@~1.0.2
+ - deps: send@0.16.2
+ * deps: statuses@~1.4.0
+ * deps: type-is@~1.6.16
+ - deps: mime-types@~2.1.18
+
+4.16.2 / 2017-10-09
+===================
+
+ * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
+ * perf: skip parsing of entire `X-Forwarded-Proto` header
+
+4.16.1 / 2017-09-29
+===================
+
+ * deps: send@0.16.1
+ * deps: serve-static@1.13.1
+ - Fix regression when `root` is incorrectly set to a file
+ - deps: send@0.16.1
+
+4.16.0 / 2017-09-28
+===================
+
+ * Add `"json escape"` setting for `res.json` and `res.jsonp`
+ * Add `express.json` and `express.urlencoded` to parse bodies
+ * Add `options` argument to `res.download`
+ * Improve error message when autoloading invalid view engine
+ * Improve error messages when non-function provided as middleware
+ * Skip `Buffer` encoding when not generating ETag for small response
+ * Use `safe-buffer` for improved Buffer API
+ * deps: accepts@~1.3.4
+ - deps: mime-types@~2.1.16
+ * deps: content-type@~1.0.4
+ - perf: remove argument reassignment
+ - perf: skip parameter parsing when no parameters
+ * deps: etag@~1.8.1
+ - perf: replace regular expression with substring
+ * deps: finalhandler@1.1.0
+ - Use `res.headersSent` when available
+ * deps: parseurl@~1.3.2
+ - perf: reduce overhead for full URLs
+ - perf: unroll the "fast-path" `RegExp`
+ * deps: proxy-addr@~2.0.2
+ - Fix trimming leading / trailing OWS in `X-Forwarded-For`
+ - deps: forwarded@~0.1.2
+ - deps: ipaddr.js@1.5.2
+ - perf: reduce overhead when no `X-Forwarded-For` header
+ * deps: qs@6.5.1
+ - Fix parsing & compacting very deep objects
+ * deps: send@0.16.0
+ - Add 70 new types for file extensions
+ - Add `immutable` option
+ - Fix missing `</html>` in default error & redirects
+ - Set charset as "UTF-8" for .js and .json
+ - Use instance methods on steam to check for listeners
+ - deps: mime@1.4.1
+ - perf: improve path validation speed
+ * deps: serve-static@1.13.0
+ - Add 70 new types for file extensions
+ - Add `immutable` option
+ - Set charset as "UTF-8" for .js and .json
+ - deps: send@0.16.0
+ * deps: setprototypeof@1.1.0
+ * deps: utils-merge@1.0.1
+ * deps: vary@~1.1.2
+ - perf: improve header token parsing speed
+ * perf: re-use options object when generating ETags
+ * perf: remove dead `.charset` set in `res.jsonp`
+
+4.15.5 / 2017-09-24
+===================
+
+ * deps: debug@2.6.9
+ * deps: finalhandler@~1.0.6
+ - deps: debug@2.6.9
+ - deps: parseurl@~1.3.2
+ * deps: fresh@0.5.2
+ - Fix handling of modified headers with invalid dates
+ - perf: improve ETag match loop
+ - perf: improve `If-None-Match` token parsing
+ * deps: send@0.15.6
+ - Fix handling of modified headers with invalid dates
+ - deps: debug@2.6.9
+ - deps: etag@~1.8.1
+ - deps: fresh@0.5.2
+ - perf: improve `If-Match` token parsing
+ * deps: serve-static@1.12.6
+ - deps: parseurl@~1.3.2
+ - deps: send@0.15.6
+ - perf: improve slash collapsing
+
+4.15.4 / 2017-08-06
+===================
+
+ * deps: debug@2.6.8
+ * deps: depd@~1.1.1
+ - Remove unnecessary `Buffer` loading
+ * deps: finalhandler@~1.0.4
+ - deps: debug@2.6.8
+ * deps: proxy-addr@~1.1.5
+ - Fix array argument being altered
+ - deps: ipaddr.js@1.4.0
+ * deps: qs@6.5.0
+ * deps: send@0.15.4
+ - deps: debug@2.6.8
+ - deps: depd@~1.1.1
+ - deps: http-errors@~1.6.2
+ * deps: serve-static@1.12.4
+ - deps: send@0.15.4
+
+4.15.3 / 2017-05-16
+===================
+
+ * Fix error when `res.set` cannot add charset to `Content-Type`
+ * deps: debug@2.6.7
+ - Fix `DEBUG_MAX_ARRAY_LENGTH`
+ - deps: ms@2.0.0
+ * deps: finalhandler@~1.0.3
+ - Fix missing `</html>` in HTML document
+ - deps: debug@2.6.7
+ * deps: proxy-addr@~1.1.4
+ - deps: ipaddr.js@1.3.0
+ * deps: send@0.15.3
+ - deps: debug@2.6.7
+ - deps: ms@2.0.0
+ * deps: serve-static@1.12.3
+ - deps: send@0.15.3
+ * deps: type-is@~1.6.15
+ - deps: mime-types@~2.1.15
+ * deps: vary@~1.1.1
+ - perf: hoist regular expression
+
+4.15.2 / 2017-03-06
+===================
+
+ * deps: qs@6.4.0
+ - Fix regression parsing keys starting with `[`
+
+4.15.1 / 2017-03-05
+===================
+
+ * deps: send@0.15.1
+ - Fix issue when `Date.parse` does not return `NaN` on invalid date
+ - Fix strict violation in broken environments
+ * deps: serve-static@1.12.1
+ - Fix issue when `Date.parse` does not return `NaN` on invalid date
+ - deps: send@0.15.1
+
+4.15.0 / 2017-03-01
+===================
+
+ * Add debug message when loading view engine
+ * Add `next("router")` to exit from router
+ * Fix case where `router.use` skipped requests routes did not
+ * Remove usage of `res._headers` private field
+ - Improves compatibility with Node.js 8 nightly
+ * Skip routing when `req.url` is not set
+ * Use `%o` in path debug to tell types apart
+ * Use `Object.create` to setup request & response prototypes
+ * Use `setprototypeof` module to replace `__proto__` setting
+ * Use `statuses` instead of `http` module for status messages
+ * deps: debug@2.6.1
+ - Allow colors in workers
+ - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+ - Fix error when running under React Native
+ - Use same color for same namespace
+ - deps: ms@0.7.2
+ * deps: etag@~1.8.0
+ - Use SHA1 instead of MD5 for ETag hashing
+ - Works with FIPS 140-2 OpenSSL configuration
+ * deps: finalhandler@~1.0.0
+ - Fix exception when `err` cannot be converted to a string
+ - Fully URL-encode the pathname in the 404
+ - Only include the pathname in the 404 message
+ - Send complete HTML document
+ - Set `Content-Security-Policy: default-src 'self'` header
+ - deps: debug@2.6.1
+ * deps: fresh@0.5.0
+ - Fix false detection of `no-cache` request directive
+ - Fix incorrect result when `If-None-Match` has both `*` and ETags
+ - Fix weak `ETag` matching to match spec
+ - perf: delay reading header values until needed
+ - perf: enable strict mode
+ - perf: hoist regular expressions
+ - perf: remove duplicate conditional
+ - perf: remove unnecessary boolean coercions
+ - perf: skip checking modified time if ETag check failed
+ - perf: skip parsing `If-None-Match` when no `ETag` header
+ - perf: use `Date.parse` instead of `new Date`
+ * deps: qs@6.3.1
+ - Fix array parsing from skipping empty values
+ - Fix compacting nested arrays
+ * deps: send@0.15.0
+ - Fix false detection of `no-cache` request directive
+ - Fix incorrect result when `If-None-Match` has both `*` and ETags
+ - Fix weak `ETag` matching to match spec
+ - Remove usage of `res._headers` private field
+ - Support `If-Match` and `If-Unmodified-Since` headers
+ - Use `res.getHeaderNames()` when available
+ - Use `res.headersSent` when available
+ - deps: debug@2.6.1
+ - deps: etag@~1.8.0
+ - deps: fresh@0.5.0
+ - deps: http-errors@~1.6.1
+ * deps: serve-static@1.12.0
+ - Fix false detection of `no-cache` request directive
+ - Fix incorrect result when `If-None-Match` has both `*` and ETags
+ - Fix weak `ETag` matching to match spec
+ - Remove usage of `res._headers` private field
+ - Send complete HTML document in redirect response
+ - Set default CSP header in redirect response
+ - Support `If-Match` and `If-Unmodified-Since` headers
+ - Use `res.getHeaderNames()` when available
+ - Use `res.headersSent` when available
+ - deps: send@0.15.0
+ * perf: add fast match path for `*` route
+ * perf: improve `req.ips` performance
+
+4.14.1 / 2017-01-28
+===================
+
+ * deps: content-disposition@0.5.2
+ * deps: finalhandler@0.5.1
+ - Fix exception when `err.headers` is not an object
+ - deps: statuses@~1.3.1
+ - perf: hoist regular expressions
+ - perf: remove duplicate validation path
+ * deps: proxy-addr@~1.1.3
+ - deps: ipaddr.js@1.2.0
+ * deps: send@0.14.2
+ - deps: http-errors@~1.5.1
+ - deps: ms@0.7.2
+ - deps: statuses@~1.3.1
+ * deps: serve-static@~1.11.2
+ - deps: send@0.14.2
+ * deps: type-is@~1.6.14
+ - deps: mime-types@~2.1.13
+
+4.14.0 / 2016-06-16
+===================
+
+ * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
+ * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
+ * Add `options` argument to `req.range`
+ - Includes the `combine` option
+ * Encode URL in `res.location`/`res.redirect` if not already encoded
+ * Fix some redirect handling in `res.sendFile`/`res.sendfile`
+ * Fix Windows absolute path check using forward slashes
+ * Improve error with invalid arguments to `req.get()`
+ * Improve performance for `res.json`/`res.jsonp` in most cases
+ * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
+ * deps: accepts@~1.3.3
+ - Fix including type extensions in parameters in `Accept` parsing
+ - Fix parsing `Accept` parameters with quoted equals
+ - Fix parsing `Accept` parameters with quoted semicolons
+ - Many performance improvements
+ - deps: mime-types@~2.1.11
+ - deps: negotiator@0.6.1
+ * deps: content-type@~1.0.2
+ - perf: enable strict mode
+ * deps: cookie@0.3.1
+ - Add `sameSite` option
+ - Fix cookie `Max-Age` to never be a floating point number
+ - Improve error message when `encode` is not a function
+ - Improve error message when `expires` is not a `Date`
+ - Throw better error for invalid argument to parse
+ - Throw on invalid values provided to `serialize`
+ - perf: enable strict mode
+ - perf: hoist regular expression
+ - perf: use for loop in parse
+ - perf: use string concatenation for serialization
+ * deps: finalhandler@0.5.0
+ - Change invalid or non-numeric status code to 500
+ - Overwrite status message to match set status code
+ - Prefer `err.statusCode` if `err.status` is invalid
+ - Set response headers from `err.headers` object
+ - Use `statuses` instead of `http` module for status messages
+ * deps: proxy-addr@~1.1.2
+ - Fix accepting various invalid netmasks
+ - Fix IPv6-mapped IPv4 validation edge cases
+ - IPv4 netmasks must be contiguous
+ - IPv6 addresses cannot be used as a netmask
+ - deps: ipaddr.js@1.1.1
+ * deps: qs@6.2.0
+ - Add `decoder` option in `parse` function
+ * deps: range-parser@~1.2.0
+ - Add `combine` option to combine overlapping ranges
+ - Fix incorrectly returning -1 when there is at least one valid range
+ - perf: remove internal function
+ * deps: send@0.14.1
+ - Add `acceptRanges` option
+ - Add `cacheControl` option
+ - Attempt to combine multiple ranges into single range
+ - Correctly inherit from `Stream` class
+ - Fix `Content-Range` header in 416 responses when using `start`/`end` options
+ - Fix `Content-Range` header missing from default 416 responses
+ - Fix redirect error when `path` contains raw non-URL characters
+ - Fix redirect when `path` starts with multiple forward slashes
+ - Ignore non-byte `Range` headers
+ - deps: http-errors@~1.5.0
+ - deps: range-parser@~1.2.0
+ - deps: statuses@~1.3.0
+ - perf: remove argument reassignment
+ * deps: serve-static@~1.11.1
+ - Add `acceptRanges` option
+ - Add `cacheControl` option
+ - Attempt to combine multiple ranges into single range
+ - Fix redirect error when `req.url` contains raw non-URL characters
+ - Ignore non-byte `Range` headers
+ - Use status code 301 for redirects
+ - deps: send@0.14.1
+ * deps: type-is@~1.6.13
+ - Fix type error when given invalid type to match against
+ - deps: mime-types@~2.1.11
+ * deps: vary@~1.1.0
+ - Only accept valid field names in the `field` argument
+ * perf: use strict equality when possible
+
+4.13.4 / 2016-01-21
+===================
+
+ * deps: content-disposition@0.5.1
+ - perf: enable strict mode
+ * deps: cookie@0.1.5
+ - Throw on invalid values provided to `serialize`
+ * deps: depd@~1.1.0
+ - Support web browser loading
+ - perf: enable strict mode
+ * deps: escape-html@~1.0.3
+ - perf: enable strict mode
+ - perf: optimize string replacement
+ - perf: use faster string coercion
+ * deps: finalhandler@0.4.1
+ - deps: escape-html@~1.0.3
+ * deps: merge-descriptors@1.0.1
+ - perf: enable strict mode
+ * deps: methods@~1.1.2
+ - perf: enable strict mode
+ * deps: parseurl@~1.3.1
+ - perf: enable strict mode
+ * deps: proxy-addr@~1.0.10
+ - deps: ipaddr.js@1.0.5
+ - perf: enable strict mode
+ * deps: range-parser@~1.0.3
+ - perf: enable strict mode
+ * deps: send@0.13.1
+ - deps: depd@~1.1.0
+ - deps: destroy@~1.0.4
+ - deps: escape-html@~1.0.3
+ - deps: range-parser@~1.0.3
+ * deps: serve-static@~1.10.2
+ - deps: escape-html@~1.0.3
+ - deps: parseurl@~1.3.0
+ - deps: send@0.13.1
+
+4.13.3 / 2015-08-02
+===================
+
+ * Fix infinite loop condition using `mergeParams: true`
+ * Fix inner numeric indices incorrectly altering parent `req.params`
+
+4.13.2 / 2015-07-31
+===================
+
+ * deps: accepts@~1.2.12
+ - deps: mime-types@~2.1.4
+ * deps: array-flatten@1.1.1
+ - perf: enable strict mode
+ * deps: path-to-regexp@0.1.7
+ - Fix regression with escaped round brackets and matching groups
+ * deps: type-is@~1.6.6
+ - deps: mime-types@~2.1.4
+
+4.13.1 / 2015-07-05
+===================
+
+ * deps: accepts@~1.2.10
+ - deps: mime-types@~2.1.2
+ * deps: qs@4.0.0
+ - Fix dropping parameters like `hasOwnProperty`
+ - Fix various parsing edge cases
+ * deps: type-is@~1.6.4
+ - deps: mime-types@~2.1.2
+ - perf: enable strict mode
+ - perf: remove argument reassignment
+
+4.13.0 / 2015-06-20
+===================
+
+ * Add settings to debug output
+ * Fix `res.format` error when only `default` provided
+ * Fix issue where `next('route')` in `app.param` would incorrectly skip values
+ * Fix hiding platform issues with `decodeURIComponent`
+ - Only `URIError`s are a 400
+ * Fix using `*` before params in routes
+ * Fix using capture groups before params in routes
+ * Simplify `res.cookie` to call `res.append`
+ * Use `array-flatten` module for flattening arrays
+ * deps: accepts@~1.2.9
+ - deps: mime-types@~2.1.1
+ - perf: avoid argument reassignment & argument slice
+ - perf: avoid negotiator recursive construction
+ - perf: enable strict mode
+ - perf: remove unnecessary bitwise operator
+ * deps: cookie@0.1.3
+ - perf: deduce the scope of try-catch deopt
+ - perf: remove argument reassignments
+ * deps: escape-html@1.0.2
+ * deps: etag@~1.7.0
+ - Always include entity length in ETags for hash length extensions
+ - Generate non-Stats ETags using MD5 only (no longer CRC32)
+ - Improve stat performance by removing hashing
+ - Improve support for JXcore
+ - Remove base64 padding in ETags to shorten
+ - Support "fake" stats objects in environments without fs
+ - Use MD5 instead of MD4 in weak ETags over 1KB
+ * deps: finalhandler@0.4.0
+ - Fix a false-positive when unpiping in Node.js 0.8
+ - Support `statusCode` property on `Error` objects
+ - Use `unpipe` module for unpiping requests
+ - deps: escape-html@1.0.2
+ - deps: on-finished@~2.3.0
+ - perf: enable strict mode
+ - perf: remove argument reassignment
+ * deps: fresh@0.3.0
+ - Add weak `ETag` matching support
+ * deps: on-finished@~2.3.0
+ - Add defined behavior for HTTP `CONNECT` requests
+ - Add defined behavior for HTTP `Upgrade` requests
+ - deps: ee-first@1.1.1
+ * deps: path-to-regexp@0.1.6
+ * deps: send@0.13.0
+ - Allow Node.js HTTP server to set `Date` response header
+ - Fix incorrectly removing `Content-Location` on 304 response
+ - Improve the default redirect response headers
+ - Send appropriate headers on default error response
+ - Use `http-errors` for standard emitted errors
+ - Use `statuses` instead of `http` module for status messages
+ - deps: escape-html@1.0.2
+ - deps: etag@~1.7.0
+ - deps: fresh@0.3.0
+ - deps: on-finished@~2.3.0
+ - perf: enable strict mode
+ - perf: remove unnecessary array allocations
+ * deps: serve-static@~1.10.0
+ - Add `fallthrough` option
+ - Fix reading options from options prototype
+ - Improve the default redirect response headers
+ - Malformed URLs now `next()` instead of 400
+ - deps: escape-html@1.0.2
+ - deps: send@0.13.0
+ - perf: enable strict mode
+ - perf: remove argument reassignment
+ * deps: type-is@~1.6.3
+ - deps: mime-types@~2.1.1
+ - perf: reduce try block size
+ - perf: remove bitwise operations
+ * perf: enable strict mode
+ * perf: isolate `app.render` try block
+ * perf: remove argument reassignments in application
+ * perf: remove argument reassignments in request prototype
+ * perf: remove argument reassignments in response prototype
+ * perf: remove argument reassignments in routing
+ * perf: remove argument reassignments in `View`
+ * perf: skip attempting to decode zero length string
+ * perf: use saved reference to `http.STATUS_CODES`
+
+4.12.4 / 2015-05-17
+===================
+
+ * deps: accepts@~1.2.7
+ - deps: mime-types@~2.0.11
+ - deps: negotiator@0.5.3
+ * deps: debug@~2.2.0
+ - deps: ms@0.7.1
+ * deps: depd@~1.0.1
+ * deps: etag@~1.6.0
+ - Improve support for JXcore
+ - Support "fake" stats objects in environments without `fs`
+ * deps: finalhandler@0.3.6
+ - deps: debug@~2.2.0
+ - deps: on-finished@~2.2.1
+ * deps: on-finished@~2.2.1
+ - Fix `isFinished(req)` when data buffered
+ * deps: proxy-addr@~1.0.8
+ - deps: ipaddr.js@1.0.1
+ * deps: qs@2.4.2
+ - Fix allowing parameters like `constructor`
+ * deps: send@0.12.3
+ - deps: debug@~2.2.0
+ - deps: depd@~1.0.1
+ - deps: etag@~1.6.0
+ - deps: ms@0.7.1
+ - deps: on-finished@~2.2.1
+ * deps: serve-static@~1.9.3
+ - deps: send@0.12.3
+ * deps: type-is@~1.6.2
+ - deps: mime-types@~2.0.11
+
+4.12.3 / 2015-03-17
+===================
+
+ * deps: accepts@~1.2.5
+ - deps: mime-types@~2.0.10
+ * deps: debug@~2.1.3
+ - Fix high intensity foreground color for bold
+ - deps: ms@0.7.0
+ * deps: finalhandler@0.3.4
+ - deps: debug@~2.1.3
+ * deps: proxy-addr@~1.0.7
+ - deps: ipaddr.js@0.1.9
+ * deps: qs@2.4.1
+ - Fix error when parameter `hasOwnProperty` is present
+ * deps: send@0.12.2
+ - Throw errors early for invalid `extensions` or `index` options
+ - deps: debug@~2.1.3
+ * deps: serve-static@~1.9.2
+ - deps: send@0.12.2
+ * deps: type-is@~1.6.1
+ - deps: mime-types@~2.0.10
+
+4.12.2 / 2015-03-02
+===================
+
+ * Fix regression where `"Request aborted"` is logged using `res.sendFile`
+
+4.12.1 / 2015-03-01
+===================
+
+ * Fix constructing application with non-configurable prototype properties
+ * Fix `ECONNRESET` errors from `res.sendFile` usage
+ * Fix `req.host` when using "trust proxy" hops count
+ * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+ * Fix wrong `code` on aborted connections from `res.sendFile`
+ * deps: merge-descriptors@1.0.0
+
+4.12.0 / 2015-02-23
+===================
+
+ * Fix `"trust proxy"` setting to inherit when app is mounted
+ * Generate `ETag`s for all request responses
+ - No longer restricted to only responses for `GET` and `HEAD` requests
+ * Use `content-type` to parse `Content-Type` headers
+ * deps: accepts@~1.2.4
+ - Fix preference sorting to be stable for long acceptable lists
+ - deps: mime-types@~2.0.9
+ - deps: negotiator@0.5.1
+ * deps: cookie-signature@1.0.6
+ * deps: send@0.12.1
+ - Always read the stat size from the file
+ - Fix mutating passed-in `options`
+ - deps: mime@1.3.4
+ * deps: serve-static@~1.9.1
+ - deps: send@0.12.1
+ * deps: type-is@~1.6.0
+ - fix argument reassignment
+ - fix false-positives in `hasBody` `Transfer-Encoding` check
+ - support wildcard for both type and subtype (`*/*`)
+ - deps: mime-types@~2.0.9
+
+4.11.2 / 2015-02-01
+===================
+
+ * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
+ * deps: accepts@~1.2.3
+ - deps: mime-types@~2.0.8
+ * deps: proxy-addr@~1.0.6
+ - deps: ipaddr.js@0.1.8
+ * deps: type-is@~1.5.6
+ - deps: mime-types@~2.0.8
+
+4.11.1 / 2015-01-20
+===================
+
+ * deps: send@0.11.1
+ - Fix root path disclosure
+ * deps: serve-static@~1.8.1
+ - Fix redirect loop in Node.js 0.11.14
+ - Fix root path disclosure
+ - deps: send@0.11.1
+
+4.11.0 / 2015-01-13
+===================
+
+ * Add `res.append(field, val)` to append headers
+ * Deprecate leading `:` in `name` for `app.param(name, fn)`
+ * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
+ * Deprecate `app.param(fn)`
+ * Fix `OPTIONS` responses to include the `HEAD` method properly
+ * Fix `res.sendFile` not always detecting aborted connection
+ * Match routes iteratively to prevent stack overflows
+ * deps: accepts@~1.2.2
+ - deps: mime-types@~2.0.7
+ - deps: negotiator@0.5.0
+ * deps: send@0.11.0
+ - deps: debug@~2.1.1
+ - deps: etag@~1.5.1
+ - deps: ms@0.7.0
+ - deps: on-finished@~2.2.0
+ * deps: serve-static@~1.8.0
+ - deps: send@0.11.0
+
+4.10.8 / 2015-01-13
+===================
+
+ * Fix crash from error within `OPTIONS` response handler
+ * deps: proxy-addr@~1.0.5
+ - deps: ipaddr.js@0.1.6
+
+4.10.7 / 2015-01-04
+===================
+
+ * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
+ * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
+ * deps: debug@~2.1.1
+ * deps: finalhandler@0.3.3
+ - deps: debug@~2.1.1
+ - deps: on-finished@~2.2.0
+ * deps: methods@~1.1.1
+ * deps: on-finished@~2.2.0
+ * deps: serve-static@~1.7.2
+ - Fix potential open redirect when mounted at root
+ * deps: type-is@~1.5.5
+ - deps: mime-types@~2.0.7
+
+4.10.6 / 2014-12-12
+===================
+
+ * Fix exception in `req.fresh`/`req.stale` without response headers
+
+4.10.5 / 2014-12-10
+===================
+
+ * Fix `res.send` double-calling `res.end` for `HEAD` requests
+ * deps: accepts@~1.1.4
+ - deps: mime-types@~2.0.4
+ * deps: type-is@~1.5.4
+ - deps: mime-types@~2.0.4
+
+4.10.4 / 2014-11-24
+===================
+
+ * Fix `res.sendfile` logging standard write errors
+
+4.10.3 / 2014-11-23
+===================
+
+ * Fix `res.sendFile` logging standard write errors
+ * deps: etag@~1.5.1
+ * deps: proxy-addr@~1.0.4
+ - deps: ipaddr.js@0.1.5
+ * deps: qs@2.3.3
+ - Fix `arrayLimit` behavior
+
+4.10.2 / 2014-11-09
+===================
+
+ * Correctly invoke async router callback asynchronously
+ * deps: accepts@~1.1.3
+ - deps: mime-types@~2.0.3
+ * deps: type-is@~1.5.3
+ - deps: mime-types@~2.0.3
+
+4.10.1 / 2014-10-28
+===================
+
+ * Fix handling of URLs containing `://` in the path
+ * deps: qs@2.3.2
+ - Fix parsing of mixed objects and values
+
+4.10.0 / 2014-10-23
+===================
+
+ * Add support for `app.set('views', array)`
+ - Views are looked up in sequence in array of directories
+ * Fix `res.send(status)` to mention `res.sendStatus(status)`
+ * Fix handling of invalid empty URLs
+ * Use `content-disposition` module for `res.attachment`/`res.download`
+ - Sends standards-compliant `Content-Disposition` header
+ - Full Unicode support
+ * Use `path.resolve` in view lookup
+ * deps: debug@~2.1.0
+ - Implement `DEBUG_FD` env variable support
+ * deps: depd@~1.0.0
+ * deps: etag@~1.5.0
+ - Improve string performance
+ - Slightly improve speed for weak ETags over 1KB
+ * deps: finalhandler@0.3.2
+ - Terminate in progress response only on error
+ - Use `on-finished` to determine request status
+ - deps: debug@~2.1.0
+ - deps: on-finished@~2.1.1
+ * deps: on-finished@~2.1.1
+ - Fix handling of pipelined requests
+ * deps: qs@2.3.0
+ - Fix parsing of mixed implicit and explicit arrays
+ * deps: send@0.10.1
+ - deps: debug@~2.1.0
+ - deps: depd@~1.0.0
+ - deps: etag@~1.5.0
+ - deps: on-finished@~2.1.1
+ * deps: serve-static@~1.7.1
+ - deps: send@0.10.1
+
+4.9.8 / 2014-10-17
+==================
+
+ * Fix `res.redirect` body when redirect status specified
+ * deps: accepts@~1.1.2
+ - Fix error when media type has invalid parameter
+ - deps: negotiator@0.4.9
+
+4.9.7 / 2014-10-10
+==================
+
+ * Fix using same param name in array of paths
+
+4.9.6 / 2014-10-08
+==================
+
+ * deps: accepts@~1.1.1
+ - deps: mime-types@~2.0.2
+ - deps: negotiator@0.4.8
+ * deps: serve-static@~1.6.4
+ - Fix redirect loop when index file serving disabled
+ * deps: type-is@~1.5.2
+ - deps: mime-types@~2.0.2
+
+4.9.5 / 2014-09-24
+==================
+
+ * deps: etag@~1.4.0
+ * deps: proxy-addr@~1.0.3
+ - Use `forwarded` npm module
+ * deps: send@0.9.3
+ - deps: etag@~1.4.0
+ * deps: serve-static@~1.6.3
+ - deps: send@0.9.3
+
+4.9.4 / 2014-09-19
+==================
+
+ * deps: qs@2.2.4
+ - Fix issue with object keys starting with numbers truncated
+
+4.9.3 / 2014-09-18
+==================
+
+ * deps: proxy-addr@~1.0.2
+ - Fix a global leak when multiple subnets are trusted
+ - deps: ipaddr.js@0.1.3
+
+4.9.2 / 2014-09-17
+==================
+
+ * Fix regression for empty string `path` in `app.use`
+ * Fix `router.use` to accept array of middleware without path
+ * Improve error message for bad `app.use` arguments
+
+4.9.1 / 2014-09-16
+==================
+
+ * Fix `app.use` to accept array of middleware without path
+ * deps: depd@0.4.5
+ * deps: etag@~1.3.1
+ * deps: send@0.9.2
+ - deps: depd@0.4.5
+ - deps: etag@~1.3.1
+ - deps: range-parser@~1.0.2
+ * deps: serve-static@~1.6.2
+ - deps: send@0.9.2
+
+4.9.0 / 2014-09-08
+==================
+
+ * Add `res.sendStatus`
+ * Invoke callback for sendfile when client aborts
+ - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
+ - `err` will be populated with request aborted error
+ * Support IP address host in `req.subdomains`
+ * Use `etag` to generate `ETag` headers
+ * deps: accepts@~1.1.0
+ - update `mime-types`
+ * deps: cookie-signature@1.0.5
+ * deps: debug@~2.0.0
+ * deps: finalhandler@0.2.0
+ - Set `X-Content-Type-Options: nosniff` header
+ - deps: debug@~2.0.0
+ * deps: fresh@0.2.4
+ * deps: media-typer@0.3.0
+ - Throw error when parameter format invalid on parse
+ * deps: qs@2.2.3
+ - Fix issue where first empty value in array is discarded
+ * deps: range-parser@~1.0.2
+ * deps: send@0.9.1
+ - Add `lastModified` option
+ - Use `etag` to generate `ETag` header
+ - deps: debug@~2.0.0
+ - deps: fresh@0.2.4
+ * deps: serve-static@~1.6.1
+ - Add `lastModified` option
+ - deps: send@0.9.1
+ * deps: type-is@~1.5.1
+ - fix `hasbody` to be true for `content-length: 0`
+ - deps: media-typer@0.3.0
+ - deps: mime-types@~2.0.1
+ * deps: vary@~1.0.0
+ - Accept valid `Vary` header string as `field`
+
+4.8.8 / 2014-09-04
+==================
+
+ * deps: send@0.8.5
+ - Fix a path traversal issue when using `root`
+ - Fix malicious path detection for empty string path
+ * deps: serve-static@~1.5.4
+ - deps: send@0.8.5
+
+4.8.7 / 2014-08-29
+==================
+
+ * deps: qs@2.2.2
+ - Remove unnecessary cloning
+
+4.8.6 / 2014-08-27
+==================
+
+ * deps: qs@2.2.0
+ - Array parsing fix
+ - Performance improvements
+
+4.8.5 / 2014-08-18
+==================
+
+ * deps: send@0.8.3
+ - deps: destroy@1.0.3
+ - deps: on-finished@2.1.0
+ * deps: serve-static@~1.5.3
+ - deps: send@0.8.3
+
+4.8.4 / 2014-08-14
+==================
+
+ * deps: qs@1.2.2
+ * deps: send@0.8.2
+ - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+ * deps: serve-static@~1.5.2
+ - deps: send@0.8.2
+
+4.8.3 / 2014-08-10
+==================
+
+ * deps: parseurl@~1.3.0
+ * deps: qs@1.2.1
+ * deps: serve-static@~1.5.1
+ - Fix parsing of weird `req.originalUrl` values
+ - deps: parseurl@~1.3.0
+ - deps: utils-merge@1.0.0
+
+4.8.2 / 2014-08-07
+==================
+
+ * deps: qs@1.2.0
+ - Fix parsing array of objects
+
+4.8.1 / 2014-08-06
+==================
+
+ * fix incorrect deprecation warnings on `res.download`
+ * deps: qs@1.1.0
+ - Accept urlencoded square brackets
+ - Accept empty values in implicit array notation
+
+4.8.0 / 2014-08-05
+==================
+
+ * add `res.sendFile`
+ - accepts a file system path instead of a URL
+ - requires an absolute path or `root` option specified
+ * deprecate `res.sendfile` -- use `res.sendFile` instead
+ * support mounted app as any argument to `app.use()`
+ * deps: qs@1.0.2
+ - Complete rewrite
+ - Limits array length to 20
+ - Limits object depth to 5
+ - Limits parameters to 1,000
+ * deps: send@0.8.1
+ - Add `extensions` option
+ * deps: serve-static@~1.5.0
+ - Add `extensions` option
+ - deps: send@0.8.1
+
+4.7.4 / 2014-08-04
+==================
+
+ * fix `res.sendfile` regression for serving directory index files
+ * deps: send@0.7.4
+ - Fix incorrect 403 on Windows and Node.js 0.11
+ - Fix serving index files without root dir
+ * deps: serve-static@~1.4.4
+ - deps: send@0.7.4
+
+4.7.3 / 2014-08-04
+==================
+
+ * deps: send@0.7.3
+ - Fix incorrect 403 on Windows and Node.js 0.11
+ * deps: serve-static@~1.4.3
+ - Fix incorrect 403 on Windows and Node.js 0.11
+ - deps: send@0.7.3
+
+4.7.2 / 2014-07-27
+==================
+
+ * deps: depd@0.4.4
+ - Work-around v8 generating empty stack traces
+ * deps: send@0.7.2
+ - deps: depd@0.4.4
+ * deps: serve-static@~1.4.2
+
+4.7.1 / 2014-07-26
+==================
+
+ * deps: depd@0.4.3
+ - Fix exception when global `Error.stackTraceLimit` is too low
+ * deps: send@0.7.1
+ - deps: depd@0.4.3
+ * deps: serve-static@~1.4.1
+
+4.7.0 / 2014-07-25
+==================
+
+ * fix `req.protocol` for proxy-direct connections
+ * configurable query parser with `app.set('query parser', parser)`
+ - `app.set('query parser', 'extended')` parse with "qs" module
+ - `app.set('query parser', 'simple')` parse with "querystring" core module
+ - `app.set('query parser', false)` disable query string parsing
+ - `app.set('query parser', true)` enable simple parsing
+ * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
+ * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
+ * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
+ * deps: debug@1.0.4
+ * deps: depd@0.4.2
+ - Add `TRACE_DEPRECATION` environment variable
+ - Remove non-standard grey color from color output
+ - Support `--no-deprecation` argument
+ - Support `--trace-deprecation` argument
+ * deps: finalhandler@0.1.0
+ - Respond after request fully read
+ - deps: debug@1.0.4
+ * deps: parseurl@~1.2.0
+ - Cache URLs based on original value
+ - Remove no-longer-needed URL mis-parse work-around
+ - Simplify the "fast-path" `RegExp`
+ * deps: send@0.7.0
+ - Add `dotfiles` option
+ - Cap `maxAge` value to 1 year
+ - deps: debug@1.0.4
+ - deps: depd@0.4.2
+ * deps: serve-static@~1.4.0
+ - deps: parseurl@~1.2.0
+ - deps: send@0.7.0
+ * perf: prevent multiple `Buffer` creation in `res.send`
+
+4.6.1 / 2014-07-12
+==================
+
+ * fix `subapp.mountpath` regression for `app.use(subapp)`
+
+4.6.0 / 2014-07-11
+==================
+
+ * accept multiple callbacks to `app.use()`
+ * add explicit "Rosetta Flash JSONP abuse" protection
+ - previous versions are not vulnerable; this is just explicit protection
+ * catch errors in multiple `req.param(name, fn)` handlers
+ * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
+ * fix `res.send(status, num)` to send `num` as json (not error)
+ * remove unnecessary escaping when `res.jsonp` returns JSON response
+ * support non-string `path` in `app.use(path, fn)`
+ - supports array of paths
+ - supports `RegExp`
+ * router: fix optimization on router exit
+ * router: refactor location of `try` blocks
+ * router: speed up standard `app.use(fn)`
+ * deps: debug@1.0.3
+ - Add support for multiple wildcards in namespaces
+ * deps: finalhandler@0.0.3
+ - deps: debug@1.0.3
+ * deps: methods@1.1.0
+ - add `CONNECT`
+ * deps: parseurl@~1.1.3
+ - faster parsing of href-only URLs
+ * deps: path-to-regexp@0.1.3
+ * deps: send@0.6.0
+ - deps: debug@1.0.3
+ * deps: serve-static@~1.3.2
+ - deps: parseurl@~1.1.3
+ - deps: send@0.6.0
+ * perf: fix arguments reassign deopt in some `res` methods
+
+4.5.1 / 2014-07-06
+==================
+
+ * fix routing regression when altering `req.method`
+
+4.5.0 / 2014-07-04
+==================
+
+ * add deprecation message to non-plural `req.accepts*`
+ * add deprecation message to `res.send(body, status)`
+ * add deprecation message to `res.vary()`
+ * add `headers` option to `res.sendfile`
+ - use to set headers on successful file transfer
+ * add `mergeParams` option to `Router`
+ - merges `req.params` from parent routes
+ * add `req.hostname` -- correct name for what `req.host` returns
+ * deprecate things with `depd` module
+ * deprecate `req.host` -- use `req.hostname` instead
+ * fix behavior when handling request without routes
+ * fix handling when `route.all` is only route
+ * invoke `router.param()` only when route matches
+ * restore `req.params` after invoking router
+ * use `finalhandler` for final response handling
+ * use `media-typer` to alter content-type charset
+ * deps: accepts@~1.0.7
+ * deps: send@0.5.0
+ - Accept string for `maxage` (converted by `ms`)
+ - Include link in default redirect response
+ * deps: serve-static@~1.3.0
+ - Accept string for `maxAge` (converted by `ms`)
+ - Add `setHeaders` option
+ - Include HTML link in redirect response
+ - deps: send@0.5.0
+ * deps: type-is@~1.3.2
+
+4.4.5 / 2014-06-26
+==================
+
+ * deps: cookie-signature@1.0.4
+ - fix for timing attacks
+
+4.4.4 / 2014-06-20
+==================
+
+ * fix `res.attachment` Unicode filenames in Safari
+ * fix "trim prefix" debug message in `express:router`
+ * deps: accepts@~1.0.5
+ * deps: buffer-crc32@0.2.3
+
+4.4.3 / 2014-06-11
+==================
+
+ * fix persistence of modified `req.params[name]` from `app.param()`
+ * deps: accepts@1.0.3
+ - deps: negotiator@0.4.6
+ * deps: debug@1.0.2
+ * deps: send@0.4.3
+ - Do not throw uncatchable error on file open race condition
+ - Use `escape-html` for HTML escaping
+ - deps: debug@1.0.2
+ - deps: finished@1.2.2
+ - deps: fresh@0.2.2
+ * deps: serve-static@1.2.3
+ - Do not throw uncatchable error on file open race condition
+ - deps: send@0.4.3
+
+4.4.2 / 2014-06-09
+==================
+
+ * fix catching errors from top-level handlers
+ * use `vary` module for `res.vary`
+ * deps: debug@1.0.1
+ * deps: proxy-addr@1.0.1
+ * deps: send@0.4.2
+ - fix "event emitter leak" warnings
+ - deps: debug@1.0.1
+ - deps: finished@1.2.1
+ * deps: serve-static@1.2.2
+ - fix "event emitter leak" warnings
+ - deps: send@0.4.2
+ * deps: type-is@1.2.1
+
+4.4.1 / 2014-06-02
+==================
+
+ * deps: methods@1.0.1
+ * deps: send@0.4.1
+ - Send `max-age` in `Cache-Control` in correct format
+ * deps: serve-static@1.2.1
+ - use `escape-html` for escaping
+ - deps: send@0.4.1
+
+4.4.0 / 2014-05-30
+==================
+
+ * custom etag control with `app.set('etag', val)`
+ - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
+ - `app.set('etag', 'weak')` weak tag
+ - `app.set('etag', 'strong')` strong etag
+ - `app.set('etag', false)` turn off
+ - `app.set('etag', true)` standard etag
+ * mark `res.send` ETag as weak and reduce collisions
+ * update accepts to 1.0.2
+ - Fix interpretation when header not in request
+ * update send to 0.4.0
+ - Calculate ETag with md5 for reduced collisions
+ - Ignore stream errors after request ends
+ - deps: debug@0.8.1
+ * update serve-static to 1.2.0
+ - Calculate ETag with md5 for reduced collisions
+ - Ignore stream errors after request ends
+ - deps: send@0.4.0
+
+4.3.2 / 2014-05-28
+==================
+
+ * fix handling of errors from `router.param()` callbacks
+
+4.3.1 / 2014-05-23
+==================
+
+ * revert "fix behavior of multiple `app.VERB` for the same path"
+ - this caused a regression in the order of route execution
+
+4.3.0 / 2014-05-21
+==================
+
+ * add `req.baseUrl` to access the path stripped from `req.url` in routes
+ * fix behavior of multiple `app.VERB` for the same path
+ * fix issue routing requests among sub routers
+ * invoke `router.param()` only when necessary instead of every match
+ * proper proxy trust with `app.set('trust proxy', trust)`
+ - `app.set('trust proxy', 1)` trust first hop
+ - `app.set('trust proxy', 'loopback')` trust loopback addresses
+ - `app.set('trust proxy', '10.0.0.1')` trust single IP
+ - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
+ - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
+ - `app.set('trust proxy', false)` turn off
+ - `app.set('trust proxy', true)` trust everything
+ * set proper `charset` in `Content-Type` for `res.send`
+ * update type-is to 1.2.0
+ - support suffix matching
+
+4.2.0 / 2014-05-11
+==================
+
+ * deprecate `app.del()` -- use `app.delete()` instead
+ * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
+ - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
+ * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
+ - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
+ * fix `req.next` when inside router instance
+ * include `ETag` header in `HEAD` requests
+ * keep previous `Content-Type` for `res.jsonp`
+ * support PURGE method
+ - add `app.purge`
+ - add `router.purge`
+ - include PURGE in `app.all`
+ * update debug to 0.8.0
+ - add `enable()` method
+ - change from stderr to stdout
+ * update methods to 1.0.0
+ - add PURGE
+
+4.1.2 / 2014-05-08
+==================
+
+ * fix `req.host` for IPv6 literals
+ * fix `res.jsonp` error if callback param is object
+
+4.1.1 / 2014-04-27
+==================
+
+ * fix package.json to reflect supported node version
+
+4.1.0 / 2014-04-24
+==================
+
+ * pass options from `res.sendfile` to `send`
+ * preserve casing of headers in `res.header` and `res.set`
+ * support unicode file names in `res.attachment` and `res.download`
+ * update accepts to 1.0.1
+ - deps: negotiator@0.4.0
+ * update cookie to 0.1.2
+ - Fix for maxAge == 0
+ - made compat with expires field
+ * update send to 0.3.0
+ - Accept API options in options object
+ - Coerce option types
+ - Control whether to generate etags
+ - Default directory access to 403 when index disabled
+ - Fix sending files with dots without root set
+ - Include file path in etag
+ - Make "Can't set headers after they are sent." catchable
+ - Send full entity-body for multi range requests
+ - Set etags to "weak"
+ - Support "If-Range" header
+ - Support multiple index paths
+ - deps: mime@1.2.11
+ * update serve-static to 1.1.0
+ - Accept options directly to `send` module
+ - Resolve relative paths at middleware setup
+ - Use parseurl to parse the URL from request
+ - deps: send@0.3.0
+ * update type-is to 1.1.0
+ - add non-array values support
+ - add `multipart` as a shorthand
+
+4.0.0 / 2014-04-09
+==================
+
+ * remove:
+ - node 0.8 support
+ - connect and connect's patches except for charset handling
+ - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
+ - `express.createServer()` - it has been deprecated for a long time. Use `express()`
+ - `app.configure` - use logic in your own app code
+ - `app.router` - is removed
+ - `req.auth` - use `basic-auth` instead
+ - `req.accepted*` - use `req.accepts*()` instead
+ - `res.location` - relative URL resolution is removed
+ - `res.charset` - include the charset in the content type when using `res.set()`
+ - all bundled middleware except `static`
+ * change:
+ - `app.route` -> `app.mountpath` when mounting an express app in another express app
+ - `json spaces` no longer enabled by default in development
+ - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
+ - `req.params` is now an object instead of an array
+ - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
+ - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
+ * refactor:
+ - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
+ - `req.is` with [type-is](https://github.com/expressjs/type-is)
+ - [path-to-regexp](https://github.com/component/path-to-regexp)
+ * add:
+ - `app.router()` - returns the app Router instance
+ - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
+ - Router & Route - public API
+
+3.21.2 / 2015-07-31
+===================
+
+ * deps: connect@2.30.2
+ - deps: body-parser@~1.13.3
+ - deps: compression@~1.5.2
+ - deps: errorhandler@~1.4.2
+ - deps: method-override@~2.3.5
+ - deps: serve-index@~1.7.2
+ - deps: type-is@~1.6.6
+ - deps: vhost@~3.0.1
+ * deps: vary@~1.0.1
+ - Fix setting empty header from empty `field`
+ - perf: enable strict mode
+ - perf: remove argument reassignments
+
+3.21.1 / 2015-07-05
+===================
+
+ * deps: basic-auth@~1.0.3
+ * deps: connect@2.30.1
+ - deps: body-parser@~1.13.2
+ - deps: compression@~1.5.1
+ - deps: errorhandler@~1.4.1
+ - deps: morgan@~1.6.1
+ - deps: pause@0.1.0
+ - deps: qs@4.0.0
+ - deps: serve-index@~1.7.1
+ - deps: type-is@~1.6.4
+
+3.21.0 / 2015-06-18
+===================
+
+ * deps: basic-auth@1.0.2
+ - perf: enable strict mode
+ - perf: hoist regular expression
+ - perf: parse with regular expressions
+ - perf: remove argument reassignment
+ * deps: connect@2.30.0
+ - deps: body-parser@~1.13.1
+ - deps: bytes@2.1.0
+ - deps: compression@~1.5.0
+ - deps: cookie@0.1.3
+ - deps: cookie-parser@~1.3.5
+ - deps: csurf@~1.8.3
+ - deps: errorhandler@~1.4.0
+ - deps: express-session@~1.11.3
+ - deps: finalhandler@0.4.0
+ - deps: fresh@0.3.0
+ - deps: morgan@~1.6.0
+ - deps: serve-favicon@~2.3.0
+ - deps: serve-index@~1.7.0
+ - deps: serve-static@~1.10.0
+ - deps: type-is@~1.6.3
+ * deps: cookie@0.1.3
+ - perf: deduce the scope of try-catch deopt
+ - perf: remove argument reassignments
+ * deps: escape-html@1.0.2
+ * deps: etag@~1.7.0
+ - Always include entity length in ETags for hash length extensions
+ - Generate non-Stats ETags using MD5 only (no longer CRC32)
+ - Improve stat performance by removing hashing
+ - Improve support for JXcore
+ - Remove base64 padding in ETags to shorten
+ - Support "fake" stats objects in environments without fs
+ - Use MD5 instead of MD4 in weak ETags over 1KB
+ * deps: fresh@0.3.0
+ - Add weak `ETag` matching support
+ * deps: mkdirp@0.5.1
+ - Work in global strict mode
+ * deps: send@0.13.0
+ - Allow Node.js HTTP server to set `Date` response header
+ - Fix incorrectly removing `Content-Location` on 304 response
+ - Improve the default redirect response headers
+ - Send appropriate headers on default error response
+ - Use `http-errors` for standard emitted errors
+ - Use `statuses` instead of `http` module for status messages
+ - deps: escape-html@1.0.2
+ - deps: etag@~1.7.0
+ - deps: fresh@0.3.0
+ - deps: on-finished@~2.3.0
+ - perf: enable strict mode
+ - perf: remove unnecessary array allocations
+
+3.20.3 / 2015-05-17
+===================
+
+ * deps: connect@2.29.2
+ - deps: body-parser@~1.12.4
+ - deps: compression@~1.4.4
+ - deps: connect-timeout@~1.6.2
+ - deps: debug@~2.2.0
+ - deps: depd@~1.0.1
+ - deps: errorhandler@~1.3.6
+ - deps: finalhandler@0.3.6
+ - deps: method-override@~2.3.3
+ - deps: morgan@~1.5.3
+ - deps: qs@2.4.2
+ - deps: response-time@~2.3.1
+ - deps: serve-favicon@~2.2.1
+ - deps: serve-index@~1.6.4
+ - deps: serve-static@~1.9.3
+ - deps: type-is@~1.6.2
+ * deps: debug@~2.2.0
+ - deps: ms@0.7.1
+ * deps: depd@~1.0.1
+ * deps: proxy-addr@~1.0.8
+ - deps: ipaddr.js@1.0.1
+ * deps: send@0.12.3
+ - deps: debug@~2.2.0
+ - deps: depd@~1.0.1
+ - deps: etag@~1.6.0
+ - deps: ms@0.7.1
+ - deps: on-finished@~2.2.1
+
+3.20.2 / 2015-03-16
+===================
+
+ * deps: connect@2.29.1
+ - deps: body-parser@~1.12.2
+ - deps: compression@~1.4.3
+ - deps: connect-timeout@~1.6.1
+ - deps: debug@~2.1.3
+ - deps: errorhandler@~1.3.5
+ - deps: express-session@~1.10.4
+ - deps: finalhandler@0.3.4
+ - deps: method-override@~2.3.2
+ - deps: morgan@~1.5.2
+ - deps: qs@2.4.1
+ - deps: serve-index@~1.6.3
+ - deps: serve-static@~1.9.2
+ - deps: type-is@~1.6.1
+ * deps: debug@~2.1.3
+ - Fix high intensity foreground color for bold
+ - deps: ms@0.7.0
+ * deps: merge-descriptors@1.0.0
+ * deps: proxy-addr@~1.0.7
+ - deps: ipaddr.js@0.1.9
+ * deps: send@0.12.2
+ - Throw errors early for invalid `extensions` or `index` options
+ - deps: debug@~2.1.3
+
+3.20.1 / 2015-02-28
+===================
+
+ * Fix `req.host` when using "trust proxy" hops count
+ * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
+3.20.0 / 2015-02-18
+===================
+
+ * Fix `"trust proxy"` setting to inherit when app is mounted
+ * Generate `ETag`s for all request responses
+ - No longer restricted to only responses for `GET` and `HEAD` requests
+ * Use `content-type` to parse `Content-Type` headers
+ * deps: connect@2.29.0
+ - Use `content-type` to parse `Content-Type` headers
+ - deps: body-parser@~1.12.0
+ - deps: compression@~1.4.1
+ - deps: connect-timeout@~1.6.0
+ - deps: cookie-parser@~1.3.4
+ - deps: cookie-signature@1.0.6
+ - deps: csurf@~1.7.0
+ - deps: errorhandler@~1.3.4
+ - deps: express-session@~1.10.3
+ - deps: http-errors@~1.3.1
+ - deps: response-time@~2.3.0
+ - deps: serve-index@~1.6.2
+ - deps: serve-static@~1.9.1
+ - deps: type-is@~1.6.0
+ * deps: cookie-signature@1.0.6
+ * deps: send@0.12.1
+ - Always read the stat size from the file
+ - Fix mutating passed-in `options`
+ - deps: mime@1.3.4
+
+3.19.2 / 2015-02-01
+===================
+
+ * deps: connect@2.28.3
+ - deps: compression@~1.3.1
+ - deps: csurf@~1.6.6
+ - deps: errorhandler@~1.3.3
+ - deps: express-session@~1.10.2
+ - deps: serve-index@~1.6.1
+ - deps: type-is@~1.5.6
+ * deps: proxy-addr@~1.0.6
+ - deps: ipaddr.js@0.1.8
+
+3.19.1 / 2015-01-20
+===================
+
+ * deps: connect@2.28.2
+ - deps: body-parser@~1.10.2
+ - deps: serve-static@~1.8.1
+ * deps: send@0.11.1
+ - Fix root path disclosure
+
+3.19.0 / 2015-01-09
+===================
+
+ * Fix `OPTIONS` responses to include the `HEAD` method property
+ * Use `readline` for prompt in `express(1)`
+ * deps: commander@2.6.0
+ * deps: connect@2.28.1
+ - deps: body-parser@~1.10.1
+ - deps: compression@~1.3.0
+ - deps: connect-timeout@~1.5.0
+ - deps: csurf@~1.6.4
+ - deps: debug@~2.1.1
+ - deps: errorhandler@~1.3.2
+ - deps: express-session@~1.10.1
+ - deps: finalhandler@0.3.3
+ - deps: method-override@~2.3.1
+ - deps: morgan@~1.5.1
+ - deps: serve-favicon@~2.2.0
+ - deps: serve-index@~1.6.0
+ - deps: serve-static@~1.8.0
+ - deps: type-is@~1.5.5
+ * deps: debug@~2.1.1
+ * deps: methods@~1.1.1
+ * deps: proxy-addr@~1.0.5
+ - deps: ipaddr.js@0.1.6
+ * deps: send@0.11.0
+ - deps: debug@~2.1.1
+ - deps: etag@~1.5.1
+ - deps: ms@0.7.0
+ - deps: on-finished@~2.2.0
+
+3.18.6 / 2014-12-12
+===================
+
+ * Fix exception in `req.fresh`/`req.stale` without response headers
+
+3.18.5 / 2014-12-11
+===================
+
+ * deps: connect@2.27.6
+ - deps: compression@~1.2.2
+ - deps: express-session@~1.9.3
+ - deps: http-errors@~1.2.8
+ - deps: serve-index@~1.5.3
+ - deps: type-is@~1.5.4
+
+3.18.4 / 2014-11-23
+===================
+
+ * deps: connect@2.27.4
+ - deps: body-parser@~1.9.3
+ - deps: compression@~1.2.1
+ - deps: errorhandler@~1.2.3
+ - deps: express-session@~1.9.2
+ - deps: qs@2.3.3
+ - deps: serve-favicon@~2.1.7
+ - deps: serve-static@~1.5.1
+ - deps: type-is@~1.5.3
+ * deps: etag@~1.5.1
+ * deps: proxy-addr@~1.0.4
+ - deps: ipaddr.js@0.1.5
+
+3.18.3 / 2014-11-09
+===================
+
+ * deps: connect@2.27.3
+ - Correctly invoke async callback asynchronously
+ - deps: csurf@~1.6.3
+
+3.18.2 / 2014-10-28
+===================
+
+ * deps: connect@2.27.2
+ - Fix handling of URLs containing `://` in the path
+ - deps: body-parser@~1.9.2
+ - deps: qs@2.3.2
+
+3.18.1 / 2014-10-22
+===================
+
+ * Fix internal `utils.merge` deprecation warnings
+ * deps: connect@2.27.1
+ - deps: body-parser@~1.9.1
+ - deps: express-session@~1.9.1
+ - deps: finalhandler@0.3.2
+ - deps: morgan@~1.4.1
+ - deps: qs@2.3.0
+ - deps: serve-static@~1.7.1
+ * deps: send@0.10.1
+ - deps: on-finished@~2.1.1
+
+3.18.0 / 2014-10-17
+===================
+
+ * Use `content-disposition` module for `res.attachment`/`res.download`
+ - Sends standards-compliant `Content-Disposition` header
+ - Full Unicode support
+ * Use `etag` module to generate `ETag` headers
+ * deps: connect@2.27.0
+ - Use `http-errors` module for creating errors
+ - Use `utils-merge` module for merging objects
+ - deps: body-parser@~1.9.0
+ - deps: compression@~1.2.0
+ - deps: connect-timeout@~1.4.0
+ - deps: debug@~2.1.0
+ - deps: depd@~1.0.0
+ - deps: express-session@~1.9.0
+ - deps: finalhandler@0.3.1
+ - deps: method-override@~2.3.0
+ - deps: morgan@~1.4.0
+ - deps: response-time@~2.2.0
+ - deps: serve-favicon@~2.1.6
+ - deps: serve-index@~1.5.0
+ - deps: serve-static@~1.7.0
+ * deps: debug@~2.1.0
+ - Implement `DEBUG_FD` env variable support
+ * deps: depd@~1.0.0
+ * deps: send@0.10.0
+ - deps: debug@~2.1.0
+ - deps: depd@~1.0.0
+ - deps: etag@~1.5.0
+
+3.17.8 / 2014-10-15
+===================
+
+ * deps: connect@2.26.6
+ - deps: compression@~1.1.2
+ - deps: csurf@~1.6.2
+ - deps: errorhandler@~1.2.2
+
+3.17.7 / 2014-10-08
+===================
+
+ * deps: connect@2.26.5
+ - Fix accepting non-object arguments to `logger`
+ - deps: serve-static@~1.6.4
+
+3.17.6 / 2014-10-02
+===================
+
+ * deps: connect@2.26.4
+ - deps: morgan@~1.3.2
+ - deps: type-is@~1.5.2
+
+3.17.5 / 2014-09-24
+===================
+
+ * deps: connect@2.26.3
+ - deps: body-parser@~1.8.4
+ - deps: serve-favicon@~2.1.5
+ - deps: serve-static@~1.6.3
+ * deps: proxy-addr@~1.0.3
+ - Use `forwarded` npm module
+ * deps: send@0.9.3
+ - deps: etag@~1.4.0
+
+3.17.4 / 2014-09-19
+===================
+
+ * deps: connect@2.26.2
+ - deps: body-parser@~1.8.3
+ - deps: qs@2.2.4
+
+3.17.3 / 2014-09-18
+===================
+
+ * deps: proxy-addr@~1.0.2
+ - Fix a global leak when multiple subnets are trusted
+ - deps: ipaddr.js@0.1.3
+
+3.17.2 / 2014-09-15
+===================
+
+ * Use `crc` instead of `buffer-crc32` for speed
+ * deps: connect@2.26.1
+ - deps: body-parser@~1.8.2
+ - deps: depd@0.4.5
+ - deps: express-session@~1.8.2
+ - deps: morgan@~1.3.1
+ - deps: serve-favicon@~2.1.3
+ - deps: serve-static@~1.6.2
+ * deps: depd@0.4.5
+ * deps: send@0.9.2
+ - deps: depd@0.4.5
+ - deps: etag@~1.3.1
+ - deps: range-parser@~1.0.2
+
+3.17.1 / 2014-09-08
+===================
+
+ * Fix error in `req.subdomains` on empty host
+
+3.17.0 / 2014-09-08
+===================
+
+ * Support `X-Forwarded-Host` in `req.subdomains`
+ * Support IP address host in `req.subdomains`
+ * deps: connect@2.26.0
+ - deps: body-parser@~1.8.1
+ - deps: compression@~1.1.0
+ - deps: connect-timeout@~1.3.0
+ - deps: cookie-parser@~1.3.3
+ - deps: cookie-signature@1.0.5
+ - deps: csurf@~1.6.1
+ - deps: debug@~2.0.0
+ - deps: errorhandler@~1.2.0
+ - deps: express-session@~1.8.1
+ - deps: finalhandler@0.2.0
+ - deps: fresh@0.2.4
+ - deps: media-typer@0.3.0
+ - deps: method-override@~2.2.0
+ - deps: morgan@~1.3.0
+ - deps: qs@2.2.3
+ - deps: serve-favicon@~2.1.3
+ - deps: serve-index@~1.2.1
+ - deps: serve-static@~1.6.1
+ - deps: type-is@~1.5.1
+ - deps: vhost@~3.0.0
+ * deps: cookie-signature@1.0.5
+ * deps: debug@~2.0.0
+ * deps: fresh@0.2.4
+ * deps: media-typer@0.3.0
+ - Throw error when parameter format invalid on parse
+ * deps: range-parser@~1.0.2
+ * deps: send@0.9.1
+ - Add `lastModified` option
+ - Use `etag` to generate `ETag` header
+ - deps: debug@~2.0.0
+ - deps: fresh@0.2.4
+ * deps: vary@~1.0.0
+ - Accept valid `Vary` header string as `field`
+
+3.16.10 / 2014-09-04
+====================
+
+ * deps: connect@2.25.10
+ - deps: serve-static@~1.5.4
+ * deps: send@0.8.5
+ - Fix a path traversal issue when using `root`
+ - Fix malicious path detection for empty string path
+
+3.16.9 / 2014-08-29
+===================
+
+ * deps: connect@2.25.9
+ - deps: body-parser@~1.6.7
+ - deps: qs@2.2.2
+
+3.16.8 / 2014-08-27
+===================
+
+ * deps: connect@2.25.8
+ - deps: body-parser@~1.6.6
+ - deps: csurf@~1.4.1
+ - deps: qs@2.2.0
+
+3.16.7 / 2014-08-18
+===================
+
+ * deps: connect@2.25.7
+ - deps: body-parser@~1.6.5
+ - deps: express-session@~1.7.6
+ - deps: morgan@~1.2.3
+ - deps: serve-static@~1.5.3
+ * deps: send@0.8.3
+ - deps: destroy@1.0.3
+ - deps: on-finished@2.1.0
+
+3.16.6 / 2014-08-14
+===================
+
+ * deps: connect@2.25.6
+ - deps: body-parser@~1.6.4
+ - deps: qs@1.2.2
+ - deps: serve-static@~1.5.2
+ * deps: send@0.8.2
+ - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+
+3.16.5 / 2014-08-11
+===================
+
+ * deps: connect@2.25.5
+ - Fix backwards compatibility in `logger`
+
+3.16.4 / 2014-08-10
+===================
+
+ * Fix original URL parsing in `res.location`
+ * deps: connect@2.25.4
+ - Fix `query` middleware breaking with argument
+ - deps: body-parser@~1.6.3
+ - deps: compression@~1.0.11
+ - deps: connect-timeout@~1.2.2
+ - deps: express-session@~1.7.5
+ - deps: method-override@~2.1.3
+ - deps: on-headers@~1.0.0
+ - deps: parseurl@~1.3.0
+ - deps: qs@1.2.1
+ - deps: response-time@~2.0.1
+ - deps: serve-index@~1.1.6
+ - deps: serve-static@~1.5.1
+ * deps: parseurl@~1.3.0
+
+3.16.3 / 2014-08-07
+===================
+
+ * deps: connect@2.25.3
+ - deps: multiparty@3.3.2
+
+3.16.2 / 2014-08-07
+===================
+
+ * deps: connect@2.25.2
+ - deps: body-parser@~1.6.2
+ - deps: qs@1.2.0
+
+3.16.1 / 2014-08-06
+===================
+
+ * deps: connect@2.25.1
+ - deps: body-parser@~1.6.1
+ - deps: qs@1.1.0
+
+3.16.0 / 2014-08-05
+===================
+
+ * deps: connect@2.25.0
+ - deps: body-parser@~1.6.0
+ - deps: compression@~1.0.10
+ - deps: csurf@~1.4.0
+ - deps: express-session@~1.7.4
+ - deps: qs@1.0.2
+ - deps: serve-static@~1.5.0
+ * deps: send@0.8.1
+ - Add `extensions` option
+
+3.15.3 / 2014-08-04
+===================
+
+ * fix `res.sendfile` regression for serving directory index files
+ * deps: connect@2.24.3
+ - deps: serve-index@~1.1.5
+ - deps: serve-static@~1.4.4
+ * deps: send@0.7.4
+ - Fix incorrect 403 on Windows and Node.js 0.11
+ - Fix serving index files without root dir
+
+3.15.2 / 2014-07-27
+===================
+
+ * deps: connect@2.24.2
+ - deps: body-parser@~1.5.2
+ - deps: depd@0.4.4
+ - deps: express-session@~1.7.2
+ - deps: morgan@~1.2.2
+ - deps: serve-static@~1.4.2
+ * deps: depd@0.4.4
+ - Work-around v8 generating empty stack traces
+ * deps: send@0.7.2
+ - deps: depd@0.4.4
+
+3.15.1 / 2014-07-26
+===================
+
+ * deps: connect@2.24.1
+ - deps: body-parser@~1.5.1
+ - deps: depd@0.4.3
+ - deps: express-session@~1.7.1
+ - deps: morgan@~1.2.1
+ - deps: serve-index@~1.1.4
+ - deps: serve-static@~1.4.1
+ * deps: depd@0.4.3
+ - Fix exception when global `Error.stackTraceLimit` is too low
+ * deps: send@0.7.1
+ - deps: depd@0.4.3
+
+3.15.0 / 2014-07-22
+===================
+
+ * Fix `req.protocol` for proxy-direct connections
+ * Pass options from `res.sendfile` to `send`
+ * deps: connect@2.24.0
+ - deps: body-parser@~1.5.0
+ - deps: compression@~1.0.9
+ - deps: connect-timeout@~1.2.1
+ - deps: debug@1.0.4
+ - deps: depd@0.4.2
+ - deps: express-session@~1.7.0
+ - deps: finalhandler@0.1.0
+ - deps: method-override@~2.1.2
+ - deps: morgan@~1.2.0
+ - deps: multiparty@3.3.1
+ - deps: parseurl@~1.2.0
+ - deps: serve-static@~1.4.0
+ * deps: debug@1.0.4
+ * deps: depd@0.4.2
+ - Add `TRACE_DEPRECATION` environment variable
+ - Remove non-standard grey color from color output
+ - Support `--no-deprecation` argument
+ - Support `--trace-deprecation` argument
+ * deps: parseurl@~1.2.0
+ - Cache URLs based on original value
+ - Remove no-longer-needed URL mis-parse work-around
+ - Simplify the "fast-path" `RegExp`
+ * deps: send@0.7.0
+ - Add `dotfiles` option
+ - Cap `maxAge` value to 1 year
+ - deps: debug@1.0.4
+ - deps: depd@0.4.2
+
+3.14.0 / 2014-07-11
+===================
+
+ * add explicit "Rosetta Flash JSONP abuse" protection
+ - previous versions are not vulnerable; this is just explicit protection
+ * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
+ * fix `res.send(status, num)` to send `num` as json (not error)
+ * remove unnecessary escaping when `res.jsonp` returns JSON response
+ * deps: basic-auth@1.0.0
+ - support empty password
+ - support empty username
+ * deps: connect@2.23.0
+ - deps: debug@1.0.3
+ - deps: express-session@~1.6.4
+ - deps: method-override@~2.1.0
+ - deps: parseurl@~1.1.3
+ - deps: serve-static@~1.3.1
+ * deps: debug@1.0.3
+ - Add support for multiple wildcards in namespaces
+ * deps: methods@1.1.0
+ - add `CONNECT`
+ * deps: parseurl@~1.1.3
+ - faster parsing of href-only URLs
+
+3.13.0 / 2014-07-03
+===================
+
+ * add deprecation message to `app.configure`
+ * add deprecation message to `req.auth`
+ * use `basic-auth` to parse `Authorization` header
+ * deps: connect@2.22.0
+ - deps: csurf@~1.3.0
+ - deps: express-session@~1.6.1
+ - deps: multiparty@3.3.0
+ - deps: serve-static@~1.3.0
+ * deps: send@0.5.0
+ - Accept string for `maxage` (converted by `ms`)
+ - Include link in default redirect response
+
+3.12.1 / 2014-06-26
+===================
+
+ * deps: connect@2.21.1
+ - deps: cookie-parser@1.3.2
+ - deps: cookie-signature@1.0.4
+ - deps: express-session@~1.5.2
+ - deps: type-is@~1.3.2
+ * deps: cookie-signature@1.0.4
+ - fix for timing attacks
+
+3.12.0 / 2014-06-21
+===================
+
+ * use `media-typer` to alter content-type charset
+ * deps: connect@2.21.0
+ - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
+ - deprecate `connect.createServer()` -- use `connect()` instead
+ - fix `res.setHeader()` patch to work with get -> append -> set pattern
+ - deps: compression@~1.0.8
+ - deps: errorhandler@~1.1.1
+ - deps: express-session@~1.5.0
+ - deps: serve-index@~1.1.3
+
+3.11.0 / 2014-06-19
+===================
+
+ * deprecate things with `depd` module
+ * deps: buffer-crc32@0.2.3
+ * deps: connect@2.20.2
+ - deprecate `verify` option to `json` -- use `body-parser` npm module instead
+ - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
+ - deprecate things with `depd` module
+ - use `finalhandler` for final response handling
+ - use `media-typer` to parse `content-type` for charset
+ - deps: body-parser@1.4.3
+ - deps: connect-timeout@1.1.1
+ - deps: cookie-parser@1.3.1
+ - deps: csurf@1.2.2
+ - deps: errorhandler@1.1.0
+ - deps: express-session@1.4.0
+ - deps: multiparty@3.2.9
+ - deps: serve-index@1.1.2
+ - deps: type-is@1.3.1
+ - deps: vhost@2.0.0
+
+3.10.5 / 2014-06-11
+===================
+
+ * deps: connect@2.19.6
+ - deps: body-parser@1.3.1
+ - deps: compression@1.0.7
+ - deps: debug@1.0.2
+ - deps: serve-index@1.1.1
+ - deps: serve-static@1.2.3
+ * deps: debug@1.0.2
+ * deps: send@0.4.3
+ - Do not throw uncatchable error on file open race condition
+ - Use `escape-html` for HTML escaping
+ - deps: debug@1.0.2
+ - deps: finished@1.2.2
+ - deps: fresh@0.2.2
+
+3.10.4 / 2014-06-09
+===================
+
+ * deps: connect@2.19.5
+ - fix "event emitter leak" warnings
+ - deps: csurf@1.2.1
+ - deps: debug@1.0.1
+ - deps: serve-static@1.2.2
+ - deps: type-is@1.2.1
+ * deps: debug@1.0.1
+ * deps: send@0.4.2
+ - fix "event emitter leak" warnings
+ - deps: finished@1.2.1
+ - deps: debug@1.0.1
+
+3.10.3 / 2014-06-05
+===================
+
+ * use `vary` module for `res.vary`
+ * deps: connect@2.19.4
+ - deps: errorhandler@1.0.2
+ - deps: method-override@2.0.2
+ - deps: serve-favicon@2.0.1
+ * deps: debug@1.0.0
+
+3.10.2 / 2014-06-03
+===================
+
+ * deps: connect@2.19.3
+ - deps: compression@1.0.6
+
+3.10.1 / 2014-06-03
+===================
+
+ * deps: connect@2.19.2
+ - deps: compression@1.0.4
+ * deps: proxy-addr@1.0.1
+
+3.10.0 / 2014-06-02
+===================
+
+ * deps: connect@2.19.1
+ - deprecate `methodOverride()` -- use `method-override` npm module instead
+ - deps: body-parser@1.3.0
+ - deps: method-override@2.0.1
+ - deps: multiparty@3.2.8
+ - deps: response-time@2.0.0
+ - deps: serve-static@1.2.1
+ * deps: methods@1.0.1
+ * deps: send@0.4.1
+ - Send `max-age` in `Cache-Control` in correct format
+
+3.9.0 / 2014-05-30
+==================
+
+ * custom etag control with `app.set('etag', val)`
+ - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
+ - `app.set('etag', 'weak')` weak tag
+ - `app.set('etag', 'strong')` strong etag
+ - `app.set('etag', false)` turn off
+ - `app.set('etag', true)` standard etag
+ * Include ETag in HEAD requests
+ * mark `res.send` ETag as weak and reduce collisions
+ * update connect to 2.18.0
+ - deps: compression@1.0.3
+ - deps: serve-index@1.1.0
+ - deps: serve-static@1.2.0
+ * update send to 0.4.0
+ - Calculate ETag with md5 for reduced collisions
+ - Ignore stream errors after request ends
+ - deps: debug@0.8.1
+
+3.8.1 / 2014-05-27
+==================
+
+ * update connect to 2.17.3
+ - deps: body-parser@1.2.2
+ - deps: express-session@1.2.1
+ - deps: method-override@1.0.2
+
+3.8.0 / 2014-05-21
+==================
+
+ * keep previous `Content-Type` for `res.jsonp`
+ * set proper `charset` in `Content-Type` for `res.send`
+ * update connect to 2.17.1
+ - fix `res.charset` appending charset when `content-type` has one
+ - deps: express-session@1.2.0
+ - deps: morgan@1.1.1
+ - deps: serve-index@1.0.3
+
+3.7.0 / 2014-05-18
+==================
+
+ * proper proxy trust with `app.set('trust proxy', trust)`
+ - `app.set('trust proxy', 1)` trust first hop
+ - `app.set('trust proxy', 'loopback')` trust loopback addresses
+ - `app.set('trust proxy', '10.0.0.1')` trust single IP
+ - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
+ - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
+ - `app.set('trust proxy', false)` turn off
+ - `app.set('trust proxy', true)` trust everything
+ * update connect to 2.16.2
+ - deprecate `res.headerSent` -- use `res.headersSent`
+ - deprecate `res.on("header")` -- use on-headers module instead
+ - fix edge-case in `res.appendHeader` that would append in wrong order
+ - json: use body-parser
+ - urlencoded: use body-parser
+ - dep: bytes@1.0.0
+ - dep: cookie-parser@1.1.0
+ - dep: csurf@1.2.0
+ - dep: express-session@1.1.0
+ - dep: method-override@1.0.1
+
+3.6.0 / 2014-05-09
+==================
+
+ * deprecate `app.del()` -- use `app.delete()` instead
+ * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
+ - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
+ * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
+ - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
+ * support PURGE method
+ - add `app.purge`
+ - add `router.purge`
+ - include PURGE in `app.all`
+ * update connect to 2.15.0
+ * Add `res.appendHeader`
+ * Call error stack even when response has been sent
+ * Patch `res.headerSent` to return Boolean
+ * Patch `res.headersSent` for node.js 0.8
+ * Prevent default 404 handler after response sent
+ * dep: compression@1.0.2
+ * dep: connect-timeout@1.1.0
+ * dep: debug@^0.8.0
+ * dep: errorhandler@1.0.1
+ * dep: express-session@1.0.4
+ * dep: morgan@1.0.1
+ * dep: serve-favicon@2.0.0
+ * dep: serve-index@1.0.2
+ * update debug to 0.8.0
+ * add `enable()` method
+ * change from stderr to stdout
+ * update methods to 1.0.0
+ - add PURGE
+ * update mkdirp to 0.5.0
+
+3.5.3 / 2014-05-08
+==================
+
+ * fix `req.host` for IPv6 literals
+ * fix `res.jsonp` error if callback param is object
+
+3.5.2 / 2014-04-24
+==================
+
+ * update connect to 2.14.5
+ * update cookie to 0.1.2
+ * update mkdirp to 0.4.0
+ * update send to 0.3.0
+
+3.5.1 / 2014-03-25
+==================
+
+ * pin less-middleware in generated app
+
+3.5.0 / 2014-03-06
+==================
+
+ * bump deps
+
+3.4.8 / 2014-01-13
+==================
+
+ * prevent incorrect automatic OPTIONS responses #1868 @dpatti
+ * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
+ * throw 400 in case of malformed paths @rlidwka
+
+3.4.7 / 2013-12-10
+==================
+
+ * update connect
+
+3.4.6 / 2013-12-01
+==================
+
+ * update connect (raw-body)
+
+3.4.5 / 2013-11-27
+==================
+
+ * update connect
+ * res.location: remove leading ./ #1802 @kapouer
+ * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
+ * res.send: always send ETag when content-length > 0
+ * router: add Router.all() method
+
+3.4.4 / 2013-10-29
+==================
+
+ * update connect
+ * update supertest
+ * update methods
+ * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
+
+3.4.3 / 2013-10-23
+==================
+
+ * update connect
+
+3.4.2 / 2013-10-18
+==================
+
+ * update connect
+ * downgrade commander
+
+3.4.1 / 2013-10-15
+==================
+
+ * update connect
+ * update commander
+ * jsonp: check if callback is a function
+ * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
+ * res.format: now includes charset @1747 (@sorribas)
+ * res.links: allow multiple calls @1746 (@sorribas)
+
+3.4.0 / 2013-09-07
+==================
+
+ * add res.vary(). Closes #1682
+ * update connect
+
+3.3.8 / 2013-09-02
+==================
+
+ * update connect
+
+3.3.7 / 2013-08-28
+==================
+
+ * update connect
+
+3.3.6 / 2013-08-27
+==================
+
+ * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
+ * add: req.accepts take an argument list
+
+3.3.4 / 2013-07-08
+==================
+
+ * update send and connect
+
+3.3.3 / 2013-07-04
+==================
+
+ * update connect
+
+3.3.2 / 2013-07-03
+==================
+
+ * update connect
+ * update send
+ * remove .version export
+
+3.3.1 / 2013-06-27
+==================
+
+ * update connect
+
+3.3.0 / 2013-06-26
+==================
+
+ * update connect
+ * add support for multiple X-Forwarded-Proto values. Closes #1646
+ * change: remove charset from json responses. Closes #1631
+ * change: return actual booleans from req.accept* functions
+ * fix jsonp callback array throw
+
+3.2.6 / 2013-06-02
+==================
+
+ * update connect
+
+3.2.5 / 2013-05-21
+==================
+
+ * update connect
+ * update node-cookie
+ * add: throw a meaningful error when there is no default engine
+ * change generation of ETags with res.send() to GET requests only. Closes #1619
+
+3.2.4 / 2013-05-09
+==================
+
+ * fix `req.subdomains` when no Host is present
+ * fix `req.host` when no Host is present, return undefined
+
+3.2.3 / 2013-05-07
+==================
+
+ * update connect / qs
+
+3.2.2 / 2013-05-03
+==================
+
+ * update qs
+
+3.2.1 / 2013-04-29
+==================
+
+ * add app.VERB() paths array deprecation warning
+ * update connect
+ * update qs and remove all ~ semver crap
+ * fix: accept number as value of Signed Cookie
+
+3.2.0 / 2013-04-15
+==================
+
+ * add "view" constructor setting to override view behaviour
+ * add req.acceptsEncoding(name)
+ * add req.acceptedEncodings
+ * revert cookie signature change causing session race conditions
+ * fix sorting of Accept values of the same quality
+
+3.1.2 / 2013-04-12
+==================
+
+ * add support for custom Accept parameters
+ * update cookie-signature
+
+3.1.1 / 2013-04-01
+==================
+
+ * add X-Forwarded-Host support to `req.host`
+ * fix relative redirects
+ * update mkdirp
+ * update buffer-crc32
+ * remove legacy app.configure() method from app template.
+
+3.1.0 / 2013-01-25
+==================
+
+ * add support for leading "." in "view engine" setting
+ * add array support to `res.set()`
+ * add node 0.8.x to travis.yml
+ * add "subdomain offset" setting for tweaking `req.subdomains`
+ * add `res.location(url)` implementing `res.redirect()`-like setting of Location
+ * use app.get() for x-powered-by setting for inheritance
+ * fix colons in passwords for `req.auth`
+
+3.0.6 / 2013-01-04
+==================
+
+ * add http verb methods to Router
+ * update connect
+ * fix mangling of the `res.cookie()` options object
+ * fix jsonp whitespace escape. Closes #1132
+
+3.0.5 / 2012-12-19
+==================
+
+ * add throwing when a non-function is passed to a route
+ * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
+ * revert "add 'etag' option"
+
+3.0.4 / 2012-12-05
+==================
+
+ * add 'etag' option to disable `res.send()` Etags
+ * add escaping of urls in text/plain in `res.redirect()`
+ for old browsers interpreting as html
+ * change crc32 module for a more liberal license
+ * update connect
+
+3.0.3 / 2012-11-13
+==================
+
+ * update connect
+ * update cookie module
+ * fix cookie max-age
+
+3.0.2 / 2012-11-08
+==================
+
+ * add OPTIONS to cors example. Closes #1398
+ * fix route chaining regression. Closes #1397
+
+3.0.1 / 2012-11-01
+==================
+
+ * update connect
+
+3.0.0 / 2012-10-23
+==================
+
+ * add `make clean`
+ * add "Basic" check to req.auth
+ * add `req.auth` test coverage
+ * add cb && cb(payload) to `res.jsonp()`. Closes #1374
+ * add backwards compat for `res.redirect()` status. Closes #1336
+ * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
+ * update connect
+ * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
+ * remove non-primitive string support for `res.send()`
+ * fix view-locals example. Closes #1370
+ * fix route-separation example
+
+3.0.0rc5 / 2012-09-18
+==================
+
+ * update connect
+ * add redis search example
+ * add static-files example
+ * add "x-powered-by" setting (`app.disable('x-powered-by')`)
+ * add "application/octet-stream" redirect Accept test case. Closes #1317
+
+3.0.0rc4 / 2012-08-30
+==================
+
+ * add `res.jsonp()`. Closes #1307
+ * add "verbose errors" option to error-pages example
+ * add another route example to express(1) so people are not so confused
+ * add redis online user activity tracking example
+ * update connect dep
+ * fix etag quoting. Closes #1310
+ * fix error-pages 404 status
+ * fix jsonp callback char restrictions
+ * remove old OPTIONS default response
+
+3.0.0rc3 / 2012-08-13
+==================
+
+ * update connect dep
+ * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
+ * fix `res.render()` clobbering of "locals"
+
+3.0.0rc2 / 2012-08-03
+==================
+
+ * add CORS example
+ * update connect dep
+ * deprecate `.createServer()` & remove old stale examples
+ * fix: escape `res.redirect()` link
+ * fix vhost example
+
+3.0.0rc1 / 2012-07-24
+==================
+
+ * add more examples to view-locals
+ * add scheme-relative redirects (`res.redirect("//foo.com")`) support
+ * update cookie dep
+ * update connect dep
+ * update send dep
+ * fix `express(1)` -h flag, use -H for hogan. Closes #1245
+ * fix `res.sendfile()` socket error handling regression
+
+3.0.0beta7 / 2012-07-16
+==================
+
+ * update connect dep for `send()` root normalization regression
+
+3.0.0beta6 / 2012-07-13
+==================
+
+ * add `err.view` property for view errors. Closes #1226
+ * add "jsonp callback name" setting
+ * add support for "/foo/:bar*" non-greedy matches
+ * change `res.sendfile()` to use `send()` module
+ * change `res.send` to use "response-send" module
+ * remove `app.locals.use` and `res.locals.use`, use regular middleware
+
+3.0.0beta5 / 2012-07-03
+==================
+
+ * add "make check" support
+ * add route-map example
+ * add `res.json(obj, status)` support back for BC
+ * add "methods" dep, remove internal methods module
+ * update connect dep
+ * update auth example to utilize cores pbkdf2
+ * updated tests to use "supertest"
+
+3.0.0beta4 / 2012-06-25
+==================
+
+ * Added `req.auth`
+ * Added `req.range(size)`
+ * Added `res.links(obj)`
+ * Added `res.send(body, status)` support back for backwards compat
+ * Added `.default()` support to `res.format()`
+ * Added 2xx / 304 check to `req.fresh`
+ * Revert "Added + support to the router"
+ * Fixed `res.send()` freshness check, respect res.statusCode
+
+3.0.0beta3 / 2012-06-15
+==================
+
+ * Added hogan `--hjs` to express(1) [nullfirm]
+ * Added another example to content-negotiation
+ * Added `fresh` dep
+ * Changed: `res.send()` always checks freshness
+ * Fixed: expose connects mime module. Closes #1165
+
+3.0.0beta2 / 2012-06-06
+==================
+
+ * Added `+` support to the router
+ * Added `req.host`
+ * Changed `req.param()` to check route first
+ * Update connect dep
+
+3.0.0beta1 / 2012-06-01
+==================
+
+ * Added `res.format()` callback to override default 406 behaviour
+ * Fixed `res.redirect()` 406. Closes #1154
+
+3.0.0alpha5 / 2012-05-30
+==================
+
+ * Added `req.ip`
+ * Added `{ signed: true }` option to `res.cookie()`
+ * Removed `res.signedCookie()`
+ * Changed: dont reverse `req.ips`
+ * Fixed "trust proxy" setting check for `req.ips`
+
+3.0.0alpha4 / 2012-05-09
+==================
+
+ * Added: allow `[]` in jsonp callback. Closes #1128
+ * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
+ * Updated: connect 2.2.2
+
+3.0.0alpha3 / 2012-05-04
+==================
+
+ * Added public `app.routes`. Closes #887
+ * Added _view-locals_ example
+ * Added _mvc_ example
+ * Added `res.locals.use()`. Closes #1120
+ * Added conditional-GET support to `res.send()`
+ * Added: coerce `res.set()` values to strings
+ * Changed: moved `static()` in generated apps below router
+ * Changed: `res.send()` only set ETag when not previously set
+ * Changed connect 2.2.1 dep
+ * Changed: `make test` now runs unit / acceptance tests
+ * Fixed req/res proto inheritance
+
+3.0.0alpha2 / 2012-04-26
+==================
+
+ * Added `make benchmark` back
+ * Added `res.send()` support for `String` objects
+ * Added client-side data exposing example
+ * Added `res.header()` and `req.header()` aliases for BC
+ * Added `express.createServer()` for BC
+ * Perf: memoize parsed urls
+ * Perf: connect 2.2.0 dep
+ * Changed: make `expressInit()` middleware self-aware
+ * Fixed: use app.get() for all core settings
+ * Fixed redis session example
+ * Fixed session example. Closes #1105
+ * Fixed generated express dep. Closes #1078
+
+3.0.0alpha1 / 2012-04-15
+==================
+
+ * Added `app.locals.use(callback)`
+ * Added `app.locals` object
+ * Added `app.locals(obj)`
+ * Added `res.locals` object
+ * Added `res.locals(obj)`
+ * Added `res.format()` for content-negotiation
+ * Added `app.engine()`
+ * Added `res.cookie()` JSON cookie support
+ * Added "trust proxy" setting
+ * Added `req.subdomains`
+ * Added `req.protocol`
+ * Added `req.secure`
+ * Added `req.path`
+ * Added `req.ips`
+ * Added `req.fresh`
+ * Added `req.stale`
+ * Added comma-delimited / array support for `req.accepts()`
+ * Added debug instrumentation
+ * Added `res.set(obj)`
+ * Added `res.set(field, value)`
+ * Added `res.get(field)`
+ * Added `app.get(setting)`. Closes #842
+ * Added `req.acceptsLanguage()`
+ * Added `req.acceptsCharset()`
+ * Added `req.accepted`
+ * Added `req.acceptedLanguages`
+ * Added `req.acceptedCharsets`
+ * Added "json replacer" setting
+ * Added "json spaces" setting
+ * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
+ * Added `--less` support to express(1)
+ * Added `express.response` prototype
+ * Added `express.request` prototype
+ * Added `express.application` prototype
+ * Added `app.path()`
+ * Added `app.render()`
+ * Added `res.type()` to replace `res.contentType()`
+ * Changed: `res.redirect()` to add relative support
+ * Changed: enable "jsonp callback" by default
+ * Changed: renamed "case sensitive routes" to "case sensitive routing"
+ * Rewrite of all tests with mocha
+ * Removed "root" setting
+ * Removed `res.redirect('home')` support
+ * Removed `req.notify()`
+ * Removed `app.register()`
+ * Removed `app.redirect()`
+ * Removed `app.is()`
+ * Removed `app.helpers()`
+ * Removed `app.dynamicHelpers()`
+ * Fixed `res.sendfile()` with non-GET. Closes #723
+ * Fixed express(1) public dir for windows. Closes #866
+
+2.5.9/ 2012-04-02
+==================
+
+ * Added support for PURGE request method [pbuyle]
+ * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
+
+2.5.8 / 2012-02-08
+==================
+
+ * Update mkdirp dep. Closes #991
+
+2.5.7 / 2012-02-06
+==================
+
+ * Fixed `app.all` duplicate DELETE requests [mscdex]
+
+2.5.6 / 2012-01-13
+==================
+
+ * Updated hamljs dev dep. Closes #953
+
+2.5.5 / 2012-01-08
+==================
+
+ * Fixed: set `filename` on cached templates [matthewleon]
+
+2.5.4 / 2012-01-02
+==================
+
+ * Fixed `express(1)` eol on 0.4.x. Closes #947
+
+2.5.3 / 2011-12-30
+==================
+
+ * Fixed `req.is()` when a charset is present
+
+2.5.2 / 2011-12-10
+==================
+
+ * Fixed: express(1) LF -> CRLF for windows
+
+2.5.1 / 2011-11-17
+==================
+
+ * Changed: updated connect to 1.8.x
+ * Removed sass.js support from express(1)
+
+2.5.0 / 2011-10-24
+==================
+
+ * Added ./routes dir for generated app by default
+ * Added npm install reminder to express(1) app gen
+ * Added 0.5.x support
+ * Removed `make test-cov` since it wont work with node 0.5.x
+ * Fixed express(1) public dir for windows. Closes #866
+
+2.4.7 / 2011-10-05
+==================
+
+ * Added mkdirp to express(1). Closes #795
+ * Added simple _json-config_ example
+ * Added shorthand for the parsed request's pathname via `req.path`
+ * Changed connect dep to 1.7.x to fix npm issue...
+ * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
+ * Fixed `req.flash()`, only escape args
+ * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
+
+2.4.6 / 2011-08-22
+==================
+
+ * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
+
+2.4.5 / 2011-08-19
+==================
+
+ * Added support for routes to handle errors. Closes #809
+ * Added `app.routes.all()`. Closes #803
+ * Added "basepath" setting to work in conjunction with reverse proxies etc.
+ * Refactored `Route` to use a single array of callbacks
+ * Added support for multiple callbacks for `app.param()`. Closes #801
+Closes #805
+ * Changed: removed .call(self) for route callbacks
+ * Dependency: `qs >= 0.3.1`
+ * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
+
+2.4.4 / 2011-08-05
+==================
+
+ * Fixed `res.header()` intention of a set, even when `undefined`
+ * Fixed `*`, value no longer required
+ * Fixed `res.send(204)` support. Closes #771
+
+2.4.3 / 2011-07-14
+==================
+
+ * Added docs for `status` option special-case. Closes #739
+ * Fixed `options.filename`, exposing the view path to template engines
+
+2.4.2. / 2011-07-06
+==================
+
+ * Revert "removed jsonp stripping" for XSS
+
+2.4.1 / 2011-07-06
+==================
+
+ * Added `res.json()` JSONP support. Closes #737
+ * Added _extending-templates_ example. Closes #730
+ * Added "strict routing" setting for trailing slashes
+ * Added support for multiple envs in `app.configure()` calls. Closes #735
+ * Changed: `res.send()` using `res.json()`
+ * Changed: when cookie `path === null` don't default it
+ * Changed; default cookie path to "home" setting. Closes #731
+ * Removed _pids/logs_ creation from express(1)
+
+2.4.0 / 2011-06-28
+==================
+
+ * Added chainable `res.status(code)`
+ * Added `res.json()`, an explicit version of `res.send(obj)`
+ * Added simple web-service example
+
+2.3.12 / 2011-06-22
+==================
+
+ * \#express is now on freenode! come join!
+ * Added `req.get(field, param)`
+ * Added links to Japanese documentation, thanks @hideyukisaito!
+ * Added; the `express(1)` generated app outputs the env
+ * Added `content-negotiation` example
+ * Dependency: connect >= 1.5.1 < 2.0.0
+ * Fixed view layout bug. Closes #720
+ * Fixed; ignore body on 304. Closes #701
+
+2.3.11 / 2011-06-04
+==================
+
+ * Added `npm test`
+ * Removed generation of dummy test file from `express(1)`
+ * Fixed; `express(1)` adds express as a dep
+ * Fixed; prune on `prepublish`
+
+2.3.10 / 2011-05-27
+==================
+
+ * Added `req.route`, exposing the current route
+ * Added _package.json_ generation support to `express(1)`
+ * Fixed call to `app.param()` function for optional params. Closes #682
+
+2.3.9 / 2011-05-25
+==================
+
+ * Fixed bug-ish with `../' in `res.partial()` calls
+
+2.3.8 / 2011-05-24
+==================
+
+ * Fixed `app.options()`
+
+2.3.7 / 2011-05-23
+==================
+
+ * Added route `Collection`, ex: `app.get('/user/:id').remove();`
+ * Added support for `app.param(fn)` to define param logic
+ * Removed `app.param()` support for callback with return value
+ * Removed module.parent check from express(1) generated app. Closes #670
+ * Refactored router. Closes #639
+
+2.3.6 / 2011-05-20
+==================
+
+ * Changed; using devDependencies instead of git submodules
+ * Fixed redis session example
+ * Fixed markdown example
+ * Fixed view caching, should not be enabled in development
+
+2.3.5 / 2011-05-20
+==================
+
+ * Added export `.view` as alias for `.View`
+
+2.3.4 / 2011-05-08
+==================
+
+ * Added `./examples/say`
+ * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
+
+2.3.3 / 2011-05-03
+==================
+
+ * Added "case sensitive routes" option.
+ * Changed; split methods supported per rfc [slaskis]
+ * Fixed route-specific middleware when using the same callback function several times
+
+2.3.2 / 2011-04-27
+==================
+
+ * Fixed view hints
+
+2.3.1 / 2011-04-26
+==================
+
+ * Added `app.match()` as `app.match.all()`
+ * Added `app.lookup()` as `app.lookup.all()`
+ * Added `app.remove()` for `app.remove.all()`
+ * Added `app.remove.VERB()`
+ * Fixed template caching collision issue. Closes #644
+ * Moved router over from connect and started refactor
+
+2.3.0 / 2011-04-25
+==================
+
+ * Added options support to `res.clearCookie()`
+ * Added `res.helpers()` as alias of `res.locals()`
+ * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0`
+ * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
+ * Renamed "cache views" to "view cache". Closes #628
+ * Fixed caching of views when using several apps. Closes #637
+ * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
+Closes #638
+ * Fixed partial lookup precedence. Closes #631
+Shaw]
+
+2.2.2 / 2011-04-12
+==================
+
+ * Added second callback support for `res.download()` connection errors
+ * Fixed `filename` option passing to template engine
+
+2.2.1 / 2011-04-04
+==================
+
+ * Added `layout(path)` helper to change the layout within a view. Closes #610
+ * Fixed `partial()` collection object support.
+ Previously only anything with `.length` would work.
+ When `.length` is present one must still be aware of holes,
+ however now `{ collection: {foo: 'bar'}}` is valid, exposes
+ `keyInCollection` and `keysInCollection`.
+
+ * Performance improved with better view caching
+ * Removed `request` and `response` locals
+ * Changed; errorHandler page title is now `Express` instead of `Connect`
+
+2.2.0 / 2011-03-30
+==================
+
+ * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
+ * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
+ * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
+ * Dependency `connect >= 1.2.0`
+
+2.1.1 / 2011-03-29
+==================
+
+ * Added; expose `err.view` object when failing to locate a view
+ * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
+ * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
+
+2.1.0 / 2011-03-24
+==================
+
+ * Added `<root>/_?<name>` partial lookup support. Closes #447
+ * Added `request`, `response`, and `app` local variables
+ * Added `settings` local variable, containing the app's settings
+ * Added `req.flash()` exception if `req.session` is not available
+ * Added `res.send(bool)` support (json response)
+ * Fixed stylus example for latest version
+ * Fixed; wrap try/catch around `res.render()`
+
+2.0.0 / 2011-03-17
+==================
+
+ * Fixed up index view path alternative.
+ * Changed; `res.locals()` without object returns the locals
+
+2.0.0rc3 / 2011-03-17
+==================
+
+ * Added `res.locals(obj)` to compliment `res.local(key, val)`
+ * Added `res.partial()` callback support
+ * Fixed recursive error reporting issue in `res.render()`
+
+2.0.0rc2 / 2011-03-17
+==================
+
+ * Changed; `partial()` "locals" are now optional
+ * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
+ * Fixed .filename view engine option [reported by drudge]
+ * Fixed blog example
+ * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
+
+2.0.0rc / 2011-03-14
+==================
+
+ * Fixed; expose `HTTPSServer` constructor
+ * Fixed express(1) default test charset. Closes #579 [reported by secoif]
+ * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
+
+2.0.0beta3 / 2011-03-09
+==================
+
+ * Added support for `res.contentType()` literal
+ The original `res.contentType('.json')`,
+ `res.contentType('application/json')`, and `res.contentType('json')`
+ will work now.
+ * Added `res.render()` status option support back
+ * Added charset option for `res.render()`
+ * Added `.charset` support (via connect 1.0.4)
+ * Added view resolution hints when in development and a lookup fails
+ * Added layout lookup support relative to the page view.
+ For example while rendering `./views/user/index.jade` if you create
+ `./views/user/layout.jade` it will be used in favour of the root layout.
+ * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
+ * Fixed; default `res.send()` string charset to utf8
+ * Removed `Partial` constructor (not currently used)
+
+2.0.0beta2 / 2011-03-07
+==================
+
+ * Added res.render() `.locals` support back to aid in migration process
+ * Fixed flash example
+
+2.0.0beta / 2011-03-03
+==================
+
+ * Added HTTPS support
+ * Added `res.cookie()` maxAge support
+ * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
+ * Added mount support for `res.redirect()`, now respects the mount-point
+ * Added `union()` util, taking place of `merge(clone())` combo
+ * Added stylus support to express(1) generated app
+ * Added secret to session middleware used in examples and generated app
+ * Added `res.local(name, val)` for progressive view locals
+ * Added default param support to `req.param(name, default)`
+ * Added `app.disabled()` and `app.enabled()`
+ * Added `app.register()` support for omitting leading ".", either works
+ * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
+ * Added `app.param()` to map route params to async/sync logic
+ * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
+ * Added extname with no leading "." support to `res.contentType()`
+ * Added `cache views` setting, defaulting to enabled in "production" env
+ * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
+ * Added `req.accepts()` support for extensions
+ * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
+ static file server `connect.static.send()`.
+ * Changed; replaced `connect.utils.mime()` with npm _mime_ module
+ * Changed; allow `req.query` to be pre-defined (via middleware or other parent
+ * Changed view partial resolution, now relative to parent view
+ * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
+ * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
+ * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
+ * Fixed; using _qs_ module instead of _querystring_
+ * Fixed; strip unsafe chars from jsonp callbacks
+ * Removed "stream threshold" setting
+
+1.0.8 / 2011-03-01
+==================
+
+ * Allow `req.query` to be pre-defined (via middleware or other parent app)
+ * "connect": ">= 0.5.0 < 1.0.0". Closes #547
+ * Removed the long deprecated __EXPRESS_ENV__ support
+
+1.0.7 / 2011-02-07
+==================
+
+ * Fixed `render()` setting inheritance.
+ Mounted apps would not inherit "view engine"
+
+1.0.6 / 2011-02-07
+==================
+
+ * Fixed `view engine` setting bug when period is in dirname
+
+1.0.5 / 2011-02-05
+==================
+
+ * Added secret to generated app `session()` call
+
+1.0.4 / 2011-02-05
+==================
+
+ * Added `qs` dependency to _package.json_
+ * Fixed namespaced `require()`s for latest connect support
+
+1.0.3 / 2011-01-13
+==================
+
+ * Remove unsafe characters from JSONP callback names [Ryan Grove]
+
+1.0.2 / 2011-01-10
+==================
+
+ * Removed nested require, using `connect.router`
+
+1.0.1 / 2010-12-29
+==================
+
+ * Fixed for middleware stacked via `createServer()`
+ previously the `foo` middleware passed to `createServer(foo)`
+ would not have access to Express methods such as `res.send()`
+ or props like `req.query` etc.
+
+1.0.0 / 2010-11-16
+==================
+
+ * Added; deduce partial object names from the last segment.
+ For example by default `partial('forum/post', postObject)` will
+ give you the _post_ object, providing a meaningful default.
+ * Added http status code string representation to `res.redirect()` body
+ * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
+ * Added `req.is()` to aid in content negotiation
+ * Added partial local inheritance [suggested by masylum]. Closes #102
+ providing access to parent template locals.
+ * Added _-s, --session[s]_ flag to express(1) to add session related middleware
+ * Added _--template_ flag to express(1) to specify the
+ template engine to use.
+ * Added _--css_ flag to express(1) to specify the
+ stylesheet engine to use (or just plain css by default).
+ * Added `app.all()` support [thanks aheckmann]
+ * Added partial direct object support.
+ You may now `partial('user', user)` providing the "user" local,
+ vs previously `partial('user', { object: user })`.
+ * Added _route-separation_ example since many people question ways
+ to do this with CommonJS modules. Also view the _blog_ example for
+ an alternative.
+ * Performance; caching view path derived partial object names
+ * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
+ * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
+
+1.0.0rc4 / 2010-10-14
+==================
+
+ * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
+ * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
+ * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
+ * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
+ * Added `partial()` support for array-like collections. Closes #434
+ * Added support for swappable querystring parsers
+ * Added session usage docs. Closes #443
+ * Added dynamic helper caching. Closes #439 [suggested by maritz]
+ * Added authentication example
+ * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
+ * Changed; `express(1)` generated app using 2 spaces instead of 4
+ * Default env to "development" again [aheckmann]
+ * Removed _context_ option is no more, use "scope"
+ * Fixed; exposing _./support_ libs to examples so they can run without installs
+ * Fixed mvc example
+
+1.0.0rc3 / 2010-09-20
+==================
+
+ * Added confirmation for `express(1)` app generation. Closes #391
+ * Added extending of flash formatters via `app.flashFormatters`
+ * Added flash formatter support. Closes #411
+ * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
+ * Added _stream threshold_ setting for `res.sendfile()`
+ * Added `res.send()` __HEAD__ support
+ * Added `res.clearCookie()`
+ * Added `res.cookie()`
+ * Added `res.render()` headers option
+ * Added `res.redirect()` response bodies
+ * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
+ * Fixed `res.sendfile()` responding with 403 on malicious path
+ * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
+ * Fixed; mounted apps settings now inherit from parent app [aheckmann]
+ * Fixed; stripping Content-Length / Content-Type when 204
+ * Fixed `res.send()` 204. Closes #419
+ * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
+ * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
+
+
+1.0.0rc2 / 2010-08-17
+==================
+
+ * Added `app.register()` for template engine mapping. Closes #390
+ * Added `res.render()` callback support as second argument (no options)
+ * Added callback support to `res.download()`
+ * Added callback support for `res.sendfile()`
+ * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
+ * Added "partials" setting to docs
+ * Added default expresso tests to `express(1)` generated app. Closes #384
+ * Fixed `res.sendfile()` error handling, defer via `next()`
+ * Fixed `res.render()` callback when a layout is used [thanks guillermo]
+ * Fixed; `make install` creating ~/.node_libraries when not present
+ * Fixed issue preventing error handlers from being defined anywhere. Closes #387
+
+1.0.0rc / 2010-07-28
+==================
+
+ * Added mounted hook. Closes #369
+ * Added connect dependency to _package.json_
+
+ * Removed "reload views" setting and support code
+ development env never caches, production always caches.
+
+ * Removed _param_ in route callbacks, signature is now
+ simply (req, res, next), previously (req, res, params, next).
+ Use _req.params_ for path captures, _req.query_ for GET params.
+
+ * Fixed "home" setting
+ * Fixed middleware/router precedence issue. Closes #366
+ * Fixed; _configure()_ callbacks called immediately. Closes #368
+
+1.0.0beta2 / 2010-07-23
+==================
+
+ * Added more examples
+ * Added; exporting `Server` constructor
+ * Added `Server#helpers()` for view locals
+ * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
+ * Added support for absolute view paths
+ * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
+ * Added Guillermo Rauch to the contributor list
+ * Added support for "as" for non-collection partials. Closes #341
+ * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
+ * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
+ * Fixed instanceof `Array` checks, now `Array.isArray()`
+ * Fixed express(1) expansion of public dirs. Closes #348
+ * Fixed middleware precedence. Closes #345
+ * Fixed view watcher, now async [thanks aheckmann]
+
+1.0.0beta / 2010-07-15
+==================
+
+ * Re-write
+ - much faster
+ - much lighter
+ - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
+
+0.14.0 / 2010-06-15
+==================
+
+ * Utilize relative requires
+ * Added Static bufferSize option [aheckmann]
+ * Fixed caching of view and partial subdirectories [aheckmann]
+ * Fixed mime.type() comments now that ".ext" is not supported
+ * Updated haml submodule
+ * Updated class submodule
+ * Removed bin/express
+
+0.13.0 / 2010-06-01
+==================
+
+ * Added node v0.1.97 compatibility
+ * Added support for deleting cookies via Request#cookie('key', null)
+ * Updated haml submodule
+ * Fixed not-found page, now using charset utf-8
+ * Fixed show-exceptions page, now using charset utf-8
+ * Fixed view support due to fs.readFile Buffers
+ * Changed; mime.type() no longer accepts ".type" due to node extname() changes
+
+0.12.0 / 2010-05-22
+==================
+
+ * Added node v0.1.96 compatibility
+ * Added view `helpers` export which act as additional local variables
+ * Updated haml submodule
+ * Changed ETag; removed inode, modified time only
+ * Fixed LF to CRLF for setting multiple cookies
+ * Fixed cookie compilation; values are now urlencoded
+ * Fixed cookies parsing; accepts quoted values and url escaped cookies
+
+0.11.0 / 2010-05-06
+==================
+
+ * Added support for layouts using different engines
+ - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
+ - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
+ - this.render('page.html.haml', { layout: false }) // no layout
+ * Updated ext submodule
+ * Updated haml submodule
+ * Fixed EJS partial support by passing along the context. Issue #307
+
+0.10.1 / 2010-05-03
+==================
+
+ * Fixed binary uploads.
+
+0.10.0 / 2010-04-30
+==================
+
+ * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
+ encoding is set to 'utf8' or 'utf-8').
+ * Added "encoding" option to Request#render(). Closes #299
+ * Added "dump exceptions" setting, which is enabled by default.
+ * Added simple ejs template engine support
+ * Added error response support for text/plain, application/json. Closes #297
+ * Added callback function param to Request#error()
+ * Added Request#sendHead()
+ * Added Request#stream()
+ * Added support for Request#respond(304, null) for empty response bodies
+ * Added ETag support to Request#sendfile()
+ * Added options to Request#sendfile(), passed to fs.createReadStream()
+ * Added filename arg to Request#download()
+ * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
+ * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
+ * Changed; Request#sendfile() now streams
+ * Changed; Renamed Request#halt() to Request#respond(). Closes #289
+ * Changed; Using sys.inspect() instead of JSON.encode() for error output
+ * Changed; run() returns the http.Server instance. Closes #298
+ * Changed; Defaulting Server#host to null (INADDR_ANY)
+ * Changed; Logger "common" format scale of 0.4f
+ * Removed Logger "request" format
+ * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
+ * Fixed several issues with http client
+ * Fixed Logger Content-Length output
+ * Fixed bug preventing Opera from retaining the generated session id. Closes #292
+
+0.9.0 / 2010-04-14
+==================
+
+ * Added DSL level error() route support
+ * Added DSL level notFound() route support
+ * Added Request#error()
+ * Added Request#notFound()
+ * Added Request#render() callback function. Closes #258
+ * Added "max upload size" setting
+ * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
+ * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
+ * Added callback function support to Request#halt() as 3rd/4th arg
+ * Added preprocessing of route param wildcards using param(). Closes #251
+ * Added view partial support (with collections etc.)
+ * Fixed bug preventing falsey params (such as ?page=0). Closes #286
+ * Fixed setting of multiple cookies. Closes #199
+ * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
+ * Changed; session cookie is now httpOnly
+ * Changed; Request is no longer global
+ * Changed; Event is no longer global
+ * Changed; "sys" module is no longer global
+ * Changed; moved Request#download to Static plugin where it belongs
+ * Changed; Request instance created before body parsing. Closes #262
+ * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
+ * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
+ * Updated support to node --version 0.1.90
+ * Updated dependencies
+ * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
+ * Removed utils.mixin(); use Object#mergeDeep()
+
+0.8.0 / 2010-03-19
+==================
+
+ * Added coffeescript example app. Closes #242
+ * Changed; cache api now async friendly. Closes #240
+ * Removed deprecated 'express/static' support. Use 'express/plugins/static'
+
+0.7.6 / 2010-03-19
+==================
+
+ * Added Request#isXHR. Closes #229
+ * Added `make install` (for the executable)
+ * Added `express` executable for setting up simple app templates
+ * Added "GET /public/*" to Static plugin, defaulting to <root>/public
+ * Added Static plugin
+ * Fixed; Request#render() only calls cache.get() once
+ * Fixed; Namespacing View caches with "view:"
+ * Fixed; Namespacing Static caches with "static:"
+ * Fixed; Both example apps now use the Static plugin
+ * Fixed set("views"). Closes #239
+ * Fixed missing space for combined log format
+ * Deprecated Request#sendfile() and 'express/static'
+ * Removed Server#running
+
+0.7.5 / 2010-03-16
+==================
+
+ * Added Request#flash() support without args, now returns all flashes
+ * Updated ext submodule
+
+0.7.4 / 2010-03-16
+==================
+
+ * Fixed session reaper
+ * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
+
+0.7.3 / 2010-03-16
+==================
+
+ * Added package.json
+ * Fixed requiring of haml / sass due to kiwi removal
+
+0.7.2 / 2010-03-16
+==================
+
+ * Fixed GIT submodules (HAH!)
+
+0.7.1 / 2010-03-16
+==================
+
+ * Changed; Express now using submodules again until a PM is adopted
+ * Changed; chat example using millisecond conversions from ext
+
+0.7.0 / 2010-03-15
+==================
+
+ * Added Request#pass() support (finds the next matching route, or the given path)
+ * Added Logger plugin (default "common" format replaces CommonLogger)
+ * Removed Profiler plugin
+ * Removed CommonLogger plugin
+
+0.6.0 / 2010-03-11
+==================
+
+ * Added seed.yml for kiwi package management support
+ * Added HTTP client query string support when method is GET. Closes #205
+
+ * Added support for arbitrary view engines.
+ For example "foo.engine.html" will now require('engine'),
+ the exports from this module are cached after the first require().
+
+ * Added async plugin support
+
+ * Removed usage of RESTful route funcs as http client
+ get() etc, use http.get() and friends
+
+ * Removed custom exceptions
+
+0.5.0 / 2010-03-10
+==================
+
+ * Added ext dependency (library of js extensions)
+ * Removed extname() / basename() utils. Use path module
+ * Removed toArray() util. Use arguments.values
+ * Removed escapeRegexp() util. Use RegExp.escape()
+ * Removed process.mixin() dependency. Use utils.mixin()
+ * Removed Collection
+ * Removed ElementCollection
+ * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;)
+
+0.4.0 / 2010-02-11
+==================
+
+ * Added flash() example to sample upload app
+ * Added high level restful http client module (express/http)
+ * Changed; RESTful route functions double as HTTP clients. Closes #69
+ * Changed; throwing error when routes are added at runtime
+ * Changed; defaulting render() context to the current Request. Closes #197
+ * Updated haml submodule
+
+0.3.0 / 2010-02-11
+==================
+
+ * Updated haml / sass submodules. Closes #200
+ * Added flash message support. Closes #64
+ * Added accepts() now allows multiple args. fixes #117
+ * Added support for plugins to halt. Closes #189
+ * Added alternate layout support. Closes #119
+ * Removed Route#run(). Closes #188
+ * Fixed broken specs due to use(Cookie) missing
+
+0.2.1 / 2010-02-05
+==================
+
+ * Added "plot" format option for Profiler (for gnuplot processing)
+ * Added request number to Profiler plugin
+ * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
+ * Fixed issue with routes not firing when not files are present. Closes #184
+ * Fixed process.Promise -> events.Promise
+
+0.2.0 / 2010-02-03
+==================
+
+ * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
+ * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
+ * Added expiration support to cache api with reaper. Closes #133
+ * Added cache Store.Memory#reap()
+ * Added Cache; cache api now uses first class Cache instances
+ * Added abstract session Store. Closes #172
+ * Changed; cache Memory.Store#get() utilizing Collection
+ * Renamed MemoryStore -> Store.Memory
+ * Fixed use() of the same plugin several time will always use latest options. Closes #176
+
+0.1.0 / 2010-02-03
+==================
+
+ * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
+ * Updated node support to 0.1.27 Closes #169
+ * Updated dirname(__filename) -> __dirname
+ * Updated libxmljs support to v0.2.0
+ * Added session support with memory store / reaping
+ * Added quick uid() helper
+ * Added multi-part upload support
+ * Added Sass.js support / submodule
+ * Added production env caching view contents and static files
+ * Added static file caching. Closes #136
+ * Added cache plugin with memory stores
+ * Added support to StaticFile so that it works with non-textual files.
+ * Removed dirname() helper
+ * Removed several globals (now their modules must be required)
+
+0.0.2 / 2010-01-10
+==================
+
+ * Added view benchmarks; currently haml vs ejs
+ * Added Request#attachment() specs. Closes #116
+ * Added use of node's parseQuery() util. Closes #123
+ * Added `make init` for submodules
+ * Updated Haml
+ * Updated sample chat app to show messages on load
+ * Updated libxmljs parseString -> parseHtmlString
+ * Fixed `make init` to work with older versions of git
+ * Fixed specs can now run independent specs for those who can't build deps. Closes #127
+ * Fixed issues introduced by the node url module changes. Closes 126.
+ * Fixed two assertions failing due to Collection#keys() returning strings
+ * Fixed faulty Collection#toArray() spec due to keys() returning strings
+ * Fixed `make test` now builds libxmljs.node before testing
+
+0.0.1 / 2010-01-03
+==================
+
+ * Initial release
diff --git a/node_modules/express/LICENSE b/node_modules/express/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..aa927e44e31d486f807634887662efa39256bf84
--- /dev/null
+++ b/node_modules/express/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2009-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2013-2014 Roman Shtylman <shtylman+expressjs@gmail.com>
+Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/express/Readme.md b/node_modules/express/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..bc108d55fc07a3dccfc6a62c7b1a6ef049950096
--- /dev/null
+++ b/node_modules/express/Readme.md
@@ -0,0 +1,260 @@
+[](http://expressjs.com/)
+
+**Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org).**
+
+**This project has a [Code of Conduct][].**
+
+## Table of contents
+
+* [Installation](#Installation)
+* [Features](#Features)
+* [Docs & Community](#docs--community)
+* [Quick Start](#Quick-Start)
+* [Running Tests](#Running-Tests)
+* [Philosophy](#Philosophy)
+* [Examples](#Examples)
+* [Contributing to Express](#Contributing)
+* [TC (Technical Committee)](#tc-technical-committee)
+* [Triagers](#triagers)
+* [License](#license)
+
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Install Size][npm-install-size-image]][npm-install-size-url]
+[![NPM Downloads][npm-downloads-image]][npm-downloads-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
+
+
+```js
+const express = require('express')
+const app = express()
+
+app.get('/', function (req, res) {
+ res.send('Hello World')
+})
+
+app.listen(3000)
+```
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/).
+
+Before installing, [download and install Node.js](https://nodejs.org/en/download/).
+Node.js 0.10 or higher is required.
+
+If this is a brand new project, make sure to create a `package.json` first with
+the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file).
+
+Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```console
+$ npm install express
+```
+
+Follow [our installing guide](http://expressjs.com/en/starter/installing.html)
+for more information.
+
+## Features
+
+ * Robust routing
+ * Focus on high performance
+ * Super-high test coverage
+ * HTTP helpers (redirection, caching, etc)
+ * View system supporting 14+ template engines
+ * Content negotiation
+ * Executable for generating applications quickly
+
+## Docs & Community
+
+ * [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)]
+ * [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC
+ * [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules
+ * Visit the [Wiki](https://github.com/expressjs/express/wiki)
+ * [Google Group](https://groups.google.com/group/express-js) for discussion
+ * [Gitter](https://gitter.im/expressjs/express) for support and discussion
+
+**PROTIP** Be sure to read [Migrating from 3.x to 4.x](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) as well as [New features in 4.x](https://github.com/expressjs/express/wiki/New-features-in-4.x).
+
+## Quick Start
+
+ The quickest way to get started with express is to utilize the executable [`express(1)`](https://github.com/expressjs/generator) to generate an application as shown below:
+
+ Install the executable. The executable's major version will match Express's:
+
+```console
+$ npm install -g express-generator@4
+```
+
+ Create the app:
+
+```console
+$ express /tmp/foo && cd /tmp/foo
+```
+
+ Install dependencies:
+
+```console
+$ npm install
+```
+
+ Start the server:
+
+```console
+$ npm start
+```
+
+ View the website at: http://localhost:3000
+
+## Philosophy
+
+ The Express philosophy is to provide small, robust tooling for HTTP servers, making
+ it a great solution for single page applications, websites, hybrids, or public
+ HTTP APIs.
+
+ Express does not force you to use any specific ORM or template engine. With support for over
+ 14 template engines via [Consolidate.js](https://github.com/tj/consolidate.js),
+ you can quickly craft your perfect framework.
+
+## Examples
+
+ To view the examples, clone the Express repo and install the dependencies:
+
+```console
+$ git clone https://github.com/expressjs/express.git --depth 1
+$ cd express
+$ npm install
+```
+
+ Then run whichever example you want:
+
+```console
+$ node examples/content-negotiation
+```
+
+## Contributing
+
+ [![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+ [![Windows Build][appveyor-image]][appveyor-url]
+ [![Test Coverage][coveralls-image]][coveralls-url]
+
+The Express.js project welcomes all constructive contributions. Contributions take many forms,
+from code for bug fixes and enhancements, to additions and fixes to documentation, additional
+tests, triaging incoming pull requests and issues, and more!
+
+See the [Contributing Guide](Contributing.md) for more technical details on contributing.
+
+### Security Issues
+
+If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
+
+### Running Tests
+
+To run the test suite, first install the dependencies, then run `npm test`:
+
+```console
+$ npm install
+$ npm test
+```
+
+## People
+
+The original author of Express is [TJ Holowaychuk](https://github.com/tj)
+
+[List of all contributors](https://github.com/expressjs/express/graphs/contributors)
+
+### TC (Technical Committee)
+
+* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
+* [jonchurch](https://github.com/jonchurch) - **Jon Church**
+* [wesleytodd](https://github.com/wesleytodd) - **Wes Todd**
+* [LinusU](https://github.com/LinusU) - **Linus Unnebäck**
+* [blakeembrey](https://github.com/blakeembrey) - **Blake Embrey**
+* [sheplu](https://github.com/sheplu) - **Jean Burellier**
+* [crandmck](https://github.com/crandmck) - **Rand McKinney**
+* [ctcpip](https://github.com/ctcpip) - **Chris de Almeida**
+
+<details>
+<summary>TC emeriti members</summary>
+
+#### TC emeriti members
+
+ * [dougwilson](https://github.com/dougwilson) - **Douglas Wilson**
+ * [hacksparrow](https://github.com/hacksparrow) - **Hage Yaapa**
+ * [jonathanong](https://github.com/jonathanong) - **jongleberry**
+ * [niftylettuce](https://github.com/niftylettuce) - **niftylettuce**
+ * [troygoode](https://github.com/troygoode) - **Troy Goode**
+</details>
+
+
+### Triagers
+
+* [aravindvnair99](https://github.com/aravindvnair99) - **Aravind Nair**
+* [carpasse](https://github.com/carpasse) - **Carlos Serrano**
+* [CBID2](https://github.com/CBID2) - **Christine Belzie**
+* [enyoghasim](https://github.com/enyoghasim) - **David Enyoghasim**
+* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
+* [mertcanaltin](https://github.com/mertcanaltin) - **Mert Can Altin**
+* [0ss](https://github.com/0ss) - **Salah**
+* [import-brain](https://github.com/import-brain) - **Eric Cheng** (he/him)
+* [3imed-jaberi](https://github.com/3imed-jaberi) - **Imed Jaberi**
+* [dakshkhetan](https://github.com/dakshkhetan) - **Daksh Khetan** (he/him)
+* [lucasraziel](https://github.com/lucasraziel) - **Lucas Soares Do Rego**
+* [IamLizu](https://github.com/IamLizu) - **S M Mahmudul Hasan** (he/him)
+* [Sushmeet](https://github.com/Sushmeet) - **Sushmeet Sunger**
+
+<details>
+<summary>Triagers emeriti members</summary>
+
+#### Emeritus Triagers
+
+ * [AuggieH](https://github.com/AuggieH) - **Auggie Hudak**
+ * [G-Rath](https://github.com/G-Rath) - **Gareth Jones**
+ * [MohammadXroid](https://github.com/MohammadXroid) - **Mohammad Ayashi**
+ * [NawafSwe](https://github.com/NawafSwe) - **Nawaf Alsharqi**
+ * [NotMoni](https://github.com/NotMoni) - **Moni**
+ * [VigneshMurugan](https://github.com/VigneshMurugan) - **Vignesh Murugan**
+ * [davidmashe](https://github.com/davidmashe) - **David Ashe**
+ * [digitaIfabric](https://github.com/digitaIfabric) - **David**
+ * [e-l-i-s-e](https://github.com/e-l-i-s-e) - **Elise Bonner**
+ * [fed135](https://github.com/fed135) - **Frederic Charette**
+ * [firmanJS](https://github.com/firmanJS) - **Firman Abdul Hakim**
+ * [getspooky](https://github.com/getspooky) - **Yasser Ameur**
+ * [ghinks](https://github.com/ghinks) - **Glenn**
+ * [ghousemohamed](https://github.com/ghousemohamed) - **Ghouse Mohamed**
+ * [gireeshpunathil](https://github.com/gireeshpunathil) - **Gireesh Punathil**
+ * [jake32321](https://github.com/jake32321) - **Jake Reed**
+ * [jonchurch](https://github.com/jonchurch) - **Jon Church**
+ * [lekanikotun](https://github.com/lekanikotun) - **Troy Goode**
+ * [marsonya](https://github.com/marsonya) - **Lekan Ikotun**
+ * [mastermatt](https://github.com/mastermatt) - **Matt R. Wilson**
+ * [maxakuru](https://github.com/maxakuru) - **Max Edell**
+ * [mlrawlings](https://github.com/mlrawlings) - **Michael Rawlings**
+ * [rodion-arr](https://github.com/rodion-arr) - **Rodion Abdurakhimov**
+ * [sheplu](https://github.com/sheplu) - **Jean Burellier**
+ * [tarunyadav1](https://github.com/tarunyadav1) - **Tarun yadav**
+ * [tunniclm](https://github.com/tunniclm) - **Mike Tunnicliffe**
+</details>
+
+
+## License
+
+ [MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
+[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
+[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux
+[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
+[npm-downloads-image]: https://badgen.net/npm/dm/express
+[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
+[npm-install-size-image]: https://badgen.net/packagephobia/install/express
+[npm-install-size-url]: https://packagephobia.com/result?p=express
+[npm-url]: https://npmjs.org/package/express
+[npm-version-image]: https://badgen.net/npm/v/express
+[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/express/badge
+[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/express
+[Code of Conduct]: https://github.com/expressjs/express/blob/master/Code-Of-Conduct.md
diff --git a/node_modules/express/index.js b/node_modules/express/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..d219b0c878dc6136eb2096cffa140bf6bf2b8e9c
--- /dev/null
+++ b/node_modules/express/index.js
@@ -0,0 +1,11 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+module.exports = require('./lib/express');
diff --git a/node_modules/express/lib/application.js b/node_modules/express/lib/application.js
new file mode 100644
index 0000000000000000000000000000000000000000..ebb30b51b3d6e84d33288251d11ab92d8462c181
--- /dev/null
+++ b/node_modules/express/lib/application.js
@@ -0,0 +1,661 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var finalhandler = require('finalhandler');
+var Router = require('./router');
+var methods = require('methods');
+var middleware = require('./middleware/init');
+var query = require('./middleware/query');
+var debug = require('debug')('express:application');
+var View = require('./view');
+var http = require('http');
+var compileETag = require('./utils').compileETag;
+var compileQueryParser = require('./utils').compileQueryParser;
+var compileTrust = require('./utils').compileTrust;
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var merge = require('utils-merge');
+var resolve = require('path').resolve;
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty
+var slice = Array.prototype.slice;
+
+/**
+ * Application prototype.
+ */
+
+var app = exports = module.exports = {};
+
+/**
+ * Variable for trust proxy inheritance back-compat
+ * @private
+ */
+
+var trustProxyDefaultSymbol = '@@symbol:trust_proxy_default';
+
+/**
+ * Initialize the server.
+ *
+ * - setup default configuration
+ * - setup default middleware
+ * - setup route reflection methods
+ *
+ * @private
+ */
+
+app.init = function init() {
+ this.cache = {};
+ this.engines = {};
+ this.settings = {};
+
+ this.defaultConfiguration();
+};
+
+/**
+ * Initialize application configuration.
+ * @private
+ */
+
+app.defaultConfiguration = function defaultConfiguration() {
+ var env = process.env.NODE_ENV || 'development';
+
+ // default settings
+ this.enable('x-powered-by');
+ this.set('etag', 'weak');
+ this.set('env', env);
+ this.set('query parser', 'extended');
+ this.set('subdomain offset', 2);
+ this.set('trust proxy', false);
+
+ // trust proxy inherit back-compat
+ Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
+ configurable: true,
+ value: true
+ });
+
+ debug('booting in %s mode', env);
+
+ this.on('mount', function onmount(parent) {
+ // inherit trust proxy
+ if (this.settings[trustProxyDefaultSymbol] === true
+ && typeof parent.settings['trust proxy fn'] === 'function') {
+ delete this.settings['trust proxy'];
+ delete this.settings['trust proxy fn'];
+ }
+
+ // inherit protos
+ setPrototypeOf(this.request, parent.request)
+ setPrototypeOf(this.response, parent.response)
+ setPrototypeOf(this.engines, parent.engines)
+ setPrototypeOf(this.settings, parent.settings)
+ });
+
+ // setup locals
+ this.locals = Object.create(null);
+
+ // top-most app is mounted at /
+ this.mountpath = '/';
+
+ // default locals
+ this.locals.settings = this.settings;
+
+ // default configuration
+ this.set('view', View);
+ this.set('views', resolve('views'));
+ this.set('jsonp callback name', 'callback');
+
+ if (env === 'production') {
+ this.enable('view cache');
+ }
+
+ Object.defineProperty(this, 'router', {
+ get: function() {
+ throw new Error('\'app.router\' is deprecated!\nPlease see the 3.x to 4.x migration guide for details on how to update your app.');
+ }
+ });
+};
+
+/**
+ * lazily adds the base router if it has not yet been added.
+ *
+ * We cannot add the base router in the defaultConfiguration because
+ * it reads app settings which might be set after that has run.
+ *
+ * @private
+ */
+app.lazyrouter = function lazyrouter() {
+ if (!this._router) {
+ this._router = new Router({
+ caseSensitive: this.enabled('case sensitive routing'),
+ strict: this.enabled('strict routing')
+ });
+
+ this._router.use(query(this.get('query parser fn')));
+ this._router.use(middleware.init(this));
+ }
+};
+
+/**
+ * Dispatch a req, res pair into the application. Starts pipeline processing.
+ *
+ * If no callback is provided, then default error handlers will respond
+ * in the event of an error bubbling through the stack.
+ *
+ * @private
+ */
+
+app.handle = function handle(req, res, callback) {
+ var router = this._router;
+
+ // final handler
+ var done = callback || finalhandler(req, res, {
+ env: this.get('env'),
+ onerror: logerror.bind(this)
+ });
+
+ // no routes
+ if (!router) {
+ debug('no routes defined on app');
+ done();
+ return;
+ }
+
+ router.handle(req, res, done);
+};
+
+/**
+ * Proxy `Router#use()` to add middleware to the app router.
+ * See Router#use() documentation for details.
+ *
+ * If the _fn_ parameter is an express app, then it will be
+ * mounted at the _route_ specified.
+ *
+ * @public
+ */
+
+app.use = function use(fn) {
+ var offset = 0;
+ var path = '/';
+
+ // default path to '/'
+ // disambiguate app.use([fn])
+ if (typeof fn !== 'function') {
+ var arg = fn;
+
+ while (Array.isArray(arg) && arg.length !== 0) {
+ arg = arg[0];
+ }
+
+ // first arg is the path
+ if (typeof arg !== 'function') {
+ offset = 1;
+ path = fn;
+ }
+ }
+
+ var fns = flatten(slice.call(arguments, offset));
+
+ if (fns.length === 0) {
+ throw new TypeError('app.use() requires a middleware function')
+ }
+
+ // setup router
+ this.lazyrouter();
+ var router = this._router;
+
+ fns.forEach(function (fn) {
+ // non-express app
+ if (!fn || !fn.handle || !fn.set) {
+ return router.use(path, fn);
+ }
+
+ debug('.use app under %s', path);
+ fn.mountpath = path;
+ fn.parent = this;
+
+ // restore .app property on req and res
+ router.use(path, function mounted_app(req, res, next) {
+ var orig = req.app;
+ fn.handle(req, res, function (err) {
+ setPrototypeOf(req, orig.request)
+ setPrototypeOf(res, orig.response)
+ next(err);
+ });
+ });
+
+ // mounted an app
+ fn.emit('mount', this);
+ }, this);
+
+ return this;
+};
+
+/**
+ * Proxy to the app `Router#route()`
+ * Returns a new `Route` instance for the _path_.
+ *
+ * Routes are isolated middleware stacks for specific paths.
+ * See the Route api docs for details.
+ *
+ * @public
+ */
+
+app.route = function route(path) {
+ this.lazyrouter();
+ return this._router.route(path);
+};
+
+/**
+ * Register the given template engine callback `fn`
+ * as `ext`.
+ *
+ * By default will `require()` the engine based on the
+ * file extension. For example if you try to render
+ * a "foo.ejs" file Express will invoke the following internally:
+ *
+ * app.engine('ejs', require('ejs').__express);
+ *
+ * For engines that do not provide `.__express` out of the box,
+ * or if you wish to "map" a different extension to the template engine
+ * you may use this method. For example mapping the EJS template engine to
+ * ".html" files:
+ *
+ * app.engine('html', require('ejs').renderFile);
+ *
+ * In this case EJS provides a `.renderFile()` method with
+ * the same signature that Express expects: `(path, options, callback)`,
+ * though note that it aliases this method as `ejs.__express` internally
+ * so if you're using ".ejs" extensions you don't need to do anything.
+ *
+ * Some template engines do not follow this convention, the
+ * [Consolidate.js](https://github.com/tj/consolidate.js)
+ * library was created to map all of node's popular template
+ * engines to follow this convention, thus allowing them to
+ * work seamlessly within Express.
+ *
+ * @param {String} ext
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+app.engine = function engine(ext, fn) {
+ if (typeof fn !== 'function') {
+ throw new Error('callback function required');
+ }
+
+ // get file extension
+ var extension = ext[0] !== '.'
+ ? '.' + ext
+ : ext;
+
+ // store engine
+ this.engines[extension] = fn;
+
+ return this;
+};
+
+/**
+ * Proxy to `Router#param()` with one added api feature. The _name_ parameter
+ * can be an array of names.
+ *
+ * See the Router#param() docs for more details.
+ *
+ * @param {String|Array} name
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+app.param = function param(name, fn) {
+ this.lazyrouter();
+
+ if (Array.isArray(name)) {
+ for (var i = 0; i < name.length; i++) {
+ this.param(name[i], fn);
+ }
+
+ return this;
+ }
+
+ this._router.param(name, fn);
+
+ return this;
+};
+
+/**
+ * Assign `setting` to `val`, or return `setting`'s value.
+ *
+ * app.set('foo', 'bar');
+ * app.set('foo');
+ * // => "bar"
+ *
+ * Mounted servers inherit their parent server's settings.
+ *
+ * @param {String} setting
+ * @param {*} [val]
+ * @return {Server} for chaining
+ * @public
+ */
+
+app.set = function set(setting, val) {
+ if (arguments.length === 1) {
+ // app.get(setting)
+ var settings = this.settings
+
+ while (settings && settings !== Object.prototype) {
+ if (hasOwnProperty.call(settings, setting)) {
+ return settings[setting]
+ }
+
+ settings = Object.getPrototypeOf(settings)
+ }
+
+ return undefined
+ }
+
+ debug('set "%s" to %o', setting, val);
+
+ // set value
+ this.settings[setting] = val;
+
+ // trigger matched settings
+ switch (setting) {
+ case 'etag':
+ this.set('etag fn', compileETag(val));
+ break;
+ case 'query parser':
+ this.set('query parser fn', compileQueryParser(val));
+ break;
+ case 'trust proxy':
+ this.set('trust proxy fn', compileTrust(val));
+
+ // trust proxy inherit back-compat
+ Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
+ configurable: true,
+ value: false
+ });
+
+ break;
+ }
+
+ return this;
+};
+
+/**
+ * Return the app's absolute pathname
+ * based on the parent(s) that have
+ * mounted it.
+ *
+ * For example if the application was
+ * mounted as "/admin", which itself
+ * was mounted as "/blog" then the
+ * return value would be "/blog/admin".
+ *
+ * @return {String}
+ * @private
+ */
+
+app.path = function path() {
+ return this.parent
+ ? this.parent.path() + this.mountpath
+ : '';
+};
+
+/**
+ * Check if `setting` is enabled (truthy).
+ *
+ * app.enabled('foo')
+ * // => false
+ *
+ * app.enable('foo')
+ * app.enabled('foo')
+ * // => true
+ *
+ * @param {String} setting
+ * @return {Boolean}
+ * @public
+ */
+
+app.enabled = function enabled(setting) {
+ return Boolean(this.set(setting));
+};
+
+/**
+ * Check if `setting` is disabled.
+ *
+ * app.disabled('foo')
+ * // => true
+ *
+ * app.enable('foo')
+ * app.disabled('foo')
+ * // => false
+ *
+ * @param {String} setting
+ * @return {Boolean}
+ * @public
+ */
+
+app.disabled = function disabled(setting) {
+ return !this.set(setting);
+};
+
+/**
+ * Enable `setting`.
+ *
+ * @param {String} setting
+ * @return {app} for chaining
+ * @public
+ */
+
+app.enable = function enable(setting) {
+ return this.set(setting, true);
+};
+
+/**
+ * Disable `setting`.
+ *
+ * @param {String} setting
+ * @return {app} for chaining
+ * @public
+ */
+
+app.disable = function disable(setting) {
+ return this.set(setting, false);
+};
+
+/**
+ * Delegate `.VERB(...)` calls to `router.VERB(...)`.
+ */
+
+methods.forEach(function(method){
+ app[method] = function(path){
+ if (method === 'get' && arguments.length === 1) {
+ // app.get(setting)
+ return this.set(path);
+ }
+
+ this.lazyrouter();
+
+ var route = this._router.route(path);
+ route[method].apply(route, slice.call(arguments, 1));
+ return this;
+ };
+});
+
+/**
+ * Special-cased "all" method, applying the given route `path`,
+ * middleware, and callback to _every_ HTTP method.
+ *
+ * @param {String} path
+ * @param {Function} ...
+ * @return {app} for chaining
+ * @public
+ */
+
+app.all = function all(path) {
+ this.lazyrouter();
+
+ var route = this._router.route(path);
+ var args = slice.call(arguments, 1);
+
+ for (var i = 0; i < methods.length; i++) {
+ route[methods[i]].apply(route, args);
+ }
+
+ return this;
+};
+
+// del -> delete alias
+
+app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead');
+
+/**
+ * Render the given view `name` name with `options`
+ * and a callback accepting an error and the
+ * rendered template string.
+ *
+ * Example:
+ *
+ * app.render('email', { name: 'Tobi' }, function(err, html){
+ * // ...
+ * })
+ *
+ * @param {String} name
+ * @param {Object|Function} options or fn
+ * @param {Function} callback
+ * @public
+ */
+
+app.render = function render(name, options, callback) {
+ var cache = this.cache;
+ var done = callback;
+ var engines = this.engines;
+ var opts = options;
+ var renderOptions = {};
+ var view;
+
+ // support callback function as second arg
+ if (typeof options === 'function') {
+ done = options;
+ opts = {};
+ }
+
+ // merge app.locals
+ merge(renderOptions, this.locals);
+
+ // merge options._locals
+ if (opts._locals) {
+ merge(renderOptions, opts._locals);
+ }
+
+ // merge options
+ merge(renderOptions, opts);
+
+ // set .cache unless explicitly provided
+ if (renderOptions.cache == null) {
+ renderOptions.cache = this.enabled('view cache');
+ }
+
+ // primed cache
+ if (renderOptions.cache) {
+ view = cache[name];
+ }
+
+ // view
+ if (!view) {
+ var View = this.get('view');
+
+ view = new View(name, {
+ defaultEngine: this.get('view engine'),
+ root: this.get('views'),
+ engines: engines
+ });
+
+ if (!view.path) {
+ var dirs = Array.isArray(view.root) && view.root.length > 1
+ ? 'directories "' + view.root.slice(0, -1).join('", "') + '" or "' + view.root[view.root.length - 1] + '"'
+ : 'directory "' + view.root + '"'
+ var err = new Error('Failed to lookup view "' + name + '" in views ' + dirs);
+ err.view = view;
+ return done(err);
+ }
+
+ // prime the cache
+ if (renderOptions.cache) {
+ cache[name] = view;
+ }
+ }
+
+ // render
+ tryRender(view, renderOptions, done);
+};
+
+/**
+ * Listen for connections.
+ *
+ * A node `http.Server` is returned, with this
+ * application (which is a `Function`) as its
+ * callback. If you wish to create both an HTTP
+ * and HTTPS server you may do so with the "http"
+ * and "https" modules as shown here:
+ *
+ * var http = require('http')
+ * , https = require('https')
+ * , express = require('express')
+ * , app = express();
+ *
+ * http.createServer(app).listen(80);
+ * https.createServer({ ... }, app).listen(443);
+ *
+ * @return {http.Server}
+ * @public
+ */
+
+app.listen = function listen() {
+ var server = http.createServer(this);
+ return server.listen.apply(server, arguments);
+};
+
+/**
+ * Log error using console.error.
+ *
+ * @param {Error} err
+ * @private
+ */
+
+function logerror(err) {
+ /* istanbul ignore next */
+ if (this.get('env') !== 'test') console.error(err.stack || err.toString());
+}
+
+/**
+ * Try rendering a view.
+ * @private
+ */
+
+function tryRender(view, options, callback) {
+ try {
+ view.render(options, callback);
+ } catch (err) {
+ callback(err);
+ }
+}
diff --git a/node_modules/express/lib/express.js b/node_modules/express/lib/express.js
new file mode 100644
index 0000000000000000000000000000000000000000..d188a16db70387967e0f913c2ee7c0bf9f7ffb09
--- /dev/null
+++ b/node_modules/express/lib/express.js
@@ -0,0 +1,116 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+var bodyParser = require('body-parser')
+var EventEmitter = require('events').EventEmitter;
+var mixin = require('merge-descriptors');
+var proto = require('./application');
+var Route = require('./router/route');
+var Router = require('./router');
+var req = require('./request');
+var res = require('./response');
+
+/**
+ * Expose `createApplication()`.
+ */
+
+exports = module.exports = createApplication;
+
+/**
+ * Create an express application.
+ *
+ * @return {Function}
+ * @api public
+ */
+
+function createApplication() {
+ var app = function(req, res, next) {
+ app.handle(req, res, next);
+ };
+
+ mixin(app, EventEmitter.prototype, false);
+ mixin(app, proto, false);
+
+ // expose the prototype that will get set on requests
+ app.request = Object.create(req, {
+ app: { configurable: true, enumerable: true, writable: true, value: app }
+ })
+
+ // expose the prototype that will get set on responses
+ app.response = Object.create(res, {
+ app: { configurable: true, enumerable: true, writable: true, value: app }
+ })
+
+ app.init();
+ return app;
+}
+
+/**
+ * Expose the prototypes.
+ */
+
+exports.application = proto;
+exports.request = req;
+exports.response = res;
+
+/**
+ * Expose constructors.
+ */
+
+exports.Route = Route;
+exports.Router = Router;
+
+/**
+ * Expose middleware
+ */
+
+exports.json = bodyParser.json
+exports.query = require('./middleware/query');
+exports.raw = bodyParser.raw
+exports.static = require('serve-static');
+exports.text = bodyParser.text
+exports.urlencoded = bodyParser.urlencoded
+
+/**
+ * Replace removed middleware with an appropriate error message.
+ */
+
+var removedMiddlewares = [
+ 'bodyParser',
+ 'compress',
+ 'cookieSession',
+ 'session',
+ 'logger',
+ 'cookieParser',
+ 'favicon',
+ 'responseTime',
+ 'errorHandler',
+ 'timeout',
+ 'methodOverride',
+ 'vhost',
+ 'csrf',
+ 'directory',
+ 'limit',
+ 'multipart',
+ 'staticCache'
+]
+
+removedMiddlewares.forEach(function (name) {
+ Object.defineProperty(exports, name, {
+ get: function () {
+ throw new Error('Most middleware (like ' + name + ') is no longer bundled with Express and must be installed separately. Please see https://github.com/senchalabs/connect#middleware.');
+ },
+ configurable: true
+ });
+});
diff --git a/node_modules/express/lib/middleware/init.js b/node_modules/express/lib/middleware/init.js
new file mode 100644
index 0000000000000000000000000000000000000000..dfd042747bdb971d9760e9575241ddaa1b776cd8
--- /dev/null
+++ b/node_modules/express/lib/middleware/init.js
@@ -0,0 +1,43 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Initialization middleware, exposing the
+ * request and response to each other, as well
+ * as defaulting the X-Powered-By header field.
+ *
+ * @param {Function} app
+ * @return {Function}
+ * @api private
+ */
+
+exports.init = function(app){
+ return function expressInit(req, res, next){
+ if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express');
+ req.res = res;
+ res.req = req;
+ req.next = next;
+
+ setPrototypeOf(req, app.request)
+ setPrototypeOf(res, app.response)
+
+ res.locals = res.locals || Object.create(null);
+
+ next();
+ };
+};
+
diff --git a/node_modules/express/lib/middleware/query.js b/node_modules/express/lib/middleware/query.js
new file mode 100644
index 0000000000000000000000000000000000000000..7e9166947aff3be10f7ffec3771c92581ce211da
--- /dev/null
+++ b/node_modules/express/lib/middleware/query.js
@@ -0,0 +1,47 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+var merge = require('utils-merge')
+var parseUrl = require('parseurl');
+var qs = require('qs');
+
+/**
+ * @param {Object} options
+ * @return {Function}
+ * @api public
+ */
+
+module.exports = function query(options) {
+ var opts = merge({}, options)
+ var queryparse = qs.parse;
+
+ if (typeof options === 'function') {
+ queryparse = options;
+ opts = undefined;
+ }
+
+ if (opts !== undefined && opts.allowPrototypes === undefined) {
+ // back-compat for qs module
+ opts.allowPrototypes = true;
+ }
+
+ return function query(req, res, next){
+ if (!req.query) {
+ var val = parseUrl(req).query;
+ req.query = queryparse(val, opts);
+ }
+
+ next();
+ };
+};
diff --git a/node_modules/express/lib/request.js b/node_modules/express/lib/request.js
new file mode 100644
index 0000000000000000000000000000000000000000..3f1eeca6c1ac502dfb12ae0144a3a5cced4f34a3
--- /dev/null
+++ b/node_modules/express/lib/request.js
@@ -0,0 +1,525 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var accepts = require('accepts');
+var deprecate = require('depd')('express');
+var isIP = require('net').isIP;
+var typeis = require('type-is');
+var http = require('http');
+var fresh = require('fresh');
+var parseRange = require('range-parser');
+var parse = require('parseurl');
+var proxyaddr = require('proxy-addr');
+
+/**
+ * Request prototype.
+ * @public
+ */
+
+var req = Object.create(http.IncomingMessage.prototype)
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = req
+
+/**
+ * Return request header.
+ *
+ * The `Referrer` header field is special-cased,
+ * both `Referrer` and `Referer` are interchangeable.
+ *
+ * Examples:
+ *
+ * req.get('Content-Type');
+ * // => "text/plain"
+ *
+ * req.get('content-type');
+ * // => "text/plain"
+ *
+ * req.get('Something');
+ * // => undefined
+ *
+ * Aliased as `req.header()`.
+ *
+ * @param {String} name
+ * @return {String}
+ * @public
+ */
+
+req.get =
+req.header = function header(name) {
+ if (!name) {
+ throw new TypeError('name argument is required to req.get');
+ }
+
+ if (typeof name !== 'string') {
+ throw new TypeError('name must be a string to req.get');
+ }
+
+ var lc = name.toLowerCase();
+
+ switch (lc) {
+ case 'referer':
+ case 'referrer':
+ return this.headers.referrer
+ || this.headers.referer;
+ default:
+ return this.headers[lc];
+ }
+};
+
+/**
+ * To do: update docs.
+ *
+ * Check if the given `type(s)` is acceptable, returning
+ * the best match when true, otherwise `undefined`, in which
+ * case you should respond with 406 "Not Acceptable".
+ *
+ * The `type` value may be a single MIME type string
+ * such as "application/json", an extension name
+ * such as "json", a comma-delimited list such as "json, html, text/plain",
+ * an argument list such as `"json", "html", "text/plain"`,
+ * or an array `["json", "html", "text/plain"]`. When a list
+ * or array is given, the _best_ match, if any is returned.
+ *
+ * Examples:
+ *
+ * // Accept: text/html
+ * req.accepts('html');
+ * // => "html"
+ *
+ * // Accept: text/*, application/json
+ * req.accepts('html');
+ * // => "html"
+ * req.accepts('text/html');
+ * // => "text/html"
+ * req.accepts('json, text');
+ * // => "json"
+ * req.accepts('application/json');
+ * // => "application/json"
+ *
+ * // Accept: text/*, application/json
+ * req.accepts('image/png');
+ * req.accepts('png');
+ * // => undefined
+ *
+ * // Accept: text/*;q=.5, application/json
+ * req.accepts(['html', 'json']);
+ * req.accepts('html', 'json');
+ * req.accepts('html, json');
+ * // => "json"
+ *
+ * @param {String|Array} type(s)
+ * @return {String|Array|Boolean}
+ * @public
+ */
+
+req.accepts = function(){
+ var accept = accepts(this);
+ return accept.types.apply(accept, arguments);
+};
+
+/**
+ * Check if the given `encoding`s are accepted.
+ *
+ * @param {String} ...encoding
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsEncodings = function(){
+ var accept = accepts(this);
+ return accept.encodings.apply(accept, arguments);
+};
+
+req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
+ 'req.acceptsEncoding: Use acceptsEncodings instead');
+
+/**
+ * Check if the given `charset`s are acceptable,
+ * otherwise you should respond with 406 "Not Acceptable".
+ *
+ * @param {String} ...charset
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsCharsets = function(){
+ var accept = accepts(this);
+ return accept.charsets.apply(accept, arguments);
+};
+
+req.acceptsCharset = deprecate.function(req.acceptsCharsets,
+ 'req.acceptsCharset: Use acceptsCharsets instead');
+
+/**
+ * Check if the given `lang`s are acceptable,
+ * otherwise you should respond with 406 "Not Acceptable".
+ *
+ * @param {String} ...lang
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsLanguages = function(){
+ var accept = accepts(this);
+ return accept.languages.apply(accept, arguments);
+};
+
+req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
+ 'req.acceptsLanguage: Use acceptsLanguages instead');
+
+/**
+ * Parse Range header field, capping to the given `size`.
+ *
+ * Unspecified ranges such as "0-" require knowledge of your resource length. In
+ * the case of a byte range this is of course the total number of bytes. If the
+ * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
+ * and `-2` when syntactically invalid.
+ *
+ * When ranges are returned, the array has a "type" property which is the type of
+ * range that is required (most commonly, "bytes"). Each array element is an object
+ * with a "start" and "end" property for the portion of the range.
+ *
+ * The "combine" option can be set to `true` and overlapping & adjacent ranges
+ * will be combined into a single range.
+ *
+ * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
+ * should respond with 4 users when available, not 3.
+ *
+ * @param {number} size
+ * @param {object} [options]
+ * @param {boolean} [options.combine=false]
+ * @return {number|array}
+ * @public
+ */
+
+req.range = function range(size, options) {
+ var range = this.get('Range');
+ if (!range) return;
+ return parseRange(size, range, options);
+};
+
+/**
+ * Return the value of param `name` when present or `defaultValue`.
+ *
+ * - Checks route placeholders, ex: _/user/:id_
+ * - Checks body params, ex: id=12, {"id":12}
+ * - Checks query string params, ex: ?id=12
+ *
+ * To utilize request bodies, `req.body`
+ * should be an object. This can be done by using
+ * the `bodyParser()` middleware.
+ *
+ * @param {String} name
+ * @param {Mixed} [defaultValue]
+ * @return {String}
+ * @public
+ */
+
+req.param = function param(name, defaultValue) {
+ var params = this.params || {};
+ var body = this.body || {};
+ var query = this.query || {};
+
+ var args = arguments.length === 1
+ ? 'name'
+ : 'name, default';
+ deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
+
+ if (null != params[name] && params.hasOwnProperty(name)) return params[name];
+ if (null != body[name]) return body[name];
+ if (null != query[name]) return query[name];
+
+ return defaultValue;
+};
+
+/**
+ * Check if the incoming request contains the "Content-Type"
+ * header field, and it contains the given mime `type`.
+ *
+ * Examples:
+ *
+ * // With Content-Type: text/html; charset=utf-8
+ * req.is('html');
+ * req.is('text/html');
+ * req.is('text/*');
+ * // => true
+ *
+ * // When Content-Type is application/json
+ * req.is('json');
+ * req.is('application/json');
+ * req.is('application/*');
+ * // => true
+ *
+ * req.is('html');
+ * // => false
+ *
+ * @param {String|Array} types...
+ * @return {String|false|null}
+ * @public
+ */
+
+req.is = function is(types) {
+ var arr = types;
+
+ // support flattened arguments
+ if (!Array.isArray(types)) {
+ arr = new Array(arguments.length);
+ for (var i = 0; i < arr.length; i++) {
+ arr[i] = arguments[i];
+ }
+ }
+
+ return typeis(this, arr);
+};
+
+/**
+ * Return the protocol string "http" or "https"
+ * when requested with TLS. When the "trust proxy"
+ * setting trusts the socket address, the
+ * "X-Forwarded-Proto" header field will be trusted
+ * and used if present.
+ *
+ * If you're running behind a reverse proxy that
+ * supplies https for you this may be enabled.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'protocol', function protocol(){
+ var proto = this.connection.encrypted
+ ? 'https'
+ : 'http';
+ var trust = this.app.get('trust proxy fn');
+
+ if (!trust(this.connection.remoteAddress, 0)) {
+ return proto;
+ }
+
+ // Note: X-Forwarded-Proto is normally only ever a
+ // single value, but this is to be safe.
+ var header = this.get('X-Forwarded-Proto') || proto
+ var index = header.indexOf(',')
+
+ return index !== -1
+ ? header.substring(0, index).trim()
+ : header.trim()
+});
+
+/**
+ * Short-hand for:
+ *
+ * req.protocol === 'https'
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'secure', function secure(){
+ return this.protocol === 'https';
+});
+
+/**
+ * Return the remote address from the trusted proxy.
+ *
+ * The is the remote address on the socket unless
+ * "trust proxy" is set.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'ip', function ip(){
+ var trust = this.app.get('trust proxy fn');
+ return proxyaddr(this, trust);
+});
+
+/**
+ * When "trust proxy" is set, trusted proxy addresses + client.
+ *
+ * For example if the value were "client, proxy1, proxy2"
+ * you would receive the array `["client", "proxy1", "proxy2"]`
+ * where "proxy2" is the furthest down-stream and "proxy1" and
+ * "proxy2" were trusted.
+ *
+ * @return {Array}
+ * @public
+ */
+
+defineGetter(req, 'ips', function ips() {
+ var trust = this.app.get('trust proxy fn');
+ var addrs = proxyaddr.all(this, trust);
+
+ // reverse the order (to farthest -> closest)
+ // and remove socket address
+ addrs.reverse().pop()
+
+ return addrs
+});
+
+/**
+ * Return subdomains as an array.
+ *
+ * Subdomains are the dot-separated parts of the host before the main domain of
+ * the app. By default, the domain of the app is assumed to be the last two
+ * parts of the host. This can be changed by setting "subdomain offset".
+ *
+ * For example, if the domain is "tobi.ferrets.example.com":
+ * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
+ * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
+ *
+ * @return {Array}
+ * @public
+ */
+
+defineGetter(req, 'subdomains', function subdomains() {
+ var hostname = this.hostname;
+
+ if (!hostname) return [];
+
+ var offset = this.app.get('subdomain offset');
+ var subdomains = !isIP(hostname)
+ ? hostname.split('.').reverse()
+ : [hostname];
+
+ return subdomains.slice(offset);
+});
+
+/**
+ * Short-hand for `url.parse(req.url).pathname`.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'path', function path() {
+ return parse(this).pathname;
+});
+
+/**
+ * Parse the "Host" header field to a hostname.
+ *
+ * When the "trust proxy" setting trusts the socket
+ * address, the "X-Forwarded-Host" header field will
+ * be trusted.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'hostname', function hostname(){
+ var trust = this.app.get('trust proxy fn');
+ var host = this.get('X-Forwarded-Host');
+
+ if (!host || !trust(this.connection.remoteAddress, 0)) {
+ host = this.get('Host');
+ } else if (host.indexOf(',') !== -1) {
+ // Note: X-Forwarded-Host is normally only ever a
+ // single value, but this is to be safe.
+ host = host.substring(0, host.indexOf(',')).trimRight()
+ }
+
+ if (!host) return;
+
+ // IPv6 literal support
+ var offset = host[0] === '['
+ ? host.indexOf(']') + 1
+ : 0;
+ var index = host.indexOf(':', offset);
+
+ return index !== -1
+ ? host.substring(0, index)
+ : host;
+});
+
+// TODO: change req.host to return host in next major
+
+defineGetter(req, 'host', deprecate.function(function host(){
+ return this.hostname;
+}, 'req.host: Use req.hostname instead'));
+
+/**
+ * Check if the request is fresh, aka
+ * Last-Modified and/or the ETag
+ * still match.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'fresh', function(){
+ var method = this.method;
+ var res = this.res
+ var status = res.statusCode
+
+ // GET or HEAD for weak freshness validation only
+ if ('GET' !== method && 'HEAD' !== method) return false;
+
+ // 2xx or 304 as per rfc2616 14.26
+ if ((status >= 200 && status < 300) || 304 === status) {
+ return fresh(this.headers, {
+ 'etag': res.get('ETag'),
+ 'last-modified': res.get('Last-Modified')
+ })
+ }
+
+ return false;
+});
+
+/**
+ * Check if the request is stale, aka
+ * "Last-Modified" and / or the "ETag" for the
+ * resource has changed.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'stale', function stale(){
+ return !this.fresh;
+});
+
+/**
+ * Check if the request was an _XMLHttpRequest_.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'xhr', function xhr(){
+ var val = this.get('X-Requested-With') || '';
+ return val.toLowerCase() === 'xmlhttprequest';
+});
+
+/**
+ * Helper function for creating a getter on an object.
+ *
+ * @param {Object} obj
+ * @param {String} name
+ * @param {Function} getter
+ * @private
+ */
+function defineGetter(obj, name, getter) {
+ Object.defineProperty(obj, name, {
+ configurable: true,
+ enumerable: true,
+ get: getter
+ });
+}
diff --git a/node_modules/express/lib/response.js b/node_modules/express/lib/response.js
new file mode 100644
index 0000000000000000000000000000000000000000..2b654f4c6629c821bbeaaeee970b199a420fd8b3
--- /dev/null
+++ b/node_modules/express/lib/response.js
@@ -0,0 +1,1179 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Buffer = require('safe-buffer').Buffer
+var contentDisposition = require('content-disposition');
+var createError = require('http-errors')
+var deprecate = require('depd')('express');
+var encodeUrl = require('encodeurl');
+var escapeHtml = require('escape-html');
+var http = require('http');
+var isAbsolute = require('./utils').isAbsolute;
+var onFinished = require('on-finished');
+var path = require('path');
+var statuses = require('statuses')
+var merge = require('utils-merge');
+var sign = require('cookie-signature').sign;
+var normalizeType = require('./utils').normalizeType;
+var normalizeTypes = require('./utils').normalizeTypes;
+var setCharset = require('./utils').setCharset;
+var cookie = require('cookie');
+var send = require('send');
+var extname = path.extname;
+var mime = send.mime;
+var resolve = path.resolve;
+var vary = require('vary');
+
+/**
+ * Response prototype.
+ * @public
+ */
+
+var res = Object.create(http.ServerResponse.prototype)
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = res
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var charsetRegExp = /;\s*charset\s*=/;
+
+/**
+ * Set status `code`.
+ *
+ * @param {Number} code
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.status = function status(code) {
+ if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) {
+ deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead')
+ }
+ this.statusCode = code;
+ return this;
+};
+
+/**
+ * Set Link header field with the given `links`.
+ *
+ * Examples:
+ *
+ * res.links({
+ * next: 'http://api.example.com/users?page=2',
+ * last: 'http://api.example.com/users?page=5'
+ * });
+ *
+ * @param {Object} links
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.links = function(links){
+ var link = this.get('Link') || '';
+ if (link) link += ', ';
+ return this.set('Link', link + Object.keys(links).map(function(rel){
+ return '<' + links[rel] + '>; rel="' + rel + '"';
+ }).join(', '));
+};
+
+/**
+ * Send a response.
+ *
+ * Examples:
+ *
+ * res.send(Buffer.from('wahoo'));
+ * res.send({ some: 'json' });
+ * res.send('<p>some html</p>');
+ *
+ * @param {string|number|boolean|object|Buffer} body
+ * @public
+ */
+
+res.send = function send(body) {
+ var chunk = body;
+ var encoding;
+ var req = this.req;
+ var type;
+
+ // settings
+ var app = this.app;
+
+ // allow status / body
+ if (arguments.length === 2) {
+ // res.send(body, status) backwards compat
+ if (typeof arguments[0] !== 'number' && typeof arguments[1] === 'number') {
+ deprecate('res.send(body, status): Use res.status(status).send(body) instead');
+ this.statusCode = arguments[1];
+ } else {
+ deprecate('res.send(status, body): Use res.status(status).send(body) instead');
+ this.statusCode = arguments[0];
+ chunk = arguments[1];
+ }
+ }
+
+ // disambiguate res.send(status) and res.send(status, num)
+ if (typeof chunk === 'number' && arguments.length === 1) {
+ // res.send(status) will set status message as text string
+ if (!this.get('Content-Type')) {
+ this.type('txt');
+ }
+
+ deprecate('res.send(status): Use res.sendStatus(status) instead');
+ this.statusCode = chunk;
+ chunk = statuses.message[chunk]
+ }
+
+ switch (typeof chunk) {
+ // string defaulting to html
+ case 'string':
+ if (!this.get('Content-Type')) {
+ this.type('html');
+ }
+ break;
+ case 'boolean':
+ case 'number':
+ case 'object':
+ if (chunk === null) {
+ chunk = '';
+ } else if (Buffer.isBuffer(chunk)) {
+ if (!this.get('Content-Type')) {
+ this.type('bin');
+ }
+ } else {
+ return this.json(chunk);
+ }
+ break;
+ }
+
+ // write strings in utf-8
+ if (typeof chunk === 'string') {
+ encoding = 'utf8';
+ type = this.get('Content-Type');
+
+ // reflect this in content-type
+ if (typeof type === 'string') {
+ this.set('Content-Type', setCharset(type, 'utf-8'));
+ }
+ }
+
+ // determine if ETag should be generated
+ var etagFn = app.get('etag fn')
+ var generateETag = !this.get('ETag') && typeof etagFn === 'function'
+
+ // populate Content-Length
+ var len
+ if (chunk !== undefined) {
+ if (Buffer.isBuffer(chunk)) {
+ // get length of Buffer
+ len = chunk.length
+ } else if (!generateETag && chunk.length < 1000) {
+ // just calculate length when no ETag + small chunk
+ len = Buffer.byteLength(chunk, encoding)
+ } else {
+ // convert chunk to Buffer and calculate
+ chunk = Buffer.from(chunk, encoding)
+ encoding = undefined;
+ len = chunk.length
+ }
+
+ this.set('Content-Length', len);
+ }
+
+ // populate ETag
+ var etag;
+ if (generateETag && len !== undefined) {
+ if ((etag = etagFn(chunk, encoding))) {
+ this.set('ETag', etag);
+ }
+ }
+
+ // freshness
+ if (req.fresh) this.statusCode = 304;
+
+ // strip irrelevant headers
+ if (204 === this.statusCode || 304 === this.statusCode) {
+ this.removeHeader('Content-Type');
+ this.removeHeader('Content-Length');
+ this.removeHeader('Transfer-Encoding');
+ chunk = '';
+ }
+
+ // alter headers for 205
+ if (this.statusCode === 205) {
+ this.set('Content-Length', '0')
+ this.removeHeader('Transfer-Encoding')
+ chunk = ''
+ }
+
+ if (req.method === 'HEAD') {
+ // skip body for HEAD
+ this.end();
+ } else {
+ // respond
+ this.end(chunk, encoding);
+ }
+
+ return this;
+};
+
+/**
+ * Send JSON response.
+ *
+ * Examples:
+ *
+ * res.json(null);
+ * res.json({ user: 'tj' });
+ *
+ * @param {string|number|boolean|object} obj
+ * @public
+ */
+
+res.json = function json(obj) {
+ var val = obj;
+
+ // allow status / body
+ if (arguments.length === 2) {
+ // res.json(body, status) backwards compat
+ if (typeof arguments[1] === 'number') {
+ deprecate('res.json(obj, status): Use res.status(status).json(obj) instead');
+ this.statusCode = arguments[1];
+ } else {
+ deprecate('res.json(status, obj): Use res.status(status).json(obj) instead');
+ this.statusCode = arguments[0];
+ val = arguments[1];
+ }
+ }
+
+ // settings
+ var app = this.app;
+ var escape = app.get('json escape')
+ var replacer = app.get('json replacer');
+ var spaces = app.get('json spaces');
+ var body = stringify(val, replacer, spaces, escape)
+
+ // content-type
+ if (!this.get('Content-Type')) {
+ this.set('Content-Type', 'application/json');
+ }
+
+ return this.send(body);
+};
+
+/**
+ * Send JSON response with JSONP callback support.
+ *
+ * Examples:
+ *
+ * res.jsonp(null);
+ * res.jsonp({ user: 'tj' });
+ *
+ * @param {string|number|boolean|object} obj
+ * @public
+ */
+
+res.jsonp = function jsonp(obj) {
+ var val = obj;
+
+ // allow status / body
+ if (arguments.length === 2) {
+ // res.jsonp(body, status) backwards compat
+ if (typeof arguments[1] === 'number') {
+ deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead');
+ this.statusCode = arguments[1];
+ } else {
+ deprecate('res.jsonp(status, obj): Use res.status(status).jsonp(obj) instead');
+ this.statusCode = arguments[0];
+ val = arguments[1];
+ }
+ }
+
+ // settings
+ var app = this.app;
+ var escape = app.get('json escape')
+ var replacer = app.get('json replacer');
+ var spaces = app.get('json spaces');
+ var body = stringify(val, replacer, spaces, escape)
+ var callback = this.req.query[app.get('jsonp callback name')];
+
+ // content-type
+ if (!this.get('Content-Type')) {
+ this.set('X-Content-Type-Options', 'nosniff');
+ this.set('Content-Type', 'application/json');
+ }
+
+ // fixup callback
+ if (Array.isArray(callback)) {
+ callback = callback[0];
+ }
+
+ // jsonp
+ if (typeof callback === 'string' && callback.length !== 0) {
+ this.set('X-Content-Type-Options', 'nosniff');
+ this.set('Content-Type', 'text/javascript');
+
+ // restrict callback charset
+ callback = callback.replace(/[^\[\]\w$.]/g, '');
+
+ if (body === undefined) {
+ // empty argument
+ body = ''
+ } else if (typeof body === 'string') {
+ // replace chars not allowed in JavaScript that are in JSON
+ body = body
+ .replace(/\u2028/g, '\\u2028')
+ .replace(/\u2029/g, '\\u2029')
+ }
+
+ // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
+ // the typeof check is just to reduce client error noise
+ body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');';
+ }
+
+ return this.send(body);
+};
+
+/**
+ * Send given HTTP status code.
+ *
+ * Sets the response status to `statusCode` and the body of the
+ * response to the standard description from node's http.STATUS_CODES
+ * or the statusCode number if no description.
+ *
+ * Examples:
+ *
+ * res.sendStatus(200);
+ *
+ * @param {number} statusCode
+ * @public
+ */
+
+res.sendStatus = function sendStatus(statusCode) {
+ var body = statuses.message[statusCode] || String(statusCode)
+
+ this.statusCode = statusCode;
+ this.type('txt');
+
+ return this.send(body);
+};
+
+/**
+ * Transfer the file at the given `path`.
+ *
+ * Automatically sets the _Content-Type_ response header field.
+ * The callback `callback(err)` is invoked when the transfer is complete
+ * or when an error occurs. Be sure to check `res.headersSent`
+ * if you wish to attempt responding, as the header and some data
+ * may have already been transferred.
+ *
+ * Options:
+ *
+ * - `maxAge` defaulting to 0 (can be string converted by `ms`)
+ * - `root` root directory for relative filenames
+ * - `headers` object of headers to serve with file
+ * - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
+ *
+ * Examples:
+ *
+ * The following example illustrates how `res.sendFile()` may
+ * be used as an alternative for the `static()` middleware for
+ * dynamic situations. The code backing `res.sendFile()` is actually
+ * the same code, so HTTP cache support etc is identical.
+ *
+ * app.get('/user/:uid/photos/:file', function(req, res){
+ * var uid = req.params.uid
+ * , file = req.params.file;
+ *
+ * req.user.mayViewFilesFrom(uid, function(yes){
+ * if (yes) {
+ * res.sendFile('/uploads/' + uid + '/' + file);
+ * } else {
+ * res.send(403, 'Sorry! you cant see that.');
+ * }
+ * });
+ * });
+ *
+ * @public
+ */
+
+res.sendFile = function sendFile(path, options, callback) {
+ var done = callback;
+ var req = this.req;
+ var res = this;
+ var next = req.next;
+ var opts = options || {};
+
+ if (!path) {
+ throw new TypeError('path argument is required to res.sendFile');
+ }
+
+ if (typeof path !== 'string') {
+ throw new TypeError('path must be a string to res.sendFile')
+ }
+
+ // support function as second arg
+ if (typeof options === 'function') {
+ done = options;
+ opts = {};
+ }
+
+ if (!opts.root && !isAbsolute(path)) {
+ throw new TypeError('path must be absolute or specify root to res.sendFile');
+ }
+
+ // create file stream
+ var pathname = encodeURI(path);
+ var file = send(req, pathname, opts);
+
+ // transfer
+ sendfile(res, file, opts, function (err) {
+ if (done) return done(err);
+ if (err && err.code === 'EISDIR') return next();
+
+ // next() all but write errors
+ if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
+ next(err);
+ }
+ });
+};
+
+/**
+ * Transfer the file at the given `path`.
+ *
+ * Automatically sets the _Content-Type_ response header field.
+ * The callback `callback(err)` is invoked when the transfer is complete
+ * or when an error occurs. Be sure to check `res.headersSent`
+ * if you wish to attempt responding, as the header and some data
+ * may have already been transferred.
+ *
+ * Options:
+ *
+ * - `maxAge` defaulting to 0 (can be string converted by `ms`)
+ * - `root` root directory for relative filenames
+ * - `headers` object of headers to serve with file
+ * - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
+ *
+ * Examples:
+ *
+ * The following example illustrates how `res.sendfile()` may
+ * be used as an alternative for the `static()` middleware for
+ * dynamic situations. The code backing `res.sendfile()` is actually
+ * the same code, so HTTP cache support etc is identical.
+ *
+ * app.get('/user/:uid/photos/:file', function(req, res){
+ * var uid = req.params.uid
+ * , file = req.params.file;
+ *
+ * req.user.mayViewFilesFrom(uid, function(yes){
+ * if (yes) {
+ * res.sendfile('/uploads/' + uid + '/' + file);
+ * } else {
+ * res.send(403, 'Sorry! you cant see that.');
+ * }
+ * });
+ * });
+ *
+ * @public
+ */
+
+res.sendfile = function (path, options, callback) {
+ var done = callback;
+ var req = this.req;
+ var res = this;
+ var next = req.next;
+ var opts = options || {};
+
+ // support function as second arg
+ if (typeof options === 'function') {
+ done = options;
+ opts = {};
+ }
+
+ // create file stream
+ var file = send(req, path, opts);
+
+ // transfer
+ sendfile(res, file, opts, function (err) {
+ if (done) return done(err);
+ if (err && err.code === 'EISDIR') return next();
+
+ // next() all but write errors
+ if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
+ next(err);
+ }
+ });
+};
+
+res.sendfile = deprecate.function(res.sendfile,
+ 'res.sendfile: Use res.sendFile instead');
+
+/**
+ * Transfer the file at the given `path` as an attachment.
+ *
+ * Optionally providing an alternate attachment `filename`,
+ * and optional callback `callback(err)`. The callback is invoked
+ * when the data transfer is complete, or when an error has
+ * occurred. Be sure to check `res.headersSent` if you plan to respond.
+ *
+ * Optionally providing an `options` object to use with `res.sendFile()`.
+ * This function will set the `Content-Disposition` header, overriding
+ * any `Content-Disposition` header passed as header options in order
+ * to set the attachment and filename.
+ *
+ * This method uses `res.sendFile()`.
+ *
+ * @public
+ */
+
+res.download = function download (path, filename, options, callback) {
+ var done = callback;
+ var name = filename;
+ var opts = options || null
+
+ // support function as second or third arg
+ if (typeof filename === 'function') {
+ done = filename;
+ name = null;
+ opts = null
+ } else if (typeof options === 'function') {
+ done = options
+ opts = null
+ }
+
+ // support optional filename, where options may be in it's place
+ if (typeof filename === 'object' &&
+ (typeof options === 'function' || options === undefined)) {
+ name = null
+ opts = filename
+ }
+
+ // set Content-Disposition when file is sent
+ var headers = {
+ 'Content-Disposition': contentDisposition(name || path)
+ };
+
+ // merge user-provided headers
+ if (opts && opts.headers) {
+ var keys = Object.keys(opts.headers)
+ for (var i = 0; i < keys.length; i++) {
+ var key = keys[i]
+ if (key.toLowerCase() !== 'content-disposition') {
+ headers[key] = opts.headers[key]
+ }
+ }
+ }
+
+ // merge user-provided options
+ opts = Object.create(opts)
+ opts.headers = headers
+
+ // Resolve the full path for sendFile
+ var fullPath = !opts.root
+ ? resolve(path)
+ : path
+
+ // send file
+ return this.sendFile(fullPath, opts, done)
+};
+
+/**
+ * Set _Content-Type_ response header with `type` through `mime.lookup()`
+ * when it does not contain "/", or set the Content-Type to `type` otherwise.
+ *
+ * Examples:
+ *
+ * res.type('.html');
+ * res.type('html');
+ * res.type('json');
+ * res.type('application/json');
+ * res.type('png');
+ *
+ * @param {String} type
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.contentType =
+res.type = function contentType(type) {
+ var ct = type.indexOf('/') === -1
+ ? mime.lookup(type)
+ : type;
+
+ return this.set('Content-Type', ct);
+};
+
+/**
+ * Respond to the Acceptable formats using an `obj`
+ * of mime-type callbacks.
+ *
+ * This method uses `req.accepted`, an array of
+ * acceptable types ordered by their quality values.
+ * When "Accept" is not present the _first_ callback
+ * is invoked, otherwise the first match is used. When
+ * no match is performed the server responds with
+ * 406 "Not Acceptable".
+ *
+ * Content-Type is set for you, however if you choose
+ * you may alter this within the callback using `res.type()`
+ * or `res.set('Content-Type', ...)`.
+ *
+ * res.format({
+ * 'text/plain': function(){
+ * res.send('hey');
+ * },
+ *
+ * 'text/html': function(){
+ * res.send('<p>hey</p>');
+ * },
+ *
+ * 'application/json': function () {
+ * res.send({ message: 'hey' });
+ * }
+ * });
+ *
+ * In addition to canonicalized MIME types you may
+ * also use extnames mapped to these types:
+ *
+ * res.format({
+ * text: function(){
+ * res.send('hey');
+ * },
+ *
+ * html: function(){
+ * res.send('<p>hey</p>');
+ * },
+ *
+ * json: function(){
+ * res.send({ message: 'hey' });
+ * }
+ * });
+ *
+ * By default Express passes an `Error`
+ * with a `.status` of 406 to `next(err)`
+ * if a match is not made. If you provide
+ * a `.default` callback it will be invoked
+ * instead.
+ *
+ * @param {Object} obj
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.format = function(obj){
+ var req = this.req;
+ var next = req.next;
+
+ var keys = Object.keys(obj)
+ .filter(function (v) { return v !== 'default' })
+
+ var key = keys.length > 0
+ ? req.accepts(keys)
+ : false;
+
+ this.vary("Accept");
+
+ if (key) {
+ this.set('Content-Type', normalizeType(key).value);
+ obj[key](req, this, next);
+ } else if (obj.default) {
+ obj.default(req, this, next)
+ } else {
+ next(createError(406, {
+ types: normalizeTypes(keys).map(function (o) { return o.value })
+ }))
+ }
+
+ return this;
+};
+
+/**
+ * Set _Content-Disposition_ header to _attachment_ with optional `filename`.
+ *
+ * @param {String} filename
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.attachment = function attachment(filename) {
+ if (filename) {
+ this.type(extname(filename));
+ }
+
+ this.set('Content-Disposition', contentDisposition(filename));
+
+ return this;
+};
+
+/**
+ * Append additional header `field` with value `val`.
+ *
+ * Example:
+ *
+ * res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']);
+ * res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly');
+ * res.append('Warning', '199 Miscellaneous warning');
+ *
+ * @param {String} field
+ * @param {String|Array} val
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.append = function append(field, val) {
+ var prev = this.get(field);
+ var value = val;
+
+ if (prev) {
+ // concat the new and prev vals
+ value = Array.isArray(prev) ? prev.concat(val)
+ : Array.isArray(val) ? [prev].concat(val)
+ : [prev, val]
+ }
+
+ return this.set(field, value);
+};
+
+/**
+ * Set header `field` to `val`, or pass
+ * an object of header fields.
+ *
+ * Examples:
+ *
+ * res.set('Foo', ['bar', 'baz']);
+ * res.set('Accept', 'application/json');
+ * res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
+ *
+ * Aliased as `res.header()`.
+ *
+ * @param {String|Object} field
+ * @param {String|Array} val
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.set =
+res.header = function header(field, val) {
+ if (arguments.length === 2) {
+ var value = Array.isArray(val)
+ ? val.map(String)
+ : String(val);
+
+ // add charset to content-type
+ if (field.toLowerCase() === 'content-type') {
+ if (Array.isArray(value)) {
+ throw new TypeError('Content-Type cannot be set to an Array');
+ }
+ if (!charsetRegExp.test(value)) {
+ var charset = mime.charsets.lookup(value.split(';')[0]);
+ if (charset) value += '; charset=' + charset.toLowerCase();
+ }
+ }
+
+ this.setHeader(field, value);
+ } else {
+ for (var key in field) {
+ this.set(key, field[key]);
+ }
+ }
+ return this;
+};
+
+/**
+ * Get value for header `field`.
+ *
+ * @param {String} field
+ * @return {String}
+ * @public
+ */
+
+res.get = function(field){
+ return this.getHeader(field);
+};
+
+/**
+ * Clear cookie `name`.
+ *
+ * @param {String} name
+ * @param {Object} [options]
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.clearCookie = function clearCookie(name, options) {
+ if (options) {
+ if (options.maxAge) {
+ deprecate('res.clearCookie: Passing "options.maxAge" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
+ }
+ if (options.expires) {
+ deprecate('res.clearCookie: Passing "options.expires" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
+ }
+ }
+ var opts = merge({ expires: new Date(1), path: '/' }, options);
+
+ return this.cookie(name, '', opts);
+};
+
+/**
+ * Set cookie `name` to `value`, with the given `options`.
+ *
+ * Options:
+ *
+ * - `maxAge` max-age in milliseconds, converted to `expires`
+ * - `signed` sign the cookie
+ * - `path` defaults to "/"
+ *
+ * Examples:
+ *
+ * // "Remember Me" for 15 minutes
+ * res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });
+ *
+ * // same as above
+ * res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
+ *
+ * @param {String} name
+ * @param {String|Object} value
+ * @param {Object} [options]
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.cookie = function (name, value, options) {
+ var opts = merge({}, options);
+ var secret = this.req.secret;
+ var signed = opts.signed;
+
+ if (signed && !secret) {
+ throw new Error('cookieParser("secret") required for signed cookies');
+ }
+
+ var val = typeof value === 'object'
+ ? 'j:' + JSON.stringify(value)
+ : String(value);
+
+ if (signed) {
+ val = 's:' + sign(val, secret);
+ }
+
+ if (opts.maxAge != null) {
+ var maxAge = opts.maxAge - 0
+
+ if (!isNaN(maxAge)) {
+ opts.expires = new Date(Date.now() + maxAge)
+ opts.maxAge = Math.floor(maxAge / 1000)
+ }
+ }
+
+ if (opts.path == null) {
+ opts.path = '/';
+ }
+
+ this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
+
+ return this;
+};
+
+/**
+ * Set the location header to `url`.
+ *
+ * The given `url` can also be "back", which redirects
+ * to the _Referrer_ or _Referer_ headers or "/".
+ *
+ * Examples:
+ *
+ * res.location('/foo/bar').;
+ * res.location('http://example.com');
+ * res.location('../login');
+ *
+ * @param {String} url
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.location = function location(url) {
+ var loc;
+
+ // "back" is an alias for the referrer
+ if (url === 'back') {
+ deprecate('res.location("back"): use res.location(req.get("Referrer") || "/") and refer to https://dub.sh/security-redirect for best practices');
+ loc = this.req.get('Referrer') || '/';
+ } else {
+ loc = String(url);
+ }
+
+ return this.set('Location', encodeUrl(loc));
+};
+
+/**
+ * Redirect to the given `url` with optional response `status`
+ * defaulting to 302.
+ *
+ * The resulting `url` is determined by `res.location()`, so
+ * it will play nicely with mounted apps, relative paths,
+ * `"back"` etc.
+ *
+ * Examples:
+ *
+ * res.redirect('/foo/bar');
+ * res.redirect('http://example.com');
+ * res.redirect(301, 'http://example.com');
+ * res.redirect('../login'); // /blog/post/1 -> /blog/login
+ *
+ * @public
+ */
+
+res.redirect = function redirect(url) {
+ var address = url;
+ var body;
+ var status = 302;
+
+ // allow status / url
+ if (arguments.length === 2) {
+ if (typeof arguments[0] === 'number') {
+ status = arguments[0];
+ address = arguments[1];
+ } else {
+ deprecate('res.redirect(url, status): Use res.redirect(status, url) instead');
+ status = arguments[1];
+ }
+ }
+
+ // Set location header
+ address = this.location(address).get('Location');
+
+ // Support text/{plain,html} by default
+ this.format({
+ text: function(){
+ body = statuses.message[status] + '. Redirecting to ' + address
+ },
+
+ html: function(){
+ var u = escapeHtml(address);
+ body = '<p>' + statuses.message[status] + '. Redirecting to ' + u + '</p>'
+ },
+
+ default: function(){
+ body = '';
+ }
+ });
+
+ // Respond
+ this.statusCode = status;
+ this.set('Content-Length', Buffer.byteLength(body));
+
+ if (this.req.method === 'HEAD') {
+ this.end();
+ } else {
+ this.end(body);
+ }
+};
+
+/**
+ * Add `field` to Vary. If already present in the Vary set, then
+ * this call is simply ignored.
+ *
+ * @param {Array|String} field
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.vary = function(field){
+ // checks for back-compat
+ if (!field || (Array.isArray(field) && !field.length)) {
+ deprecate('res.vary(): Provide a field name');
+ return this;
+ }
+
+ vary(this, field);
+
+ return this;
+};
+
+/**
+ * Render `view` with the given `options` and optional callback `fn`.
+ * When a callback function is given a response will _not_ be made
+ * automatically, otherwise a response of _200_ and _text/html_ is given.
+ *
+ * Options:
+ *
+ * - `cache` boolean hinting to the engine it should cache
+ * - `filename` filename of the view being rendered
+ *
+ * @public
+ */
+
+res.render = function render(view, options, callback) {
+ var app = this.req.app;
+ var done = callback;
+ var opts = options || {};
+ var req = this.req;
+ var self = this;
+
+ // support callback function as second arg
+ if (typeof options === 'function') {
+ done = options;
+ opts = {};
+ }
+
+ // merge res.locals
+ opts._locals = self.locals;
+
+ // default callback to respond
+ done = done || function (err, str) {
+ if (err) return req.next(err);
+ self.send(str);
+ };
+
+ // render
+ app.render(view, opts, done);
+};
+
+// pipe the send file stream
+function sendfile(res, file, options, callback) {
+ var done = false;
+ var streaming;
+
+ // request aborted
+ function onaborted() {
+ if (done) return;
+ done = true;
+
+ var err = new Error('Request aborted');
+ err.code = 'ECONNABORTED';
+ callback(err);
+ }
+
+ // directory
+ function ondirectory() {
+ if (done) return;
+ done = true;
+
+ var err = new Error('EISDIR, read');
+ err.code = 'EISDIR';
+ callback(err);
+ }
+
+ // errors
+ function onerror(err) {
+ if (done) return;
+ done = true;
+ callback(err);
+ }
+
+ // ended
+ function onend() {
+ if (done) return;
+ done = true;
+ callback();
+ }
+
+ // file
+ function onfile() {
+ streaming = false;
+ }
+
+ // finished
+ function onfinish(err) {
+ if (err && err.code === 'ECONNRESET') return onaborted();
+ if (err) return onerror(err);
+ if (done) return;
+
+ setImmediate(function () {
+ if (streaming !== false && !done) {
+ onaborted();
+ return;
+ }
+
+ if (done) return;
+ done = true;
+ callback();
+ });
+ }
+
+ // streaming
+ function onstream() {
+ streaming = true;
+ }
+
+ file.on('directory', ondirectory);
+ file.on('end', onend);
+ file.on('error', onerror);
+ file.on('file', onfile);
+ file.on('stream', onstream);
+ onFinished(res, onfinish);
+
+ if (options.headers) {
+ // set headers on successful transfer
+ file.on('headers', function headers(res) {
+ var obj = options.headers;
+ var keys = Object.keys(obj);
+
+ for (var i = 0; i < keys.length; i++) {
+ var k = keys[i];
+ res.setHeader(k, obj[k]);
+ }
+ });
+ }
+
+ // pipe
+ file.pipe(res);
+}
+
+/**
+ * Stringify JSON, like JSON.stringify, but v8 optimized, with the
+ * ability to escape characters that can trigger HTML sniffing.
+ *
+ * @param {*} value
+ * @param {function} replacer
+ * @param {number} spaces
+ * @param {boolean} escape
+ * @returns {string}
+ * @private
+ */
+
+function stringify (value, replacer, spaces, escape) {
+ // v8 checks arguments.length for optimizing simple call
+ // https://bugs.chromium.org/p/v8/issues/detail?id=4730
+ var json = replacer || spaces
+ ? JSON.stringify(value, replacer, spaces)
+ : JSON.stringify(value);
+
+ if (escape && typeof json === 'string') {
+ json = json.replace(/[<>&]/g, function (c) {
+ switch (c.charCodeAt(0)) {
+ case 0x3c:
+ return '\\u003c'
+ case 0x3e:
+ return '\\u003e'
+ case 0x26:
+ return '\\u0026'
+ /* istanbul ignore next: unreachable default */
+ default:
+ return c
+ }
+ })
+ }
+
+ return json
+}
diff --git a/node_modules/express/lib/router/index.js b/node_modules/express/lib/router/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..abb3a6f589e834c5e105f2a96907ed2eb6fc0185
--- /dev/null
+++ b/node_modules/express/lib/router/index.js
@@ -0,0 +1,673 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Route = require('./route');
+var Layer = require('./layer');
+var methods = require('methods');
+var mixin = require('utils-merge');
+var debug = require('debug')('express:router');
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var parseUrl = require('parseurl');
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var objectRegExp = /^\[object (\S+)\]$/;
+var slice = Array.prototype.slice;
+var toString = Object.prototype.toString;
+
+/**
+ * Initialize a new `Router` with the given `options`.
+ *
+ * @param {Object} [options]
+ * @return {Router} which is a callable function
+ * @public
+ */
+
+var proto = module.exports = function(options) {
+ var opts = options || {};
+
+ function router(req, res, next) {
+ router.handle(req, res, next);
+ }
+
+ // mixin Router class functions
+ setPrototypeOf(router, proto)
+
+ router.params = {};
+ router._params = [];
+ router.caseSensitive = opts.caseSensitive;
+ router.mergeParams = opts.mergeParams;
+ router.strict = opts.strict;
+ router.stack = [];
+
+ return router;
+};
+
+/**
+ * Map the given param placeholder `name`(s) to the given callback.
+ *
+ * Parameter mapping is used to provide pre-conditions to routes
+ * which use normalized placeholders. For example a _:user_id_ parameter
+ * could automatically load a user's information from the database without
+ * any additional code,
+ *
+ * The callback uses the same signature as middleware, the only difference
+ * being that the value of the placeholder is passed, in this case the _id_
+ * of the user. Once the `next()` function is invoked, just like middleware
+ * it will continue on to execute the route, or subsequent parameter functions.
+ *
+ * Just like in middleware, you must either respond to the request or call next
+ * to avoid stalling the request.
+ *
+ * app.param('user_id', function(req, res, next, id){
+ * User.find(id, function(err, user){
+ * if (err) {
+ * return next(err);
+ * } else if (!user) {
+ * return next(new Error('failed to load user'));
+ * }
+ * req.user = user;
+ * next();
+ * });
+ * });
+ *
+ * @param {String} name
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+proto.param = function param(name, fn) {
+ // param logic
+ if (typeof name === 'function') {
+ deprecate('router.param(fn): Refactor to use path params');
+ this._params.push(name);
+ return;
+ }
+
+ // apply param functions
+ var params = this._params;
+ var len = params.length;
+ var ret;
+
+ if (name[0] === ':') {
+ deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.slice(1)) + ', fn) instead')
+ name = name.slice(1)
+ }
+
+ for (var i = 0; i < len; ++i) {
+ if (ret = params[i](name, fn)) {
+ fn = ret;
+ }
+ }
+
+ // ensure we end up with a
+ // middleware function
+ if ('function' !== typeof fn) {
+ throw new Error('invalid param() call for ' + name + ', got ' + fn);
+ }
+
+ (this.params[name] = this.params[name] || []).push(fn);
+ return this;
+};
+
+/**
+ * Dispatch a req, res into the router.
+ * @private
+ */
+
+proto.handle = function handle(req, res, out) {
+ var self = this;
+
+ debug('dispatching %s %s', req.method, req.url);
+
+ var idx = 0;
+ var protohost = getProtohost(req.url) || ''
+ var removed = '';
+ var slashAdded = false;
+ var sync = 0
+ var paramcalled = {};
+
+ // store options for OPTIONS request
+ // only used if OPTIONS request
+ var options = [];
+
+ // middleware and routes
+ var stack = self.stack;
+
+ // manage inter-router variables
+ var parentParams = req.params;
+ var parentUrl = req.baseUrl || '';
+ var done = restore(out, req, 'baseUrl', 'next', 'params');
+
+ // setup next layer
+ req.next = next;
+
+ // for options requests, respond with a default if nothing else responds
+ if (req.method === 'OPTIONS') {
+ done = wrap(done, function(old, err) {
+ if (err || options.length === 0) return old(err);
+ sendOptionsResponse(res, options, old);
+ });
+ }
+
+ // setup basic req values
+ req.baseUrl = parentUrl;
+ req.originalUrl = req.originalUrl || req.url;
+
+ next();
+
+ function next(err) {
+ var layerError = err === 'route'
+ ? null
+ : err;
+
+ // remove added slash
+ if (slashAdded) {
+ req.url = req.url.slice(1)
+ slashAdded = false;
+ }
+
+ // restore altered req.url
+ if (removed.length !== 0) {
+ req.baseUrl = parentUrl;
+ req.url = protohost + removed + req.url.slice(protohost.length)
+ removed = '';
+ }
+
+ // signal to exit router
+ if (layerError === 'router') {
+ setImmediate(done, null)
+ return
+ }
+
+ // no more matching layers
+ if (idx >= stack.length) {
+ setImmediate(done, layerError);
+ return;
+ }
+
+ // max sync stack
+ if (++sync > 100) {
+ return setImmediate(next, err)
+ }
+
+ // get pathname of request
+ var path = getPathname(req);
+
+ if (path == null) {
+ return done(layerError);
+ }
+
+ // find next matching layer
+ var layer;
+ var match;
+ var route;
+
+ while (match !== true && idx < stack.length) {
+ layer = stack[idx++];
+ match = matchLayer(layer, path);
+ route = layer.route;
+
+ if (typeof match !== 'boolean') {
+ // hold on to layerError
+ layerError = layerError || match;
+ }
+
+ if (match !== true) {
+ continue;
+ }
+
+ if (!route) {
+ // process non-route handlers normally
+ continue;
+ }
+
+ if (layerError) {
+ // routes do not match with a pending error
+ match = false;
+ continue;
+ }
+
+ var method = req.method;
+ var has_method = route._handles_method(method);
+
+ // build up automatic options response
+ if (!has_method && method === 'OPTIONS') {
+ appendMethods(options, route._options());
+ }
+
+ // don't even bother matching route
+ if (!has_method && method !== 'HEAD') {
+ match = false;
+ }
+ }
+
+ // no match
+ if (match !== true) {
+ return done(layerError);
+ }
+
+ // store route for dispatch on change
+ if (route) {
+ req.route = route;
+ }
+
+ // Capture one-time layer values
+ req.params = self.mergeParams
+ ? mergeParams(layer.params, parentParams)
+ : layer.params;
+ var layerPath = layer.path;
+
+ // this should be done for the layer
+ self.process_params(layer, paramcalled, req, res, function (err) {
+ if (err) {
+ next(layerError || err)
+ } else if (route) {
+ layer.handle_request(req, res, next)
+ } else {
+ trim_prefix(layer, layerError, layerPath, path)
+ }
+
+ sync = 0
+ });
+ }
+
+ function trim_prefix(layer, layerError, layerPath, path) {
+ if (layerPath.length !== 0) {
+ // Validate path is a prefix match
+ if (layerPath !== path.slice(0, layerPath.length)) {
+ next(layerError)
+ return
+ }
+
+ // Validate path breaks on a path separator
+ var c = path[layerPath.length]
+ if (c && c !== '/' && c !== '.') return next(layerError)
+
+ // Trim off the part of the url that matches the route
+ // middleware (.use stuff) needs to have the path stripped
+ debug('trim prefix (%s) from url %s', layerPath, req.url);
+ removed = layerPath;
+ req.url = protohost + req.url.slice(protohost.length + removed.length)
+
+ // Ensure leading slash
+ if (!protohost && req.url[0] !== '/') {
+ req.url = '/' + req.url;
+ slashAdded = true;
+ }
+
+ // Setup base URL (no trailing slash)
+ req.baseUrl = parentUrl + (removed[removed.length - 1] === '/'
+ ? removed.substring(0, removed.length - 1)
+ : removed);
+ }
+
+ debug('%s %s : %s', layer.name, layerPath, req.originalUrl);
+
+ if (layerError) {
+ layer.handle_error(layerError, req, res, next);
+ } else {
+ layer.handle_request(req, res, next);
+ }
+ }
+};
+
+/**
+ * Process any parameters for the layer.
+ * @private
+ */
+
+proto.process_params = function process_params(layer, called, req, res, done) {
+ var params = this.params;
+
+ // captured parameters from the layer, keys and values
+ var keys = layer.keys;
+
+ // fast track
+ if (!keys || keys.length === 0) {
+ return done();
+ }
+
+ var i = 0;
+ var name;
+ var paramIndex = 0;
+ var key;
+ var paramVal;
+ var paramCallbacks;
+ var paramCalled;
+
+ // process params in order
+ // param callbacks can be async
+ function param(err) {
+ if (err) {
+ return done(err);
+ }
+
+ if (i >= keys.length ) {
+ return done();
+ }
+
+ paramIndex = 0;
+ key = keys[i++];
+ name = key.name;
+ paramVal = req.params[name];
+ paramCallbacks = params[name];
+ paramCalled = called[name];
+
+ if (paramVal === undefined || !paramCallbacks) {
+ return param();
+ }
+
+ // param previously called with same value or error occurred
+ if (paramCalled && (paramCalled.match === paramVal
+ || (paramCalled.error && paramCalled.error !== 'route'))) {
+ // restore value
+ req.params[name] = paramCalled.value;
+
+ // next param
+ return param(paramCalled.error);
+ }
+
+ called[name] = paramCalled = {
+ error: null,
+ match: paramVal,
+ value: paramVal
+ };
+
+ paramCallback();
+ }
+
+ // single param callbacks
+ function paramCallback(err) {
+ var fn = paramCallbacks[paramIndex++];
+
+ // store updated value
+ paramCalled.value = req.params[key.name];
+
+ if (err) {
+ // store error
+ paramCalled.error = err;
+ param(err);
+ return;
+ }
+
+ if (!fn) return param();
+
+ try {
+ fn(req, res, paramCallback, paramVal, key.name);
+ } catch (e) {
+ paramCallback(e);
+ }
+ }
+
+ param();
+};
+
+/**
+ * Use the given middleware function, with optional path, defaulting to "/".
+ *
+ * Use (like `.all`) will run for any http METHOD, but it will not add
+ * handlers for those methods so OPTIONS requests will not consider `.use`
+ * functions even if they could respond.
+ *
+ * The other difference is that _route_ path is stripped and not visible
+ * to the handler function. The main effect of this feature is that mounted
+ * handlers can operate without any code changes regardless of the "prefix"
+ * pathname.
+ *
+ * @public
+ */
+
+proto.use = function use(fn) {
+ var offset = 0;
+ var path = '/';
+
+ // default path to '/'
+ // disambiguate router.use([fn])
+ if (typeof fn !== 'function') {
+ var arg = fn;
+
+ while (Array.isArray(arg) && arg.length !== 0) {
+ arg = arg[0];
+ }
+
+ // first arg is the path
+ if (typeof arg !== 'function') {
+ offset = 1;
+ path = fn;
+ }
+ }
+
+ var callbacks = flatten(slice.call(arguments, offset));
+
+ if (callbacks.length === 0) {
+ throw new TypeError('Router.use() requires a middleware function')
+ }
+
+ for (var i = 0; i < callbacks.length; i++) {
+ var fn = callbacks[i];
+
+ if (typeof fn !== 'function') {
+ throw new TypeError('Router.use() requires a middleware function but got a ' + gettype(fn))
+ }
+
+ // add the middleware
+ debug('use %o %s', path, fn.name || '<anonymous>')
+
+ var layer = new Layer(path, {
+ sensitive: this.caseSensitive,
+ strict: false,
+ end: false
+ }, fn);
+
+ layer.route = undefined;
+
+ this.stack.push(layer);
+ }
+
+ return this;
+};
+
+/**
+ * Create a new Route for the given path.
+ *
+ * Each route contains a separate middleware stack and VERB handlers.
+ *
+ * See the Route api documentation for details on adding handlers
+ * and middleware to routes.
+ *
+ * @param {String} path
+ * @return {Route}
+ * @public
+ */
+
+proto.route = function route(path) {
+ var route = new Route(path);
+
+ var layer = new Layer(path, {
+ sensitive: this.caseSensitive,
+ strict: this.strict,
+ end: true
+ }, route.dispatch.bind(route));
+
+ layer.route = route;
+
+ this.stack.push(layer);
+ return route;
+};
+
+// create Router#VERB functions
+methods.concat('all').forEach(function(method){
+ proto[method] = function(path){
+ var route = this.route(path)
+ route[method].apply(route, slice.call(arguments, 1));
+ return this;
+ };
+});
+
+// append methods to a list of methods
+function appendMethods(list, addition) {
+ for (var i = 0; i < addition.length; i++) {
+ var method = addition[i];
+ if (list.indexOf(method) === -1) {
+ list.push(method);
+ }
+ }
+}
+
+// get pathname of request
+function getPathname(req) {
+ try {
+ return parseUrl(req).pathname;
+ } catch (err) {
+ return undefined;
+ }
+}
+
+// Get get protocol + host for a URL
+function getProtohost(url) {
+ if (typeof url !== 'string' || url.length === 0 || url[0] === '/') {
+ return undefined
+ }
+
+ var searchIndex = url.indexOf('?')
+ var pathLength = searchIndex !== -1
+ ? searchIndex
+ : url.length
+ var fqdnIndex = url.slice(0, pathLength).indexOf('://')
+
+ return fqdnIndex !== -1
+ ? url.substring(0, url.indexOf('/', 3 + fqdnIndex))
+ : undefined
+}
+
+// get type for error message
+function gettype(obj) {
+ var type = typeof obj;
+
+ if (type !== 'object') {
+ return type;
+ }
+
+ // inspect [[Class]] for objects
+ return toString.call(obj)
+ .replace(objectRegExp, '$1');
+}
+
+/**
+ * Match path to a layer.
+ *
+ * @param {Layer} layer
+ * @param {string} path
+ * @private
+ */
+
+function matchLayer(layer, path) {
+ try {
+ return layer.match(path);
+ } catch (err) {
+ return err;
+ }
+}
+
+// merge params with parent params
+function mergeParams(params, parent) {
+ if (typeof parent !== 'object' || !parent) {
+ return params;
+ }
+
+ // make copy of parent for base
+ var obj = mixin({}, parent);
+
+ // simple non-numeric merging
+ if (!(0 in params) || !(0 in parent)) {
+ return mixin(obj, params);
+ }
+
+ var i = 0;
+ var o = 0;
+
+ // determine numeric gaps
+ while (i in params) {
+ i++;
+ }
+
+ while (o in parent) {
+ o++;
+ }
+
+ // offset numeric indices in params before merge
+ for (i--; i >= 0; i--) {
+ params[i + o] = params[i];
+
+ // create holes for the merge when necessary
+ if (i < o) {
+ delete params[i];
+ }
+ }
+
+ return mixin(obj, params);
+}
+
+// restore obj props after function
+function restore(fn, obj) {
+ var props = new Array(arguments.length - 2);
+ var vals = new Array(arguments.length - 2);
+
+ for (var i = 0; i < props.length; i++) {
+ props[i] = arguments[i + 2];
+ vals[i] = obj[props[i]];
+ }
+
+ return function () {
+ // restore vals
+ for (var i = 0; i < props.length; i++) {
+ obj[props[i]] = vals[i];
+ }
+
+ return fn.apply(this, arguments);
+ };
+}
+
+// send an OPTIONS response
+function sendOptionsResponse(res, options, next) {
+ try {
+ var body = options.join(',');
+ res.set('Allow', body);
+ res.send(body);
+ } catch (err) {
+ next(err);
+ }
+}
+
+// wrap a function
+function wrap(old, fn) {
+ return function proxy() {
+ var args = new Array(arguments.length + 1);
+
+ args[0] = old;
+ for (var i = 0, len = arguments.length; i < len; i++) {
+ args[i + 1] = arguments[i];
+ }
+
+ fn.apply(this, args);
+ };
+}
diff --git a/node_modules/express/lib/router/layer.js b/node_modules/express/lib/router/layer.js
new file mode 100644
index 0000000000000000000000000000000000000000..4dc8e86d4f7fac6a5849ec236359e2300b4e3654
--- /dev/null
+++ b/node_modules/express/lib/router/layer.js
@@ -0,0 +1,181 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var pathRegexp = require('path-to-regexp');
+var debug = require('debug')('express:router:layer');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Layer;
+
+function Layer(path, options, fn) {
+ if (!(this instanceof Layer)) {
+ return new Layer(path, options, fn);
+ }
+
+ debug('new %o', path)
+ var opts = options || {};
+
+ this.handle = fn;
+ this.name = fn.name || '<anonymous>';
+ this.params = undefined;
+ this.path = undefined;
+ this.regexp = pathRegexp(path, this.keys = [], opts);
+
+ // set fast path flags
+ this.regexp.fast_star = path === '*'
+ this.regexp.fast_slash = path === '/' && opts.end === false
+}
+
+/**
+ * Handle the error for the layer.
+ *
+ * @param {Error} error
+ * @param {Request} req
+ * @param {Response} res
+ * @param {function} next
+ * @api private
+ */
+
+Layer.prototype.handle_error = function handle_error(error, req, res, next) {
+ var fn = this.handle;
+
+ if (fn.length !== 4) {
+ // not a standard error handler
+ return next(error);
+ }
+
+ try {
+ fn(error, req, res, next);
+ } catch (err) {
+ next(err);
+ }
+};
+
+/**
+ * Handle the request for the layer.
+ *
+ * @param {Request} req
+ * @param {Response} res
+ * @param {function} next
+ * @api private
+ */
+
+Layer.prototype.handle_request = function handle(req, res, next) {
+ var fn = this.handle;
+
+ if (fn.length > 3) {
+ // not a standard request handler
+ return next();
+ }
+
+ try {
+ fn(req, res, next);
+ } catch (err) {
+ next(err);
+ }
+};
+
+/**
+ * Check if this route matches `path`, if so
+ * populate `.params`.
+ *
+ * @param {String} path
+ * @return {Boolean}
+ * @api private
+ */
+
+Layer.prototype.match = function match(path) {
+ var match
+
+ if (path != null) {
+ // fast path non-ending match for / (any path matches)
+ if (this.regexp.fast_slash) {
+ this.params = {}
+ this.path = ''
+ return true
+ }
+
+ // fast path for * (everything matched in a param)
+ if (this.regexp.fast_star) {
+ this.params = {'0': decode_param(path)}
+ this.path = path
+ return true
+ }
+
+ // match the path
+ match = this.regexp.exec(path)
+ }
+
+ if (!match) {
+ this.params = undefined;
+ this.path = undefined;
+ return false;
+ }
+
+ // store values
+ this.params = {};
+ this.path = match[0]
+
+ var keys = this.keys;
+ var params = this.params;
+
+ for (var i = 1; i < match.length; i++) {
+ var key = keys[i - 1];
+ var prop = key.name;
+ var val = decode_param(match[i])
+
+ if (val !== undefined || !(hasOwnProperty.call(params, prop))) {
+ params[prop] = val;
+ }
+ }
+
+ return true;
+};
+
+/**
+ * Decode param value.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function decode_param(val) {
+ if (typeof val !== 'string' || val.length === 0) {
+ return val;
+ }
+
+ try {
+ return decodeURIComponent(val);
+ } catch (err) {
+ if (err instanceof URIError) {
+ err.message = 'Failed to decode param \'' + val + '\'';
+ err.status = err.statusCode = 400;
+ }
+
+ throw err;
+ }
+}
diff --git a/node_modules/express/lib/router/route.js b/node_modules/express/lib/router/route.js
new file mode 100644
index 0000000000000000000000000000000000000000..a65756d6de6f34ae4b2f799cc33a07d589a2e464
--- /dev/null
+++ b/node_modules/express/lib/router/route.js
@@ -0,0 +1,230 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('express:router:route');
+var flatten = require('array-flatten');
+var Layer = require('./layer');
+var methods = require('methods');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var slice = Array.prototype.slice;
+var toString = Object.prototype.toString;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Route;
+
+/**
+ * Initialize `Route` with the given `path`,
+ *
+ * @param {String} path
+ * @public
+ */
+
+function Route(path) {
+ this.path = path;
+ this.stack = [];
+
+ debug('new %o', path)
+
+ // route handlers for various http methods
+ this.methods = {};
+}
+
+/**
+ * Determine if the route handles a given method.
+ * @private
+ */
+
+Route.prototype._handles_method = function _handles_method(method) {
+ if (this.methods._all) {
+ return true;
+ }
+
+ // normalize name
+ var name = typeof method === 'string'
+ ? method.toLowerCase()
+ : method
+
+ if (name === 'head' && !this.methods['head']) {
+ name = 'get';
+ }
+
+ return Boolean(this.methods[name]);
+};
+
+/**
+ * @return {Array} supported HTTP methods
+ * @private
+ */
+
+Route.prototype._options = function _options() {
+ var methods = Object.keys(this.methods);
+
+ // append automatic head
+ if (this.methods.get && !this.methods.head) {
+ methods.push('head');
+ }
+
+ for (var i = 0; i < methods.length; i++) {
+ // make upper case
+ methods[i] = methods[i].toUpperCase();
+ }
+
+ return methods;
+};
+
+/**
+ * dispatch req, res into this route
+ * @private
+ */
+
+Route.prototype.dispatch = function dispatch(req, res, done) {
+ var idx = 0;
+ var stack = this.stack;
+ var sync = 0
+
+ if (stack.length === 0) {
+ return done();
+ }
+ var method = typeof req.method === 'string'
+ ? req.method.toLowerCase()
+ : req.method
+
+ if (method === 'head' && !this.methods['head']) {
+ method = 'get';
+ }
+
+ req.route = this;
+
+ next();
+
+ function next(err) {
+ // signal to exit route
+ if (err && err === 'route') {
+ return done();
+ }
+
+ // signal to exit router
+ if (err && err === 'router') {
+ return done(err)
+ }
+
+ // max sync stack
+ if (++sync > 100) {
+ return setImmediate(next, err)
+ }
+
+ var layer = stack[idx++]
+
+ // end of layers
+ if (!layer) {
+ return done(err)
+ }
+
+ if (layer.method && layer.method !== method) {
+ next(err)
+ } else if (err) {
+ layer.handle_error(err, req, res, next);
+ } else {
+ layer.handle_request(req, res, next);
+ }
+
+ sync = 0
+ }
+};
+
+/**
+ * Add a handler for all HTTP verbs to this route.
+ *
+ * Behaves just like middleware and can respond or call `next`
+ * to continue processing.
+ *
+ * You can use multiple `.all` call to add multiple handlers.
+ *
+ * function check_something(req, res, next){
+ * next();
+ * };
+ *
+ * function validate_user(req, res, next){
+ * next();
+ * };
+ *
+ * route
+ * .all(validate_user)
+ * .all(check_something)
+ * .get(function(req, res, next){
+ * res.send('hello world');
+ * });
+ *
+ * @param {function} handler
+ * @return {Route} for chaining
+ * @api public
+ */
+
+Route.prototype.all = function all() {
+ var handles = flatten(slice.call(arguments));
+
+ for (var i = 0; i < handles.length; i++) {
+ var handle = handles[i];
+
+ if (typeof handle !== 'function') {
+ var type = toString.call(handle);
+ var msg = 'Route.all() requires a callback function but got a ' + type
+ throw new TypeError(msg);
+ }
+
+ var layer = Layer('/', {}, handle);
+ layer.method = undefined;
+
+ this.methods._all = true;
+ this.stack.push(layer);
+ }
+
+ return this;
+};
+
+methods.forEach(function(method){
+ Route.prototype[method] = function(){
+ var handles = flatten(slice.call(arguments));
+
+ for (var i = 0; i < handles.length; i++) {
+ var handle = handles[i];
+
+ if (typeof handle !== 'function') {
+ var type = toString.call(handle);
+ var msg = 'Route.' + method + '() requires a callback function but got a ' + type
+ throw new Error(msg);
+ }
+
+ debug('%s %o', method, this.path)
+
+ var layer = Layer('/', {}, handle);
+ layer.method = method;
+
+ this.methods[method] = true;
+ this.stack.push(layer);
+ }
+
+ return this;
+ };
+});
diff --git a/node_modules/express/lib/utils.js b/node_modules/express/lib/utils.js
new file mode 100644
index 0000000000000000000000000000000000000000..56e12b9b54197602ebec2cf277c277e398c33643
--- /dev/null
+++ b/node_modules/express/lib/utils.js
@@ -0,0 +1,303 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @api private
+ */
+
+var Buffer = require('safe-buffer').Buffer
+var contentDisposition = require('content-disposition');
+var contentType = require('content-type');
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var mime = require('send').mime;
+var etag = require('etag');
+var proxyaddr = require('proxy-addr');
+var qs = require('qs');
+var querystring = require('querystring');
+
+/**
+ * Return strong ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.etag = createETagGenerator({ weak: false })
+
+/**
+ * Return weak ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.wetag = createETagGenerator({ weak: true })
+
+/**
+ * Check if `path` looks absolute.
+ *
+ * @param {String} path
+ * @return {Boolean}
+ * @api private
+ */
+
+exports.isAbsolute = function(path){
+ if ('/' === path[0]) return true;
+ if (':' === path[1] && ('\\' === path[2] || '/' === path[2])) return true; // Windows device path
+ if ('\\\\' === path.substring(0, 2)) return true; // Microsoft Azure absolute path
+};
+
+/**
+ * Flatten the given `arr`.
+ *
+ * @param {Array} arr
+ * @return {Array}
+ * @api private
+ */
+
+exports.flatten = deprecate.function(flatten,
+ 'utils.flatten: use array-flatten npm module instead');
+
+/**
+ * Normalize the given `type`, for example "html" becomes "text/html".
+ *
+ * @param {String} type
+ * @return {Object}
+ * @api private
+ */
+
+exports.normalizeType = function(type){
+ return ~type.indexOf('/')
+ ? acceptParams(type)
+ : { value: mime.lookup(type), params: {} };
+};
+
+/**
+ * Normalize `types`, for example "html" becomes "text/html".
+ *
+ * @param {Array} types
+ * @return {Array}
+ * @api private
+ */
+
+exports.normalizeTypes = function(types){
+ var ret = [];
+
+ for (var i = 0; i < types.length; ++i) {
+ ret.push(exports.normalizeType(types[i]));
+ }
+
+ return ret;
+};
+
+/**
+ * Generate Content-Disposition header appropriate for the filename.
+ * non-ascii filenames are urlencoded and a filename* parameter is added
+ *
+ * @param {String} filename
+ * @return {String}
+ * @api private
+ */
+
+exports.contentDisposition = deprecate.function(contentDisposition,
+ 'utils.contentDisposition: use content-disposition npm module instead');
+
+/**
+ * Parse accept params `str` returning an
+ * object with `.value`, `.quality` and `.params`.
+ *
+ * @param {String} str
+ * @return {Object}
+ * @api private
+ */
+
+function acceptParams (str) {
+ var parts = str.split(/ *; */);
+ var ret = { value: parts[0], quality: 1, params: {} }
+
+ for (var i = 1; i < parts.length; ++i) {
+ var pms = parts[i].split(/ *= */);
+ if ('q' === pms[0]) {
+ ret.quality = parseFloat(pms[1]);
+ } else {
+ ret.params[pms[0]] = pms[1];
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * Compile "etag" value to function.
+ *
+ * @param {Boolean|String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileETag = function(val) {
+ var fn;
+
+ if (typeof val === 'function') {
+ return val;
+ }
+
+ switch (val) {
+ case true:
+ case 'weak':
+ fn = exports.wetag;
+ break;
+ case false:
+ break;
+ case 'strong':
+ fn = exports.etag;
+ break;
+ default:
+ throw new TypeError('unknown value for etag function: ' + val);
+ }
+
+ return fn;
+}
+
+/**
+ * Compile "query parser" value to function.
+ *
+ * @param {String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileQueryParser = function compileQueryParser(val) {
+ var fn;
+
+ if (typeof val === 'function') {
+ return val;
+ }
+
+ switch (val) {
+ case true:
+ case 'simple':
+ fn = querystring.parse;
+ break;
+ case false:
+ fn = newObject;
+ break;
+ case 'extended':
+ fn = parseExtendedQueryString;
+ break;
+ default:
+ throw new TypeError('unknown value for query parser function: ' + val);
+ }
+
+ return fn;
+}
+
+/**
+ * Compile "proxy trust" value to function.
+ *
+ * @param {Boolean|String|Number|Array|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileTrust = function(val) {
+ if (typeof val === 'function') return val;
+
+ if (val === true) {
+ // Support plain true/false
+ return function(){ return true };
+ }
+
+ if (typeof val === 'number') {
+ // Support trusting hop count
+ return function(a, i){ return i < val };
+ }
+
+ if (typeof val === 'string') {
+ // Support comma-separated values
+ val = val.split(',')
+ .map(function (v) { return v.trim() })
+ }
+
+ return proxyaddr.compile(val || []);
+}
+
+/**
+ * Set the charset in a given Content-Type string.
+ *
+ * @param {String} type
+ * @param {String} charset
+ * @return {String}
+ * @api private
+ */
+
+exports.setCharset = function setCharset(type, charset) {
+ if (!type || !charset) {
+ return type;
+ }
+
+ // parse type
+ var parsed = contentType.parse(type);
+
+ // set charset
+ parsed.parameters.charset = charset;
+
+ // format type
+ return contentType.format(parsed);
+};
+
+/**
+ * Create an ETag generator function, generating ETags with
+ * the given options.
+ *
+ * @param {object} options
+ * @return {function}
+ * @private
+ */
+
+function createETagGenerator (options) {
+ return function generateETag (body, encoding) {
+ var buf = !Buffer.isBuffer(body)
+ ? Buffer.from(body, encoding)
+ : body
+
+ return etag(buf, options)
+ }
+}
+
+/**
+ * Parse an extended query string with qs.
+ *
+ * @param {String} str
+ * @return {Object}
+ * @private
+ */
+
+function parseExtendedQueryString(str) {
+ return qs.parse(str, {
+ allowPrototypes: true
+ });
+}
+
+/**
+ * Return new empty object.
+ *
+ * @return {Object}
+ * @api private
+ */
+
+function newObject() {
+ return {};
+}
diff --git a/node_modules/express/lib/view.js b/node_modules/express/lib/view.js
new file mode 100644
index 0000000000000000000000000000000000000000..c08ab4d8d521cc18cbb89c3a705d8f137d12d056
--- /dev/null
+++ b/node_modules/express/lib/view.js
@@ -0,0 +1,182 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('express:view');
+var path = require('path');
+var fs = require('fs');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var dirname = path.dirname;
+var basename = path.basename;
+var extname = path.extname;
+var join = path.join;
+var resolve = path.resolve;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = View;
+
+/**
+ * Initialize a new `View` with the given `name`.
+ *
+ * Options:
+ *
+ * - `defaultEngine` the default template engine name
+ * - `engines` template engine require() cache
+ * - `root` root path for view lookup
+ *
+ * @param {string} name
+ * @param {object} options
+ * @public
+ */
+
+function View(name, options) {
+ var opts = options || {};
+
+ this.defaultEngine = opts.defaultEngine;
+ this.ext = extname(name);
+ this.name = name;
+ this.root = opts.root;
+
+ if (!this.ext && !this.defaultEngine) {
+ throw new Error('No default engine was specified and no extension was provided.');
+ }
+
+ var fileName = name;
+
+ if (!this.ext) {
+ // get extension from default engine name
+ this.ext = this.defaultEngine[0] !== '.'
+ ? '.' + this.defaultEngine
+ : this.defaultEngine;
+
+ fileName += this.ext;
+ }
+
+ if (!opts.engines[this.ext]) {
+ // load engine
+ var mod = this.ext.slice(1)
+ debug('require "%s"', mod)
+
+ // default engine export
+ var fn = require(mod).__express
+
+ if (typeof fn !== 'function') {
+ throw new Error('Module "' + mod + '" does not provide a view engine.')
+ }
+
+ opts.engines[this.ext] = fn
+ }
+
+ // store loaded engine
+ this.engine = opts.engines[this.ext];
+
+ // lookup path
+ this.path = this.lookup(fileName);
+}
+
+/**
+ * Lookup view by the given `name`
+ *
+ * @param {string} name
+ * @private
+ */
+
+View.prototype.lookup = function lookup(name) {
+ var path;
+ var roots = [].concat(this.root);
+
+ debug('lookup "%s"', name);
+
+ for (var i = 0; i < roots.length && !path; i++) {
+ var root = roots[i];
+
+ // resolve the path
+ var loc = resolve(root, name);
+ var dir = dirname(loc);
+ var file = basename(loc);
+
+ // resolve the file
+ path = this.resolve(dir, file);
+ }
+
+ return path;
+};
+
+/**
+ * Render with the given options.
+ *
+ * @param {object} options
+ * @param {function} callback
+ * @private
+ */
+
+View.prototype.render = function render(options, callback) {
+ debug('render "%s"', this.path);
+ this.engine(this.path, options, callback);
+};
+
+/**
+ * Resolve the file within the given directory.
+ *
+ * @param {string} dir
+ * @param {string} file
+ * @private
+ */
+
+View.prototype.resolve = function resolve(dir, file) {
+ var ext = this.ext;
+
+ // <path>.<ext>
+ var path = join(dir, file);
+ var stat = tryStat(path);
+
+ if (stat && stat.isFile()) {
+ return path;
+ }
+
+ // <path>/index.<ext>
+ path = join(dir, basename(file, ext), 'index' + ext);
+ stat = tryStat(path);
+
+ if (stat && stat.isFile()) {
+ return path;
+ }
+};
+
+/**
+ * Return a stat, maybe.
+ *
+ * @param {string} path
+ * @return {fs.Stats}
+ * @private
+ */
+
+function tryStat(path) {
+ debug('stat "%s"', path);
+
+ try {
+ return fs.statSync(path);
+ } catch (e) {
+ return undefined;
+ }
+}
diff --git a/node_modules/express/node_modules/cookie-signature/.npmignore b/node_modules/express/node_modules/cookie-signature/.npmignore
new file mode 100644
index 0000000000000000000000000000000000000000..f1250e584c94b80208b61cf7cae29db8e486a5c7
--- /dev/null
+++ b/node_modules/express/node_modules/cookie-signature/.npmignore
@@ -0,0 +1,4 @@
+support
+test
+examples
+*.sock
diff --git a/node_modules/express/node_modules/cookie-signature/History.md b/node_modules/express/node_modules/cookie-signature/History.md
new file mode 100644
index 0000000000000000000000000000000000000000..78513cc3d28ce3516c93b4d425f83df247486ae5
--- /dev/null
+++ b/node_modules/express/node_modules/cookie-signature/History.md
@@ -0,0 +1,38 @@
+1.0.6 / 2015-02-03
+==================
+
+* use `npm test` instead of `make test` to run tests
+* clearer assertion messages when checking input
+
+
+1.0.5 / 2014-09-05
+==================
+
+* add license to package.json
+
+1.0.4 / 2014-06-25
+==================
+
+ * corrected avoidance of timing attacks (thanks @tenbits!)
+
+1.0.3 / 2014-01-28
+==================
+
+ * [incorrect] fix for timing attacks
+
+1.0.2 / 2014-01-28
+==================
+
+ * fix missing repository warning
+ * fix typo in test
+
+1.0.1 / 2013-04-15
+==================
+
+ * Revert "Changed underlying HMAC algo. to sha512."
+ * Revert "Fix for timing attacks on MAC verification."
+
+0.0.1 / 2010-01-03
+==================
+
+ * Initial release
diff --git a/node_modules/express/node_modules/cookie-signature/Readme.md b/node_modules/express/node_modules/cookie-signature/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..2559e841b02edfdc128176bfbdc0b938209a99ea
--- /dev/null
+++ b/node_modules/express/node_modules/cookie-signature/Readme.md
@@ -0,0 +1,42 @@
+
+# cookie-signature
+
+ Sign and unsign cookies.
+
+## Example
+
+```js
+var cookie = require('cookie-signature');
+
+var val = cookie.sign('hello', 'tobiiscool');
+val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
+
+var val = cookie.sign('hello', 'tobiiscool');
+cookie.unsign(val, 'tobiiscool').should.equal('hello');
+cookie.unsign(val, 'luna').should.be.false;
+```
+
+## License
+
+(The MIT License)
+
+Copyright (c) 2012 LearnBoost <tj@learnboost.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/node_modules/express/node_modules/cookie-signature/index.js b/node_modules/express/node_modules/cookie-signature/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..b8c9463a238b7ec090ff9090234e3f34322a36df
--- /dev/null
+++ b/node_modules/express/node_modules/cookie-signature/index.js
@@ -0,0 +1,51 @@
+/**
+ * Module dependencies.
+ */
+
+var crypto = require('crypto');
+
+/**
+ * Sign the given `val` with `secret`.
+ *
+ * @param {String} val
+ * @param {String} secret
+ * @return {String}
+ * @api private
+ */
+
+exports.sign = function(val, secret){
+ if ('string' != typeof val) throw new TypeError("Cookie value must be provided as a string.");
+ if ('string' != typeof secret) throw new TypeError("Secret string must be provided.");
+ return val + '.' + crypto
+ .createHmac('sha256', secret)
+ .update(val)
+ .digest('base64')
+ .replace(/\=+$/, '');
+};
+
+/**
+ * Unsign and decode the given `val` with `secret`,
+ * returning `false` if the signature is invalid.
+ *
+ * @param {String} val
+ * @param {String} secret
+ * @return {String|Boolean}
+ * @api private
+ */
+
+exports.unsign = function(val, secret){
+ if ('string' != typeof val) throw new TypeError("Signed cookie string must be provided.");
+ if ('string' != typeof secret) throw new TypeError("Secret string must be provided.");
+ var str = val.slice(0, val.lastIndexOf('.'))
+ , mac = exports.sign(str, secret);
+
+ return sha1(mac) == sha1(val) ? str : false;
+};
+
+/**
+ * Private
+ */
+
+function sha1(str){
+ return crypto.createHash('sha1').update(str).digest('hex');
+}
diff --git a/node_modules/express/node_modules/cookie-signature/package.json b/node_modules/express/node_modules/cookie-signature/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..29c4498e07ab1ae43692d7a27f959771a459815c
--- /dev/null
+++ b/node_modules/express/node_modules/cookie-signature/package.json
@@ -0,0 +1,18 @@
+{
+ "name": "cookie-signature",
+ "version": "1.0.6",
+ "description": "Sign and unsign cookies",
+ "keywords": ["cookie", "sign", "unsign"],
+ "author": "TJ Holowaychuk <tj@learnboost.com>",
+ "license": "MIT",
+ "repository": { "type": "git", "url": "https://github.com/visionmedia/node-cookie-signature.git"},
+ "dependencies": {},
+ "devDependencies": {
+ "mocha": "*",
+ "should": "*"
+ },
+ "scripts": {
+ "test": "mocha --require should --reporter spec"
+ },
+ "main": "index"
+}
diff --git a/node_modules/express/node_modules/cookie/LICENSE b/node_modules/express/node_modules/cookie/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..058b6b4efa3f45896ae691f2558a2a1aca05bebd
--- /dev/null
+++ b/node_modules/express/node_modules/cookie/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 Roman Shtylman <shtylman@gmail.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/node_modules/express/node_modules/cookie/README.md b/node_modules/express/node_modules/cookie/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..71fdac1110bba222a716c4b56b90028a6a9e5af4
--- /dev/null
+++ b/node_modules/express/node_modules/cookie/README.md
@@ -0,0 +1,317 @@
+# cookie
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+Basic HTTP cookie parser and serializer for HTTP servers.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install cookie
+```
+
+## API
+
+```js
+var cookie = require('cookie');
+```
+
+### cookie.parse(str, options)
+
+Parse an HTTP `Cookie` header string and returning an object of all cookie name-value pairs.
+The `str` argument is the string representing a `Cookie` header value and `options` is an
+optional object containing additional parsing options.
+
+```js
+var cookies = cookie.parse('foo=bar; equation=E%3Dmc%5E2');
+// { foo: 'bar', equation: 'E=mc^2' }
+```
+
+#### Options
+
+`cookie.parse` accepts these properties in the options object.
+
+##### decode
+
+Specifies a function that will be used to decode a cookie's value. Since the value of a cookie
+has a limited character set (and must be a simple string), this function can be used to decode
+a previously-encoded cookie value into a JavaScript string or other object.
+
+The default function is the global `decodeURIComponent`, which will decode any URL-encoded
+sequences into their byte representations.
+
+**note** if an error is thrown from this function, the original, non-decoded cookie value will
+be returned as the cookie's value.
+
+### cookie.serialize(name, value, options)
+
+Serialize a cookie name-value pair into a `Set-Cookie` header string. The `name` argument is the
+name for the cookie, the `value` argument is the value to set the cookie to, and the `options`
+argument is an optional object containing additional serialization options.
+
+```js
+var setCookie = cookie.serialize('foo', 'bar');
+// foo=bar
+```
+
+#### Options
+
+`cookie.serialize` accepts these properties in the options object.
+
+##### domain
+
+Specifies the value for the [`Domain` `Set-Cookie` attribute][rfc-6265-5.2.3]. By default, no
+domain is set, and most clients will consider the cookie to apply to only the current domain.
+
+##### encode
+
+Specifies a function that will be used to encode a cookie's value. Since value of a cookie
+has a limited character set (and must be a simple string), this function can be used to encode
+a value into a string suited for a cookie's value.
+
+The default function is the global `encodeURIComponent`, which will encode a JavaScript string
+into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range.
+
+##### expires
+
+Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute][rfc-6265-5.2.1].
+By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
+will delete it on a condition like exiting a web browser application.
+
+**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
+`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+so if both are set, they should point to the same date and time.
+
+##### httpOnly
+
+Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy,
+the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
+
+**note** be careful when setting this to `true`, as compliant clients will not allow client-side
+JavaScript to see the cookie in `document.cookie`.
+
+##### maxAge
+
+Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute][rfc-6265-5.2.2].
+The given number will be converted to an integer by rounding down. By default, no maximum age is set.
+
+**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
+`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+so if both are set, they should point to the same date and time.
+
+##### partitioned
+
+Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+`Partitioned` attribute is not set.
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).
+
+##### path
+
+Specifies the value for the [`Path` `Set-Cookie` attribute][rfc-6265-5.2.4]. By default, the path
+is considered the ["default path"][rfc-6265-5.1.4].
+
+##### priority
+
+Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+
+ - `'low'` will set the `Priority` attribute to `Low`.
+ - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+ - `'high'` will set the `Priority` attribute to `High`.
+
+More information about the different priority levels can be found in
+[the specification][rfc-west-cookie-priority-00-4.1].
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+##### sameSite
+
+Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-09-5.4.7].
+
+ - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+ - `false` will not set the `SameSite` attribute.
+ - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
+ - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
+ - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+
+More information about the different enforcement levels can be found in
+[the specification][rfc-6265bis-09-5.4.7].
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+##### secure
+
+Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute][rfc-6265-5.2.5]. When truthy,
+the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+
+**note** be careful when setting this to `true`, as compliant clients will not send the cookie back to
+the server in the future if the browser does not have an HTTPS connection.
+
+## Example
+
+The following example uses this module in conjunction with the Node.js core HTTP server
+to prompt a user for their name and display it back on future visits.
+
+```js
+var cookie = require('cookie');
+var escapeHtml = require('escape-html');
+var http = require('http');
+var url = require('url');
+
+function onRequest(req, res) {
+ // Parse the query string
+ var query = url.parse(req.url, true, true).query;
+
+ if (query && query.name) {
+ // Set a new cookie with the name
+ res.setHeader('Set-Cookie', cookie.serialize('name', String(query.name), {
+ httpOnly: true,
+ maxAge: 60 * 60 * 24 * 7 // 1 week
+ }));
+
+ // Redirect back after setting cookie
+ res.statusCode = 302;
+ res.setHeader('Location', req.headers.referer || '/');
+ res.end();
+ return;
+ }
+
+ // Parse the cookies on the request
+ var cookies = cookie.parse(req.headers.cookie || '');
+
+ // Get the visitor name set in the cookie
+ var name = cookies.name;
+
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8');
+
+ if (name) {
+ res.write('<p>Welcome back, <b>' + escapeHtml(name) + '</b>!</p>');
+ } else {
+ res.write('<p>Hello, new visitor!</p>');
+ }
+
+ res.write('<form method="GET">');
+ res.write('<input placeholder="enter your name" name="name"> <input type="submit" value="Set Name">');
+ res.end('</form>');
+}
+
+http.createServer(onRequest).listen(3000);
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmark
+
+```
+$ npm run bench
+
+> cookie@0.5.0 bench
+> node benchmark/index.js
+
+ node@18.18.2
+ acorn@8.10.0
+ ada@2.6.0
+ ares@1.19.1
+ brotli@1.0.9
+ cldr@43.1
+ icu@73.2
+ llhttp@6.0.11
+ modules@108
+ napi@9
+ nghttp2@1.57.0
+ nghttp3@0.7.0
+ ngtcp2@0.8.1
+ openssl@3.0.10+quic
+ simdutf@3.2.14
+ tz@2023c
+ undici@5.26.3
+ unicode@15.0
+ uv@1.44.2
+ uvwasi@0.0.18
+ v8@10.2.154.26-node.26
+ zlib@1.2.13.1-motley
+
+> node benchmark/parse-top.js
+
+ cookie.parse - top sites
+
+ 14 tests completed.
+
+ parse accounts.google.com x 2,588,913 ops/sec ±0.74% (186 runs sampled)
+ parse apple.com x 2,370,002 ops/sec ±0.69% (186 runs sampled)
+ parse cloudflare.com x 2,213,102 ops/sec ±0.88% (188 runs sampled)
+ parse docs.google.com x 2,194,157 ops/sec ±1.03% (184 runs sampled)
+ parse drive.google.com x 2,265,084 ops/sec ±0.79% (187 runs sampled)
+ parse en.wikipedia.org x 457,099 ops/sec ±0.81% (186 runs sampled)
+ parse linkedin.com x 504,407 ops/sec ±0.89% (186 runs sampled)
+ parse maps.google.com x 1,230,959 ops/sec ±0.98% (186 runs sampled)
+ parse microsoft.com x 926,294 ops/sec ±0.88% (184 runs sampled)
+ parse play.google.com x 2,311,338 ops/sec ±0.83% (185 runs sampled)
+ parse support.google.com x 1,508,850 ops/sec ±0.86% (186 runs sampled)
+ parse www.google.com x 1,022,582 ops/sec ±1.32% (182 runs sampled)
+ parse youtu.be x 332,136 ops/sec ±1.02% (185 runs sampled)
+ parse youtube.com x 323,833 ops/sec ±0.77% (183 runs sampled)
+
+> node benchmark/parse.js
+
+ cookie.parse - generic
+
+ 6 tests completed.
+
+ simple x 3,214,032 ops/sec ±1.61% (183 runs sampled)
+ decode x 587,237 ops/sec ±1.16% (187 runs sampled)
+ unquote x 2,954,618 ops/sec ±1.35% (183 runs sampled)
+ duplicates x 857,008 ops/sec ±0.89% (187 runs sampled)
+ 10 cookies x 292,133 ops/sec ±0.89% (187 runs sampled)
+ 100 cookies x 22,610 ops/sec ±0.68% (187 runs sampled)
+```
+
+## References
+
+- [RFC 6265: HTTP State Management Mechanism][rfc-6265]
+- [Same-site Cookies][rfc-6265bis-09-5.4.7]
+
+[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/
+[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1
+[rfc-6265bis-09-5.4.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7
+[rfc-6265]: https://tools.ietf.org/html/rfc6265
+[rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4
+[rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1
+[rfc-6265-5.2.2]: https://tools.ietf.org/html/rfc6265#section-5.2.2
+[rfc-6265-5.2.3]: https://tools.ietf.org/html/rfc6265#section-5.2.3
+[rfc-6265-5.2.4]: https://tools.ietf.org/html/rfc6265#section-5.2.4
+[rfc-6265-5.2.5]: https://tools.ietf.org/html/rfc6265#section-5.2.5
+[rfc-6265-5.2.6]: https://tools.ietf.org/html/rfc6265#section-5.2.6
+[rfc-6265-5.3]: https://tools.ietf.org/html/rfc6265#section-5.3
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/cookie/master?label=ci
+[ci-url]: https://github.com/jshttp/cookie/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/cookie/master
+[coveralls-url]: https://coveralls.io/r/jshttp/cookie?branch=master
+[node-image]: https://badgen.net/npm/node/cookie
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/cookie
+[npm-url]: https://npmjs.org/package/cookie
+[npm-version-image]: https://badgen.net/npm/v/cookie
diff --git a/node_modules/express/node_modules/cookie/SECURITY.md b/node_modules/express/node_modules/cookie/SECURITY.md
new file mode 100644
index 0000000000000000000000000000000000000000..fd4a6c53a9cd1abacf91125dab3fde3163b4c412
--- /dev/null
+++ b/node_modules/express/node_modules/cookie/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `cookie` team and community take all security bugs seriously. Thank
+you for improving the security of the project. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `cookie`. This
+information can be found in the npm registry using the command
+`npm owner ls cookie`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/jshttp/cookie/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/node_modules/express/node_modules/cookie/index.js b/node_modules/express/node_modules/cookie/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..51a58cbe953d5914b2c6151228763eb2e62ea26e
--- /dev/null
+++ b/node_modules/express/node_modules/cookie/index.js
@@ -0,0 +1,334 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+exports.parse = parse;
+exports.serialize = serialize;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var __toString = Object.prototype.toString
+
+/**
+ * RegExp to match cookie-name in RFC 6265 sec 4.1.1
+ * This refers out to the obsoleted definition of token in RFC 2616 sec 2.2
+ * which has been replaced by the token definition in RFC 7230 appendix B.
+ *
+ * cookie-name = token
+ * token = 1*tchar
+ * tchar = "!" / "#" / "$" / "%" / "&" / "'" /
+ * "*" / "+" / "-" / "." / "^" / "_" /
+ * "`" / "|" / "~" / DIGIT / ALPHA
+ */
+
+var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
+
+/**
+ * RegExp to match cookie-value in RFC 6265 sec 4.1.1
+ *
+ * cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
+ * cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+ * ; US-ASCII characters excluding CTLs,
+ * ; whitespace DQUOTE, comma, semicolon,
+ * ; and backslash
+ */
+
+var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/;
+
+/**
+ * RegExp to match domain-value in RFC 6265 sec 4.1.1
+ *
+ * domain-value = <subdomain>
+ * ; defined in [RFC1034], Section 3.5, as
+ * ; enhanced by [RFC1123], Section 2.1
+ * <subdomain> = <label> | <subdomain> "." <label>
+ * <label> = <let-dig> [ [ <ldh-str> ] <let-dig> ]
+ * Labels must be 63 characters or less.
+ * 'let-dig' not 'letter' in the first char, per RFC1123
+ * <ldh-str> = <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+ * <let-dig-hyp> = <let-dig> | "-"
+ * <let-dig> = <letter> | <digit>
+ * <letter> = any one of the 52 alphabetic characters A through Z in
+ * upper case and a through z in lower case
+ * <digit> = any one of the ten digits 0 through 9
+ *
+ * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
+ *
+ * > (Note that a leading %x2E ("."), if present, is ignored even though that
+ * character is not permitted, but a trailing %x2E ("."), if present, will
+ * cause the user agent to ignore the attribute.)
+ */
+
+var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
+
+/**
+ * RegExp to match path-value in RFC 6265 sec 4.1.1
+ *
+ * path-value = <any CHAR except CTLs or ";">
+ * CHAR = %x01-7F
+ * ; defined in RFC 5234 appendix B.1
+ */
+
+var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [opt]
+ * @return {object}
+ * @public
+ */
+
+function parse(str, opt) {
+ if (typeof str !== 'string') {
+ throw new TypeError('argument str must be a string');
+ }
+
+ var obj = {};
+ var len = str.length;
+ // RFC 6265 sec 4.1.1, RFC 2616 2.2 defines a cookie name consists of one char minimum, plus '='.
+ if (len < 2) return obj;
+
+ var dec = (opt && opt.decode) || decode;
+ var index = 0;
+ var eqIdx = 0;
+ var endIdx = 0;
+
+ do {
+ eqIdx = str.indexOf('=', index);
+ if (eqIdx === -1) break; // No more cookie pairs.
+
+ endIdx = str.indexOf(';', index);
+
+ if (endIdx === -1) {
+ endIdx = len;
+ } else if (eqIdx > endIdx) {
+ // backtrack on prior semicolon
+ index = str.lastIndexOf(';', eqIdx - 1) + 1;
+ continue;
+ }
+
+ var keyStartIdx = startIndex(str, index, eqIdx);
+ var keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
+ var key = str.slice(keyStartIdx, keyEndIdx);
+
+ // only assign once
+ if (!obj.hasOwnProperty(key)) {
+ var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
+ var valEndIdx = endIndex(str, endIdx, valStartIdx);
+
+ if (str.charCodeAt(valStartIdx) === 0x22 /* " */ && str.charCodeAt(valEndIdx - 1) === 0x22 /* " */) {
+ valStartIdx++;
+ valEndIdx--;
+ }
+
+ var val = str.slice(valStartIdx, valEndIdx);
+ obj[key] = tryDecode(val, dec);
+ }
+
+ index = endIdx + 1
+ } while (index < len);
+
+ return obj;
+}
+
+function startIndex(str, index, max) {
+ do {
+ var code = str.charCodeAt(index);
+ if (code !== 0x20 /* */ && code !== 0x09 /* \t */) return index;
+ } while (++index < max);
+ return max;
+}
+
+function endIndex(str, index, min) {
+ while (index > min) {
+ var code = str.charCodeAt(--index);
+ if (code !== 0x20 /* */ && code !== 0x09 /* \t */) return index + 1;
+ }
+ return min;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize a name value pair into a cookie string suitable for
+ * http headers. An optional options object specifies cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ * => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [opt]
+ * @return {string}
+ * @public
+ */
+
+function serialize(name, val, opt) {
+ var enc = (opt && opt.encode) || encodeURIComponent;
+
+ if (typeof enc !== 'function') {
+ throw new TypeError('option encode is invalid');
+ }
+
+ if (!cookieNameRegExp.test(name)) {
+ throw new TypeError('argument name is invalid');
+ }
+
+ var value = enc(val);
+
+ if (!cookieValueRegExp.test(value)) {
+ throw new TypeError('argument val is invalid');
+ }
+
+ var str = name + '=' + value;
+ if (!opt) return str;
+
+ if (null != opt.maxAge) {
+ var maxAge = Math.floor(opt.maxAge);
+
+ if (!isFinite(maxAge)) {
+ throw new TypeError('option maxAge is invalid')
+ }
+
+ str += '; Max-Age=' + maxAge;
+ }
+
+ if (opt.domain) {
+ if (!domainValueRegExp.test(opt.domain)) {
+ throw new TypeError('option domain is invalid');
+ }
+
+ str += '; Domain=' + opt.domain;
+ }
+
+ if (opt.path) {
+ if (!pathValueRegExp.test(opt.path)) {
+ throw new TypeError('option path is invalid');
+ }
+
+ str += '; Path=' + opt.path;
+ }
+
+ if (opt.expires) {
+ var expires = opt.expires
+
+ if (!isDate(expires) || isNaN(expires.valueOf())) {
+ throw new TypeError('option expires is invalid');
+ }
+
+ str += '; Expires=' + expires.toUTCString()
+ }
+
+ if (opt.httpOnly) {
+ str += '; HttpOnly';
+ }
+
+ if (opt.secure) {
+ str += '; Secure';
+ }
+
+ if (opt.partitioned) {
+ str += '; Partitioned'
+ }
+
+ if (opt.priority) {
+ var priority = typeof opt.priority === 'string'
+ ? opt.priority.toLowerCase() : opt.priority;
+
+ switch (priority) {
+ case 'low':
+ str += '; Priority=Low'
+ break
+ case 'medium':
+ str += '; Priority=Medium'
+ break
+ case 'high':
+ str += '; Priority=High'
+ break
+ default:
+ throw new TypeError('option priority is invalid')
+ }
+ }
+
+ if (opt.sameSite) {
+ var sameSite = typeof opt.sameSite === 'string'
+ ? opt.sameSite.toLowerCase() : opt.sameSite;
+
+ switch (sameSite) {
+ case true:
+ str += '; SameSite=Strict';
+ break;
+ case 'lax':
+ str += '; SameSite=Lax';
+ break;
+ case 'strict':
+ str += '; SameSite=Strict';
+ break;
+ case 'none':
+ str += '; SameSite=None';
+ break;
+ default:
+ throw new TypeError('option sameSite is invalid');
+ }
+ }
+
+ return str;
+}
+
+/**
+ * URL-decode string value. Optimized to skip native call when no %.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function decode (str) {
+ return str.indexOf('%') !== -1
+ ? decodeURIComponent(str)
+ : str
+}
+
+/**
+ * Determine if value is a Date.
+ *
+ * @param {*} val
+ * @private
+ */
+
+function isDate (val) {
+ return __toString.call(val) === '[object Date]';
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str, decode) {
+ try {
+ return decode(str);
+ } catch (e) {
+ return str;
+ }
+}
diff --git a/node_modules/express/node_modules/cookie/package.json b/node_modules/express/node_modules/cookie/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..f498ea75ac513eac700adcb8ccd38a0528ef60f5
--- /dev/null
+++ b/node_modules/express/node_modules/cookie/package.json
@@ -0,0 +1,44 @@
+{
+ "name": "cookie",
+ "description": "HTTP server cookie parsing and serialization",
+ "version": "0.7.1",
+ "author": "Roman Shtylman <shtylman@gmail.com>",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "cookie",
+ "cookies"
+ ],
+ "repository": "jshttp/cookie",
+ "devDependencies": {
+ "beautify-benchmark": "0.2.4",
+ "benchmark": "2.1.4",
+ "eslint": "8.53.0",
+ "eslint-plugin-markdown": "3.0.1",
+ "mocha": "10.2.0",
+ "nyc": "15.1.0",
+ "safe-buffer": "5.2.1",
+ "top-sites": "1.1.194"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "README.md",
+ "SECURITY.md",
+ "index.js"
+ ],
+ "main": "index.js",
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test",
+ "update-bench": "node scripts/update-benchmark.js"
+ }
+}
diff --git a/node_modules/express/package.json b/node_modules/express/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..60f65fe2d379dc11b08fc61578251867408b5ec0
--- /dev/null
+++ b/node_modules/express/package.json
@@ -0,0 +1,102 @@
+{
+ "name": "express",
+ "description": "Fast, unopinionated, minimalist web framework",
+ "version": "4.21.2",
+ "author": "TJ Holowaychuk <tj@vision-media.ca>",
+ "contributors": [
+ "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
+ "Ciaran Jessup <ciaranj@gmail.com>",
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Guillermo Rauch <rauchg@gmail.com>",
+ "Jonathan Ong <me@jongleberry.com>",
+ "Roman Shtylman <shtylman+expressjs@gmail.com>",
+ "Young Jae Sim <hanul@hanul.me>"
+ ],
+ "license": "MIT",
+ "repository": "expressjs/express",
+ "homepage": "http://expressjs.com/",
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express"
+ },
+ "keywords": [
+ "express",
+ "framework",
+ "sinatra",
+ "web",
+ "http",
+ "rest",
+ "restful",
+ "router",
+ "app",
+ "api"
+ ],
+ "dependencies": {
+ "accepts": "~1.3.8",
+ "array-flatten": "1.1.1",
+ "body-parser": "1.20.3",
+ "content-disposition": "0.5.4",
+ "content-type": "~1.0.4",
+ "cookie": "0.7.1",
+ "cookie-signature": "1.0.6",
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "finalhandler": "1.3.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "merge-descriptors": "1.0.3",
+ "methods": "~1.1.2",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "path-to-regexp": "0.1.12",
+ "proxy-addr": "~2.0.7",
+ "qs": "6.13.0",
+ "range-parser": "~1.2.1",
+ "safe-buffer": "5.2.1",
+ "send": "0.19.0",
+ "serve-static": "1.16.2",
+ "setprototypeof": "1.2.0",
+ "statuses": "2.0.1",
+ "type-is": "~1.6.18",
+ "utils-merge": "1.0.1",
+ "vary": "~1.1.2"
+ },
+ "devDependencies": {
+ "after": "0.8.2",
+ "connect-redis": "3.4.2",
+ "cookie-parser": "1.4.6",
+ "cookie-session": "2.0.0",
+ "ejs": "3.1.9",
+ "eslint": "8.47.0",
+ "express-session": "1.17.2",
+ "hbs": "4.2.0",
+ "marked": "0.7.0",
+ "method-override": "3.0.0",
+ "mocha": "10.2.0",
+ "morgan": "1.10.0",
+ "nyc": "15.1.0",
+ "pbkdf2-password": "1.2.1",
+ "supertest": "6.3.0",
+ "vhost": "~3.0.2"
+ },
+ "engines": {
+ "node": ">= 0.10.0"
+ },
+ "files": [
+ "LICENSE",
+ "History.md",
+ "Readme.md",
+ "index.js",
+ "lib/"
+ ],
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
+ "test-ci": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=lcovonly --reporter=text npm test",
+ "test-cov": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=html --reporter=text npm test",
+ "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
+ }
+}
diff --git a/node_modules/finalhandler/HISTORY.md b/node_modules/finalhandler/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..7faa4f0afc70b7bf07d568ad6abfcdbd4ba0d72b
--- /dev/null
+++ b/node_modules/finalhandler/HISTORY.md
@@ -0,0 +1,210 @@
+v1.3.1 / 2024-09-11
+==================
+
+ * deps: encodeurl@~2.0.0
+
+v1.3.0 / 2024-09-03
+==================
+
+ * ignore status message for HTTP/2 (#53)
+
+v1.2.1 / 2024-09-02
+==================
+
+ * Gracefully handle when handling an error and socket is null
+
+1.2.0 / 2022-03-22
+==================
+
+ * Remove set content headers that break response
+ * deps: on-finished@2.4.1
+ * deps: statuses@2.0.1
+ - Rename `425 Unordered Collection` to standard `425 Too Early`
+
+1.1.2 / 2019-05-09
+==================
+
+ * Set stricter `Content-Security-Policy` header
+ * deps: parseurl@~1.3.3
+ * deps: statuses@~1.5.0
+
+1.1.1 / 2018-03-06
+==================
+
+ * Fix 404 output for bad / missing pathnames
+ * deps: encodeurl@~1.0.2
+ - Fix encoding `%` as last character
+ * deps: statuses@~1.4.0
+
+1.1.0 / 2017-09-24
+==================
+
+ * Use `res.headersSent` when available
+
+1.0.6 / 2017-09-22
+==================
+
+ * deps: debug@2.6.9
+
+1.0.5 / 2017-09-15
+==================
+
+ * deps: parseurl@~1.3.2
+ - perf: reduce overhead for full URLs
+ - perf: unroll the "fast-path" `RegExp`
+
+1.0.4 / 2017-08-03
+==================
+
+ * deps: debug@2.6.8
+
+1.0.3 / 2017-05-16
+==================
+
+ * deps: debug@2.6.7
+ - deps: ms@2.0.0
+
+1.0.2 / 2017-04-22
+==================
+
+ * deps: debug@2.6.4
+ - deps: ms@0.7.3
+
+1.0.1 / 2017-03-21
+==================
+
+ * Fix missing `</html>` in HTML document
+ * deps: debug@2.6.3
+ - Fix: `DEBUG_MAX_ARRAY_LENGTH`
+
+1.0.0 / 2017-02-15
+==================
+
+ * Fix exception when `err` cannot be converted to a string
+ * Fully URL-encode the pathname in the 404 message
+ * Only include the pathname in the 404 message
+ * Send complete HTML document
+ * Set `Content-Security-Policy: default-src 'self'` header
+ * deps: debug@2.6.1
+ - Allow colors in workers
+ - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+ - Fix error when running under React Native
+ - Use same color for same namespace
+ - deps: ms@0.7.2
+
+0.5.1 / 2016-11-12
+==================
+
+ * Fix exception when `err.headers` is not an object
+ * deps: statuses@~1.3.1
+ * perf: hoist regular expressions
+ * perf: remove duplicate validation path
+
+0.5.0 / 2016-06-15
+==================
+
+ * Change invalid or non-numeric status code to 500
+ * Overwrite status message to match set status code
+ * Prefer `err.statusCode` if `err.status` is invalid
+ * Set response headers from `err.headers` object
+ * Use `statuses` instead of `http` module for status messages
+ - Includes all defined status messages
+
+0.4.1 / 2015-12-02
+==================
+
+ * deps: escape-html@~1.0.3
+ - perf: enable strict mode
+ - perf: optimize string replacement
+ - perf: use faster string coercion
+
+0.4.0 / 2015-06-14
+==================
+
+ * Fix a false-positive when unpiping in Node.js 0.8
+ * Support `statusCode` property on `Error` objects
+ * Use `unpipe` module for unpiping requests
+ * deps: escape-html@1.0.2
+ * deps: on-finished@~2.3.0
+ - Add defined behavior for HTTP `CONNECT` requests
+ - Add defined behavior for HTTP `Upgrade` requests
+ - deps: ee-first@1.1.1
+ * perf: enable strict mode
+ * perf: remove argument reassignment
+
+0.3.6 / 2015-05-11
+==================
+
+ * deps: debug@~2.2.0
+ - deps: ms@0.7.1
+
+0.3.5 / 2015-04-22
+==================
+
+ * deps: on-finished@~2.2.1
+ - Fix `isFinished(req)` when data buffered
+
+0.3.4 / 2015-03-15
+==================
+
+ * deps: debug@~2.1.3
+ - Fix high intensity foreground color for bold
+ - deps: ms@0.7.0
+
+0.3.3 / 2015-01-01
+==================
+
+ * deps: debug@~2.1.1
+ * deps: on-finished@~2.2.0
+
+0.3.2 / 2014-10-22
+==================
+
+ * deps: on-finished@~2.1.1
+ - Fix handling of pipelined requests
+
+0.3.1 / 2014-10-16
+==================
+
+ * deps: debug@~2.1.0
+ - Implement `DEBUG_FD` env variable support
+
+0.3.0 / 2014-09-17
+==================
+
+ * Terminate in progress response only on error
+ * Use `on-finished` to determine request status
+
+0.2.0 / 2014-09-03
+==================
+
+ * Set `X-Content-Type-Options: nosniff` header
+ * deps: debug@~2.0.0
+
+0.1.0 / 2014-07-16
+==================
+
+ * Respond after request fully read
+ - prevents hung responses and socket hang ups
+ * deps: debug@1.0.4
+
+0.0.3 / 2014-07-11
+==================
+
+ * deps: debug@1.0.3
+ - Add support for multiple wildcards in namespaces
+
+0.0.2 / 2014-06-19
+==================
+
+ * Handle invalid status codes
+
+0.0.1 / 2014-06-05
+==================
+
+ * deps: debug@1.0.2
+
+0.0.0 / 2014-06-05
+==================
+
+ * Extracted from connect/express
diff --git a/node_modules/finalhandler/LICENSE b/node_modules/finalhandler/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..60221067c4d591554407b4700033aab9669a9b0e
--- /dev/null
+++ b/node_modules/finalhandler/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/finalhandler/README.md b/node_modules/finalhandler/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..6244a13eb656346f2ff668c4742aee06bed35a62
--- /dev/null
+++ b/node_modules/finalhandler/README.md
@@ -0,0 +1,147 @@
+# finalhandler
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Node.js function to invoke as the final step to respond to HTTP request.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install finalhandler
+```
+
+## API
+
+```js
+var finalhandler = require('finalhandler')
+```
+
+### finalhandler(req, res, [options])
+
+Returns function to be invoked as the final step for the given `req` and `res`.
+This function is to be invoked as `fn(err)`. If `err` is falsy, the handler will
+write out a 404 response to the `res`. If it is truthy, an error response will
+be written out to the `res` or `res` will be terminated if a response has already
+started.
+
+When an error is written, the following information is added to the response:
+
+ * The `res.statusCode` is set from `err.status` (or `err.statusCode`). If
+ this value is outside the 4xx or 5xx range, it will be set to 500.
+ * The `res.statusMessage` is set according to the status code.
+ * The body will be the HTML of the status code message if `env` is
+ `'production'`, otherwise will be `err.stack`.
+ * Any headers specified in an `err.headers` object.
+
+The final handler will also unpipe anything from `req` when it is invoked.
+
+#### options.env
+
+By default, the environment is determined by `NODE_ENV` variable, but it can be
+overridden by this option.
+
+#### options.onerror
+
+Provide a function to be called with the `err` when it exists. Can be used for
+writing errors to a central location without excessive function generation. Called
+as `onerror(err, req, res)`.
+
+## Examples
+
+### always 404
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+ var done = finalhandler(req, res)
+ done()
+})
+
+server.listen(3000)
+```
+
+### perform simple action
+
+```js
+var finalhandler = require('finalhandler')
+var fs = require('fs')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+ var done = finalhandler(req, res)
+
+ fs.readFile('index.html', function (err, buf) {
+ if (err) return done(err)
+ res.setHeader('Content-Type', 'text/html')
+ res.end(buf)
+ })
+})
+
+server.listen(3000)
+```
+
+### use with middleware-style functions
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+var serve = serveStatic('public')
+
+var server = http.createServer(function (req, res) {
+ var done = finalhandler(req, res)
+ serve(req, res, done)
+})
+
+server.listen(3000)
+```
+
+### keep log of all errors
+
+```js
+var finalhandler = require('finalhandler')
+var fs = require('fs')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+ var done = finalhandler(req, res, { onerror: logerror })
+
+ fs.readFile('index.html', function (err, buf) {
+ if (err) return done(err)
+ res.setHeader('Content-Type', 'text/html')
+ res.end(buf)
+ })
+})
+
+server.listen(3000)
+
+function logerror (err) {
+ console.error(err.stack || err.toString())
+}
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/finalhandler.svg
+[npm-url]: https://npmjs.org/package/finalhandler
+[node-image]: https://img.shields.io/node/v/finalhandler.svg
+[node-url]: https://nodejs.org/en/download
+[coveralls-image]: https://img.shields.io/coveralls/pillarjs/finalhandler.svg
+[coveralls-url]: https://coveralls.io/r/pillarjs/finalhandler?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/finalhandler.svg
+[downloads-url]: https://npmjs.org/package/finalhandler
+[github-actions-ci-image]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml/badge.svg
+[github-actions-ci-url]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml
diff --git a/node_modules/finalhandler/SECURITY.md b/node_modules/finalhandler/SECURITY.md
new file mode 100644
index 0000000000000000000000000000000000000000..6e23249f5f93bb2bbe1cc15990d1f9c8975da269
--- /dev/null
+++ b/node_modules/finalhandler/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `finalhandler` team and community take all security bugs seriously. Thank
+you for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `finalhandler`. This
+information can be found in the npm registry using the command
+`npm owner ls finalhandler`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/pillarjs/finalhandler/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/node_modules/finalhandler/index.js b/node_modules/finalhandler/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..ec34be90d153051156a8558c90f1564b84857d06
--- /dev/null
+++ b/node_modules/finalhandler/index.js
@@ -0,0 +1,341 @@
+/*!
+ * finalhandler
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('finalhandler')
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var onFinished = require('on-finished')
+var parseUrl = require('parseurl')
+var statuses = require('statuses')
+var unpipe = require('unpipe')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var DOUBLE_SPACE_REGEXP = /\x20{2}/g
+var NEWLINE_REGEXP = /\n/g
+
+/* istanbul ignore next */
+var defer = typeof setImmediate === 'function'
+ ? setImmediate
+ : function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
+var isFinished = onFinished.isFinished
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} message
+ * @private
+ */
+
+function createHtmlDocument (message) {
+ var body = escapeHtml(message)
+ .replace(NEWLINE_REGEXP, '<br>')
+ .replace(DOUBLE_SPACE_REGEXP, ' ')
+
+ return '<!DOCTYPE html>\n' +
+ '<html lang="en">\n' +
+ '<head>\n' +
+ '<meta charset="utf-8">\n' +
+ '<title>Error</title>\n' +
+ '</head>\n' +
+ '<body>\n' +
+ '<pre>' + body + '</pre>\n' +
+ '</body>\n' +
+ '</html>\n'
+}
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = finalhandler
+
+/**
+ * Create a function to handle the final response.
+ *
+ * @param {Request} req
+ * @param {Response} res
+ * @param {Object} [options]
+ * @return {Function}
+ * @public
+ */
+
+function finalhandler (req, res, options) {
+ var opts = options || {}
+
+ // get environment
+ var env = opts.env || process.env.NODE_ENV || 'development'
+
+ // get error callback
+ var onerror = opts.onerror
+
+ return function (err) {
+ var headers
+ var msg
+ var status
+
+ // ignore 404 on in-flight response
+ if (!err && headersSent(res)) {
+ debug('cannot 404 after headers sent')
+ return
+ }
+
+ // unhandled error
+ if (err) {
+ // respect status code from error
+ status = getErrorStatusCode(err)
+
+ if (status === undefined) {
+ // fallback to status code on response
+ status = getResponseStatusCode(res)
+ } else {
+ // respect headers from error
+ headers = getErrorHeaders(err)
+ }
+
+ // get error message
+ msg = getErrorMessage(err, status, env)
+ } else {
+ // not found
+ status = 404
+ msg = 'Cannot ' + req.method + ' ' + encodeUrl(getResourceName(req))
+ }
+
+ debug('default %s', status)
+
+ // schedule onerror callback
+ if (err && onerror) {
+ defer(onerror, err, req, res)
+ }
+
+ // cannot actually respond
+ if (headersSent(res)) {
+ debug('cannot %d after headers sent', status)
+ if (req.socket) {
+ req.socket.destroy()
+ }
+ return
+ }
+
+ // send response
+ send(req, res, status, headers, msg)
+ }
+}
+
+/**
+ * Get headers from Error object.
+ *
+ * @param {Error} err
+ * @return {object}
+ * @private
+ */
+
+function getErrorHeaders (err) {
+ if (!err.headers || typeof err.headers !== 'object') {
+ return undefined
+ }
+
+ var headers = Object.create(null)
+ var keys = Object.keys(err.headers)
+
+ for (var i = 0; i < keys.length; i++) {
+ var key = keys[i]
+ headers[key] = err.headers[key]
+ }
+
+ return headers
+}
+
+/**
+ * Get message from Error object, fallback to status message.
+ *
+ * @param {Error} err
+ * @param {number} status
+ * @param {string} env
+ * @return {string}
+ * @private
+ */
+
+function getErrorMessage (err, status, env) {
+ var msg
+
+ if (env !== 'production') {
+ // use err.stack, which typically includes err.message
+ msg = err.stack
+
+ // fallback to err.toString() when possible
+ if (!msg && typeof err.toString === 'function') {
+ msg = err.toString()
+ }
+ }
+
+ return msg || statuses.message[status]
+}
+
+/**
+ * Get status code from Error object.
+ *
+ * @param {Error} err
+ * @return {number}
+ * @private
+ */
+
+function getErrorStatusCode (err) {
+ // check err.status
+ if (typeof err.status === 'number' && err.status >= 400 && err.status < 600) {
+ return err.status
+ }
+
+ // check err.statusCode
+ if (typeof err.statusCode === 'number' && err.statusCode >= 400 && err.statusCode < 600) {
+ return err.statusCode
+ }
+
+ return undefined
+}
+
+/**
+ * Get resource name for the request.
+ *
+ * This is typically just the original pathname of the request
+ * but will fallback to "resource" is that cannot be determined.
+ *
+ * @param {IncomingMessage} req
+ * @return {string}
+ * @private
+ */
+
+function getResourceName (req) {
+ try {
+ return parseUrl.original(req).pathname
+ } catch (e) {
+ return 'resource'
+ }
+}
+
+/**
+ * Get status code from response.
+ *
+ * @param {OutgoingMessage} res
+ * @return {number}
+ * @private
+ */
+
+function getResponseStatusCode (res) {
+ var status = res.statusCode
+
+ // default status code to 500 if outside valid range
+ if (typeof status !== 'number' || status < 400 || status > 599) {
+ status = 500
+ }
+
+ return status
+}
+
+/**
+ * Determine if the response headers have been sent.
+ *
+ * @param {object} res
+ * @returns {boolean}
+ * @private
+ */
+
+function headersSent (res) {
+ return typeof res.headersSent !== 'boolean'
+ ? Boolean(res._header)
+ : res.headersSent
+}
+
+/**
+ * Send response.
+ *
+ * @param {IncomingMessage} req
+ * @param {OutgoingMessage} res
+ * @param {number} status
+ * @param {object} headers
+ * @param {string} message
+ * @private
+ */
+
+function send (req, res, status, headers, message) {
+ function write () {
+ // response body
+ var body = createHtmlDocument(message)
+
+ // response status
+ res.statusCode = status
+
+ if (req.httpVersionMajor < 2) {
+ res.statusMessage = statuses.message[status]
+ }
+
+ // remove any content headers
+ res.removeHeader('Content-Encoding')
+ res.removeHeader('Content-Language')
+ res.removeHeader('Content-Range')
+
+ // response headers
+ setHeaders(res, headers)
+
+ // security headers
+ res.setHeader('Content-Security-Policy', "default-src 'none'")
+ res.setHeader('X-Content-Type-Options', 'nosniff')
+
+ // standard headers
+ res.setHeader('Content-Type', 'text/html; charset=utf-8')
+ res.setHeader('Content-Length', Buffer.byteLength(body, 'utf8'))
+
+ if (req.method === 'HEAD') {
+ res.end()
+ return
+ }
+
+ res.end(body, 'utf8')
+ }
+
+ if (isFinished(req)) {
+ write()
+ return
+ }
+
+ // unpipe everything from the request
+ unpipe(req)
+
+ // flush the request
+ onFinished(req, write)
+ req.resume()
+}
+
+/**
+ * Set response headers from an object.
+ *
+ * @param {OutgoingMessage} res
+ * @param {object} headers
+ * @private
+ */
+
+function setHeaders (res, headers) {
+ if (!headers) {
+ return
+ }
+
+ var keys = Object.keys(headers)
+ for (var i = 0; i < keys.length; i++) {
+ var key = keys[i]
+ res.setHeader(key, headers[key])
+ }
+}
diff --git a/node_modules/finalhandler/package.json b/node_modules/finalhandler/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..2363eb4dac2f790aaa1ddfbaae88a3b964f72192
--- /dev/null
+++ b/node_modules/finalhandler/package.json
@@ -0,0 +1,47 @@
+{
+ "name": "finalhandler",
+ "description": "Node.js final http responder",
+ "version": "1.3.1",
+ "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "license": "MIT",
+ "repository": "pillarjs/finalhandler",
+ "dependencies": {
+ "debug": "2.6.9",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "statuses": "2.0.1",
+ "unpipe": "~1.0.0"
+ },
+ "devDependencies": {
+ "eslint": "7.32.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.26.0",
+ "eslint-plugin-markdown": "2.2.1",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "5.2.0",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "10.0.0",
+ "nyc": "15.1.0",
+ "readable-stream": "2.3.6",
+ "safe-buffer": "5.2.1",
+ "supertest": "6.2.4"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "SECURITY.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --check-leaks test/",
+ "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test",
+ "test-inspect": "mocha --reporter spec --inspect --inspect-brk test/"
+ }
+}
diff --git a/node_modules/forwarded/HISTORY.md b/node_modules/forwarded/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..381e6aad4619cbed1e74bf64a0dc3fe216dc0abe
--- /dev/null
+++ b/node_modules/forwarded/HISTORY.md
@@ -0,0 +1,21 @@
+0.2.0 / 2021-05-31
+==================
+
+ * Use `req.socket` over deprecated `req.connection`
+
+0.1.2 / 2017-09-14
+==================
+
+ * perf: improve header parsing
+ * perf: reduce overhead when no `X-Forwarded-For` header
+
+0.1.1 / 2017-09-10
+==================
+
+ * Fix trimming leading / trailing OWS
+ * perf: hoist regular expression
+
+0.1.0 / 2014-09-21
+==================
+
+ * Initial release
diff --git a/node_modules/forwarded/LICENSE b/node_modules/forwarded/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..84441fbb5709262c2bfc9b5ff0166ad4f024a1b8
--- /dev/null
+++ b/node_modules/forwarded/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/forwarded/README.md b/node_modules/forwarded/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fdd220bcaab88b00b844736404c326fa6bdfbc0e
--- /dev/null
+++ b/node_modules/forwarded/README.md
@@ -0,0 +1,57 @@
+# forwarded
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Parse HTTP X-Forwarded-For header
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install forwarded
+```
+
+## API
+
+```js
+var forwarded = require('forwarded')
+```
+
+### forwarded(req)
+
+```js
+var addresses = forwarded(req)
+```
+
+Parse the `X-Forwarded-For` header from the request. Returns an array
+of the addresses, including the socket address for the `req`, in reverse
+order (i.e. index `0` is the socket address and the last index is the
+furthest address, typically the end-user).
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/forwarded/master?label=ci
+[ci-url]: https://github.com/jshttp/forwarded/actions?query=workflow%3Aci
+[npm-image]: https://img.shields.io/npm/v/forwarded.svg
+[npm-url]: https://npmjs.org/package/forwarded
+[node-version-image]: https://img.shields.io/node/v/forwarded.svg
+[node-version-url]: https://nodejs.org/en/download/
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/forwarded/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/forwarded?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/forwarded.svg
+[downloads-url]: https://npmjs.org/package/forwarded
diff --git a/node_modules/forwarded/index.js b/node_modules/forwarded/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..b2b6bdd3c98349ba48b5dc150e66746dab1beec1
--- /dev/null
+++ b/node_modules/forwarded/index.js
@@ -0,0 +1,90 @@
+/*!
+ * forwarded
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = forwarded
+
+/**
+ * Get all addresses in the request, using the `X-Forwarded-For` header.
+ *
+ * @param {object} req
+ * @return {array}
+ * @public
+ */
+
+function forwarded (req) {
+ if (!req) {
+ throw new TypeError('argument req is required')
+ }
+
+ // simple header parsing
+ var proxyAddrs = parse(req.headers['x-forwarded-for'] || '')
+ var socketAddr = getSocketAddr(req)
+ var addrs = [socketAddr].concat(proxyAddrs)
+
+ // return all addresses
+ return addrs
+}
+
+/**
+ * Get the socket address for a request.
+ *
+ * @param {object} req
+ * @return {string}
+ * @private
+ */
+
+function getSocketAddr (req) {
+ return req.socket
+ ? req.socket.remoteAddress
+ : req.connection.remoteAddress
+}
+
+/**
+ * Parse the X-Forwarded-For header.
+ *
+ * @param {string} header
+ * @private
+ */
+
+function parse (header) {
+ var end = header.length
+ var list = []
+ var start = header.length
+
+ // gather addresses, backwards
+ for (var i = header.length - 1; i >= 0; i--) {
+ switch (header.charCodeAt(i)) {
+ case 0x20: /* */
+ if (start === end) {
+ start = end = i
+ }
+ break
+ case 0x2c: /* , */
+ if (start !== end) {
+ list.push(header.substring(start, end))
+ }
+ start = end = i
+ break
+ default:
+ start = i
+ break
+ }
+ }
+
+ // final address
+ if (start !== end) {
+ list.push(header.substring(start, end))
+ }
+
+ return list
+}
diff --git a/node_modules/forwarded/package.json b/node_modules/forwarded/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..bf9c7d6550b4efceee2f6f55350860097b218a0a
--- /dev/null
+++ b/node_modules/forwarded/package.json
@@ -0,0 +1,45 @@
+{
+ "name": "forwarded",
+ "description": "Parse HTTP X-Forwarded-For header",
+ "version": "0.2.0",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "x-forwarded-for",
+ "http",
+ "req"
+ ],
+ "repository": "jshttp/forwarded",
+ "devDependencies": {
+ "beautify-benchmark": "0.2.4",
+ "benchmark": "2.1.4",
+ "deep-equal": "1.0.1",
+ "eslint": "7.27.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.23.4",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "4.3.1",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "8.4.0",
+ "nyc": "15.1.0"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test",
+ "version": "node scripts/version-history.js && git add HISTORY.md"
+ }
+}
diff --git a/node_modules/fresh/HISTORY.md b/node_modules/fresh/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..4586996a3c6e13633a678339ff6075c60567c233
--- /dev/null
+++ b/node_modules/fresh/HISTORY.md
@@ -0,0 +1,70 @@
+0.5.2 / 2017-09-13
+==================
+
+ * Fix regression matching multiple ETags in `If-None-Match`
+ * perf: improve `If-None-Match` token parsing
+
+0.5.1 / 2017-09-11
+==================
+
+ * Fix handling of modified headers with invalid dates
+ * perf: improve ETag match loop
+
+0.5.0 / 2017-02-21
+==================
+
+ * Fix incorrect result when `If-None-Match` has both `*` and ETags
+ * Fix weak `ETag` matching to match spec
+ * perf: delay reading header values until needed
+ * perf: skip checking modified time if ETag check failed
+ * perf: skip parsing `If-None-Match` when no `ETag` header
+ * perf: use `Date.parse` instead of `new Date`
+
+0.4.0 / 2017-02-05
+==================
+
+ * Fix false detection of `no-cache` request directive
+ * perf: enable strict mode
+ * perf: hoist regular expressions
+ * perf: remove duplicate conditional
+ * perf: remove unnecessary boolean coercions
+
+0.3.0 / 2015-05-12
+==================
+
+ * Add weak `ETag` matching support
+
+0.2.4 / 2014-09-07
+==================
+
+ * Support Node.js 0.6
+
+0.2.3 / 2014-09-07
+==================
+
+ * Move repository to jshttp
+
+0.2.2 / 2014-02-19
+==================
+
+ * Revert "Fix for blank page on Safari reload"
+
+0.2.1 / 2014-01-29
+==================
+
+ * Fix for blank page on Safari reload
+
+0.2.0 / 2013-08-11
+==================
+
+ * Return stale for `Cache-Control: no-cache`
+
+0.1.0 / 2012-06-15
+==================
+
+ * Add `If-None-Match: *` support
+
+0.0.1 / 2012-06-10
+==================
+
+ * Initial release
diff --git a/node_modules/fresh/LICENSE b/node_modules/fresh/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..1434ade75d1fc4faf25a6ac5daed813e12eaed28
--- /dev/null
+++ b/node_modules/fresh/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2016-2017 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/fresh/README.md b/node_modules/fresh/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..1c1c680d151e5a64ab39cb88afc4600f554f00d5
--- /dev/null
+++ b/node_modules/fresh/README.md
@@ -0,0 +1,119 @@
+# fresh
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+HTTP response freshness testing
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```
+$ npm install fresh
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var fresh = require('fresh')
+```
+
+### fresh(reqHeaders, resHeaders)
+
+Check freshness of the response using request and response headers.
+
+When the response is still "fresh" in the client's cache `true` is
+returned, otherwise `false` is returned to indicate that the client
+cache is now stale and the full response should be sent.
+
+When a client sends the `Cache-Control: no-cache` request header to
+indicate an end-to-end reload request, this module will return `false`
+to make handling these requests transparent.
+
+## Known Issues
+
+This module is designed to only follow the HTTP specifications, not
+to work-around all kinda of client bugs (especially since this module
+typically does not recieve enough information to understand what the
+client actually is).
+
+There is a known issue that in certain versions of Safari, Safari
+will incorrectly make a request that allows this module to validate
+freshness of the resource even when Safari does not have a
+representation of the resource in the cache. The module
+[jumanji](https://www.npmjs.com/package/jumanji) can be used in
+an Express application to work-around this issue and also provides
+links to further reading on this Safari bug.
+
+## Example
+
+### API usage
+
+<!-- eslint-disable no-redeclare, no-undef -->
+
+```js
+var reqHeaders = { 'if-none-match': '"foo"' }
+var resHeaders = { 'etag': '"bar"' }
+fresh(reqHeaders, resHeaders)
+// => false
+
+var reqHeaders = { 'if-none-match': '"foo"' }
+var resHeaders = { 'etag': '"foo"' }
+fresh(reqHeaders, resHeaders)
+// => true
+```
+
+### Using with Node.js http server
+
+```js
+var fresh = require('fresh')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+ // perform server logic
+ // ... including adding ETag / Last-Modified response headers
+
+ if (isFresh(req, res)) {
+ // client has a fresh copy of resource
+ res.statusCode = 304
+ res.end()
+ return
+ }
+
+ // send the resource
+ res.statusCode = 200
+ res.end('hello, world!')
+})
+
+function isFresh (req, res) {
+ return fresh(req.headers, {
+ 'etag': res.getHeader('ETag'),
+ 'last-modified': res.getHeader('Last-Modified')
+ })
+}
+
+server.listen(3000)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/fresh.svg
+[npm-url]: https://npmjs.org/package/fresh
+[node-version-image]: https://img.shields.io/node/v/fresh.svg
+[node-version-url]: https://nodejs.org/en/
+[travis-image]: https://img.shields.io/travis/jshttp/fresh/master.svg
+[travis-url]: https://travis-ci.org/jshttp/fresh
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/fresh/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/fresh?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/fresh.svg
+[downloads-url]: https://npmjs.org/package/fresh
diff --git a/node_modules/fresh/index.js b/node_modules/fresh/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..d154f5a7d23975af101646b65e74abf8490f50a5
--- /dev/null
+++ b/node_modules/fresh/index.js
@@ -0,0 +1,137 @@
+/*!
+ * fresh
+ * Copyright(c) 2012 TJ Holowaychuk
+ * Copyright(c) 2016-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * RegExp to check for no-cache token in Cache-Control.
+ * @private
+ */
+
+var CACHE_CONTROL_NO_CACHE_REGEXP = /(?:^|,)\s*?no-cache\s*?(?:,|$)/
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = fresh
+
+/**
+ * Check freshness of the response using request and response headers.
+ *
+ * @param {Object} reqHeaders
+ * @param {Object} resHeaders
+ * @return {Boolean}
+ * @public
+ */
+
+function fresh (reqHeaders, resHeaders) {
+ // fields
+ var modifiedSince = reqHeaders['if-modified-since']
+ var noneMatch = reqHeaders['if-none-match']
+
+ // unconditional request
+ if (!modifiedSince && !noneMatch) {
+ return false
+ }
+
+ // Always return stale when Cache-Control: no-cache
+ // to support end-to-end reload requests
+ // https://tools.ietf.org/html/rfc2616#section-14.9.4
+ var cacheControl = reqHeaders['cache-control']
+ if (cacheControl && CACHE_CONTROL_NO_CACHE_REGEXP.test(cacheControl)) {
+ return false
+ }
+
+ // if-none-match
+ if (noneMatch && noneMatch !== '*') {
+ var etag = resHeaders['etag']
+
+ if (!etag) {
+ return false
+ }
+
+ var etagStale = true
+ var matches = parseTokenList(noneMatch)
+ for (var i = 0; i < matches.length; i++) {
+ var match = matches[i]
+ if (match === etag || match === 'W/' + etag || 'W/' + match === etag) {
+ etagStale = false
+ break
+ }
+ }
+
+ if (etagStale) {
+ return false
+ }
+ }
+
+ // if-modified-since
+ if (modifiedSince) {
+ var lastModified = resHeaders['last-modified']
+ var modifiedStale = !lastModified || !(parseHttpDate(lastModified) <= parseHttpDate(modifiedSince))
+
+ if (modifiedStale) {
+ return false
+ }
+ }
+
+ return true
+}
+
+/**
+ * Parse an HTTP Date into a number.
+ *
+ * @param {string} date
+ * @private
+ */
+
+function parseHttpDate (date) {
+ var timestamp = date && Date.parse(date)
+
+ // istanbul ignore next: guard against date.js Date.parse patching
+ return typeof timestamp === 'number'
+ ? timestamp
+ : NaN
+}
+
+/**
+ * Parse a HTTP token list.
+ *
+ * @param {string} str
+ * @private
+ */
+
+function parseTokenList (str) {
+ var end = 0
+ var list = []
+ var start = 0
+
+ // gather tokens
+ for (var i = 0, len = str.length; i < len; i++) {
+ switch (str.charCodeAt(i)) {
+ case 0x20: /* */
+ if (start === end) {
+ start = end = i + 1
+ }
+ break
+ case 0x2c: /* , */
+ list.push(str.substring(start, end))
+ start = end = i + 1
+ break
+ default:
+ end = i + 1
+ break
+ }
+ }
+
+ // final token
+ list.push(str.substring(start, end))
+
+ return list
+}
diff --git a/node_modules/fresh/package.json b/node_modules/fresh/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..c2fa0f4870b44895b8d59f1de9d14da0319f5793
--- /dev/null
+++ b/node_modules/fresh/package.json
@@ -0,0 +1,46 @@
+{
+ "name": "fresh",
+ "description": "HTTP response freshness testing",
+ "version": "0.5.2",
+ "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "fresh",
+ "http",
+ "conditional",
+ "cache"
+ ],
+ "repository": "jshttp/fresh",
+ "devDependencies": {
+ "beautify-benchmark": "0.2.4",
+ "benchmark": "2.1.4",
+ "eslint": "3.19.0",
+ "eslint-config-standard": "10.2.1",
+ "eslint-plugin-import": "2.7.0",
+ "eslint-plugin-markdown": "1.0.0-beta.6",
+ "eslint-plugin-node": "5.1.1",
+ "eslint-plugin-promise": "3.5.0",
+ "eslint-plugin-standard": "3.0.1",
+ "istanbul": "0.4.5",
+ "mocha": "1.21.5"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint --plugin markdown --ext js,md .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ }
+}
diff --git a/node_modules/ipaddr.js/LICENSE b/node_modules/ipaddr.js/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..f6b37b52dec6faa7f48b9d1be5da2ad9b883be2f
--- /dev/null
+++ b/node_modules/ipaddr.js/LICENSE
@@ -0,0 +1,19 @@
+Copyright (C) 2011-2017 whitequark <whitequark@whitequark.org>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/node_modules/ipaddr.js/README.md b/node_modules/ipaddr.js/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f57725b0fed3b74b2ed13d99c0fe8ee65ab29f3c
--- /dev/null
+++ b/node_modules/ipaddr.js/README.md
@@ -0,0 +1,233 @@
+# ipaddr.js — an IPv6 and IPv4 address manipulation library [](https://travis-ci.org/whitequark/ipaddr.js)
+
+ipaddr.js is a small (1.9K minified and gzipped) library for manipulating
+IP addresses in JavaScript environments. It runs on both CommonJS runtimes
+(e.g. [nodejs]) and in a web browser.
+
+ipaddr.js allows you to verify and parse string representation of an IP
+address, match it against a CIDR range or range list, determine if it falls
+into some reserved ranges (examples include loopback and private ranges),
+and convert between IPv4 and IPv4-mapped IPv6 addresses.
+
+[nodejs]: http://nodejs.org
+
+## Installation
+
+`npm install ipaddr.js`
+
+or
+
+`bower install ipaddr.js`
+
+## API
+
+ipaddr.js defines one object in the global scope: `ipaddr`. In CommonJS,
+it is exported from the module:
+
+```js
+var ipaddr = require('ipaddr.js');
+```
+
+The API consists of several global methods and two classes: ipaddr.IPv6 and ipaddr.IPv4.
+
+### Global methods
+
+There are three global methods defined: `ipaddr.isValid`, `ipaddr.parse` and
+`ipaddr.process`. All of them receive a string as a single parameter.
+
+The `ipaddr.isValid` method returns `true` if the address is a valid IPv4 or
+IPv6 address, and `false` otherwise. It does not throw any exceptions.
+
+The `ipaddr.parse` method returns an object representing the IP address,
+or throws an `Error` if the passed string is not a valid representation of an
+IP address.
+
+The `ipaddr.process` method works just like the `ipaddr.parse` one, but it
+automatically converts IPv4-mapped IPv6 addresses to their IPv4 counterparts
+before returning. It is useful when you have a Node.js instance listening
+on an IPv6 socket, and the `net.ivp6.bindv6only` sysctl parameter (or its
+equivalent on non-Linux OS) is set to 0. In this case, you can accept IPv4
+connections on your IPv6-only socket, but the remote address will be mangled.
+Use `ipaddr.process` method to automatically demangle it.
+
+### Object representation
+
+Parsing methods return an object which descends from `ipaddr.IPv6` or
+`ipaddr.IPv4`. These objects share some properties, but most of them differ.
+
+#### Shared properties
+
+One can determine the type of address by calling `addr.kind()`. It will return
+either `"ipv6"` or `"ipv4"`.
+
+An address can be converted back to its string representation with `addr.toString()`.
+Note that this method:
+ * does not return the original string used to create the object (in fact, there is
+ no way of getting that string)
+ * returns a compact representation (when it is applicable)
+
+A `match(range, bits)` method can be used to check if the address falls into a
+certain CIDR range.
+Note that an address can be (obviously) matched only against an address of the same type.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:db8:1234::1");
+var range = ipaddr.parse("2001:db8::");
+
+addr.match(range, 32); // => true
+```
+
+Alternatively, `match` can also be called as `match([range, bits])`. In this way,
+it can be used together with the `parseCIDR(string)` method, which parses an IP
+address together with a CIDR range.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:db8:1234::1");
+
+addr.match(ipaddr.parseCIDR("2001:db8::/32")); // => true
+```
+
+A `range()` method returns one of predefined names for several special ranges defined
+by IP protocols. The exact names (and their respective CIDR ranges) can be looked up
+in the source: [IPv6 ranges] and [IPv4 ranges]. Some common ones include `"unicast"`
+(the default one) and `"reserved"`.
+
+You can match against your own range list by using
+`ipaddr.subnetMatch(address, rangeList, defaultName)` method. It can work with a mix of IPv6 or IPv4 addresses, and accepts a name-to-subnet map as the range list. For example:
+
+```js
+var rangeList = {
+ documentationOnly: [ ipaddr.parse('2001:db8::'), 32 ],
+ tunnelProviders: [
+ [ ipaddr.parse('2001:470::'), 32 ], // he.net
+ [ ipaddr.parse('2001:5c0::'), 32 ] // freenet6
+ ]
+};
+ipaddr.subnetMatch(ipaddr.parse('2001:470:8:66::1'), rangeList, 'unknown'); // => "tunnelProviders"
+```
+
+The addresses can be converted to their byte representation with `toByteArray()`.
+(Actually, JavaScript mostly does not know about byte buffers. They are emulated with
+arrays of numbers, each in range of 0..255.)
+
+```js
+var bytes = ipaddr.parse('2a00:1450:8007::68').toByteArray(); // ipv6.google.com
+bytes // => [42, 0x00, 0x14, 0x50, 0x80, 0x07, 0x00, <zeroes...>, 0x00, 0x68 ]
+```
+
+The `ipaddr.IPv4` and `ipaddr.IPv6` objects have some methods defined, too. All of them
+have the same interface for both protocols, and are similar to global methods.
+
+`ipaddr.IPvX.isValid(string)` can be used to check if the string is a valid address
+for particular protocol, and `ipaddr.IPvX.parse(string)` is the error-throwing parser.
+
+`ipaddr.IPvX.isValid(string)` uses the same format for parsing as the POSIX `inet_ntoa` function, which accepts unusual formats like `0xc0.168.1.1` or `0x10000000`. The function `ipaddr.IPv4.isValidFourPartDecimal(string)` validates the IPv4 address and also ensures that it is written in four-part decimal format.
+
+[IPv6 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L186
+[IPv4 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L71
+
+#### IPv6 properties
+
+Sometimes you will want to convert IPv6 not to a compact string representation (with
+the `::` substitution); the `toNormalizedString()` method will return an address where
+all zeroes are explicit.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:0db8::0001");
+addr.toString(); // => "2001:db8::1"
+addr.toNormalizedString(); // => "2001:db8:0:0:0:0:0:1"
+```
+
+The `isIPv4MappedAddress()` method will return `true` if this address is an IPv4-mapped
+one, and `toIPv4Address()` will return an IPv4 object address.
+
+To access the underlying binary representation of the address, use `addr.parts`.
+
+```js
+var addr = ipaddr.parse("2001:db8:10::1234:DEAD");
+addr.parts // => [0x2001, 0xdb8, 0x10, 0, 0, 0, 0x1234, 0xdead]
+```
+
+A IPv6 zone index can be accessed via `addr.zoneId`:
+
+```js
+var addr = ipaddr.parse("2001:db8::%eth0");
+addr.zoneId // => 'eth0'
+```
+
+#### IPv4 properties
+
+`toIPv4MappedAddress()` will return a corresponding IPv4-mapped IPv6 address.
+
+To access the underlying representation of the address, use `addr.octets`.
+
+```js
+var addr = ipaddr.parse("192.168.1.1");
+addr.octets // => [192, 168, 1, 1]
+```
+
+`prefixLengthFromSubnetMask()` will return a CIDR prefix length for a valid IPv4 netmask or
+null if the netmask is not valid.
+
+```js
+ipaddr.IPv4.parse('255.255.255.240').prefixLengthFromSubnetMask() == 28
+ipaddr.IPv4.parse('255.192.164.0').prefixLengthFromSubnetMask() == null
+```
+
+`subnetMaskFromPrefixLength()` will return an IPv4 netmask for a valid CIDR prefix length.
+
+```js
+ipaddr.IPv4.subnetMaskFromPrefixLength(24) == "255.255.255.0"
+ipaddr.IPv4.subnetMaskFromPrefixLength(29) == "255.255.255.248"
+```
+
+`broadcastAddressFromCIDR()` will return the broadcast address for a given IPv4 interface and netmask in CIDR notation.
+```js
+ipaddr.IPv4.broadcastAddressFromCIDR("172.0.0.1/24") == "172.0.0.255"
+```
+`networkAddressFromCIDR()` will return the network address for a given IPv4 interface and netmask in CIDR notation.
+```js
+ipaddr.IPv4.networkAddressFromCIDR("172.0.0.1/24") == "172.0.0.0"
+```
+
+#### Conversion
+
+IPv4 and IPv6 can be converted bidirectionally to and from network byte order (MSB) byte arrays.
+
+The `fromByteArray()` method will take an array and create an appropriate IPv4 or IPv6 object
+if the input satisfies the requirements. For IPv4 it has to be an array of four 8-bit values,
+while for IPv6 it has to be an array of sixteen 8-bit values.
+
+For example:
+```js
+var addr = ipaddr.fromByteArray([0x7f, 0, 0, 1]);
+addr.toString(); // => "127.0.0.1"
+```
+
+or
+
+```js
+var addr = ipaddr.fromByteArray([0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1])
+addr.toString(); // => "2001:db8::1"
+```
+
+Both objects also offer a `toByteArray()` method, which returns an array in network byte order (MSB).
+
+For example:
+```js
+var addr = ipaddr.parse("127.0.0.1");
+addr.toByteArray(); // => [0x7f, 0, 0, 1]
+```
+
+or
+
+```js
+var addr = ipaddr.parse("2001:db8::1");
+addr.toByteArray(); // => [0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
+```
diff --git a/node_modules/ipaddr.js/ipaddr.min.js b/node_modules/ipaddr.js/ipaddr.min.js
new file mode 100644
index 0000000000000000000000000000000000000000..b54a7cc42ac48524d2de2fa43979367e09fbe385
--- /dev/null
+++ b/node_modules/ipaddr.js/ipaddr.min.js
@@ -0,0 +1 @@
+(function(){var r,t,n,e,i,o,a,s;t={},s=this,"undefined"!=typeof module&&null!==module&&module.exports?module.exports=t:s.ipaddr=t,a=function(r,t,n,e){var i,o;if(r.length!==t.length)throw new Error("ipaddr: cannot match CIDR for objects with different lengths");for(i=0;e>0;){if((o=n-e)<0&&(o=0),r[i]>>o!=t[i]>>o)return!1;e-=n,i+=1}return!0},t.subnetMatch=function(r,t,n){var e,i,o,a,s;null==n&&(n="unicast");for(o in t)for(!(a=t[o])[0]||a[0]instanceof Array||(a=[a]),e=0,i=a.length;e<i;e++)if(s=a[e],r.kind()===s[0].kind()&&r.match.apply(r,s))return o;return n},t.IPv4=function(){function r(r){var t,n,e;if(4!==r.length)throw new Error("ipaddr: ipv4 octet count should be 4");for(t=0,n=r.length;t<n;t++)if(!(0<=(e=r[t])&&e<=255))throw new Error("ipaddr: ipv4 octet should fit in 8 bits");this.octets=r}return r.prototype.kind=function(){return"ipv4"},r.prototype.toString=function(){return this.octets.join(".")},r.prototype.toNormalizedString=function(){return this.toString()},r.prototype.toByteArray=function(){return this.octets.slice(0)},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv4"!==r.kind())throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");return a(this.octets,r.octets,8,t)},r.prototype.SpecialRanges={unspecified:[[new r([0,0,0,0]),8]],broadcast:[[new r([255,255,255,255]),32]],multicast:[[new r([224,0,0,0]),4]],linkLocal:[[new r([169,254,0,0]),16]],loopback:[[new r([127,0,0,0]),8]],carrierGradeNat:[[new r([100,64,0,0]),10]],private:[[new r([10,0,0,0]),8],[new r([172,16,0,0]),12],[new r([192,168,0,0]),16]],reserved:[[new r([192,0,0,0]),24],[new r([192,0,2,0]),24],[new r([192,88,99,0]),24],[new r([198,51,100,0]),24],[new r([203,0,113,0]),24],[new r([240,0,0,0]),4]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.toIPv4MappedAddress=function(){return t.IPv6.parse("::ffff:"+this.toString())},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:8,128:7,192:6,224:5,240:4,248:3,252:2,254:1,255:0},r=0,i=!1,t=n=3;n>=0;t=n+=-1){if(!((e=this.octets[t])in a))return null;if(o=a[e],i&&0!==o)return null;8!==o&&(i=!0),r+=o}return 32-r},r}(),n="(0?\\d+|0x[a-f0-9]+)",e={fourOctet:new RegExp("^"+n+"\\."+n+"\\."+n+"\\."+n+"$","i"),longValue:new RegExp("^"+n+"$","i")},t.IPv4.parser=function(r){var t,n,i,o,a;if(n=function(r){return"0"===r[0]&&"x"!==r[1]?parseInt(r,8):parseInt(r)},t=r.match(e.fourOctet))return function(){var r,e,o,a;for(a=[],r=0,e=(o=t.slice(1,6)).length;r<e;r++)i=o[r],a.push(n(i));return a}();if(t=r.match(e.longValue)){if((a=n(t[1]))>4294967295||a<0)throw new Error("ipaddr: address outside defined range");return function(){var r,t;for(t=[],o=r=0;r<=24;o=r+=8)t.push(a>>o&255);return t}().reverse()}return null},t.IPv6=function(){function r(r,t){var n,e,i,o,a,s;if(16===r.length)for(this.parts=[],n=e=0;e<=14;n=e+=2)this.parts.push(r[n]<<8|r[n+1]);else{if(8!==r.length)throw new Error("ipaddr: ipv6 part count should be 8 or 16");this.parts=r}for(i=0,o=(s=this.parts).length;i<o;i++)if(!(0<=(a=s[i])&&a<=65535))throw new Error("ipaddr: ipv6 part should fit in 16 bits");t&&(this.zoneId=t)}return r.prototype.kind=function(){return"ipv6"},r.prototype.toString=function(){return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/,"::")},r.prototype.toRFC5952String=function(){var r,t,n,e,i;for(e=/((^|:)(0(:|$)){2,})/g,i=this.toNormalizedString(),r=0,t=-1;n=e.exec(i);)n[0].length>t&&(r=n.index,t=n[0].length);return t<0?i:i.substring(0,r)+"::"+i.substring(r+t)},r.prototype.toByteArray=function(){var r,t,n,e,i;for(r=[],t=0,n=(i=this.parts).length;t<n;t++)e=i[t],r.push(e>>8),r.push(255&e);return r},r.prototype.toNormalizedString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.toFixedLengthString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16).padStart(4,"0"));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv6"!==r.kind())throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");return a(this.parts,r.parts,16,t)},r.prototype.SpecialRanges={unspecified:[new r([0,0,0,0,0,0,0,0]),128],linkLocal:[new r([65152,0,0,0,0,0,0,0]),10],multicast:[new r([65280,0,0,0,0,0,0,0]),8],loopback:[new r([0,0,0,0,0,0,0,1]),128],uniqueLocal:[new r([64512,0,0,0,0,0,0,0]),7],ipv4Mapped:[new r([0,0,0,0,0,65535,0,0]),96],rfc6145:[new r([0,0,0,0,65535,0,0,0]),96],rfc6052:[new r([100,65435,0,0,0,0,0,0]),96],"6to4":[new r([8194,0,0,0,0,0,0,0]),16],teredo:[new r([8193,0,0,0,0,0,0,0]),32],reserved:[[new r([8193,3512,0,0,0,0,0,0]),32]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.isIPv4MappedAddress=function(){return"ipv4Mapped"===this.range()},r.prototype.toIPv4Address=function(){var r,n,e;if(!this.isIPv4MappedAddress())throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");return e=this.parts.slice(-2),r=e[0],n=e[1],new t.IPv4([r>>8,255&r,n>>8,255&n])},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:16,32768:15,49152:14,57344:13,61440:12,63488:11,64512:10,65024:9,65280:8,65408:7,65472:6,65504:5,65520:4,65528:3,65532:2,65534:1,65535:0},r=0,i=!1,t=n=7;n>=0;t=n+=-1){if(!((e=this.parts[t])in a))return null;if(o=a[e],i&&0!==o)return null;16!==o&&(i=!0),r+=o}return 128-r},r}(),i="(?:[0-9a-f]+::?)+",o={zoneIndex:new RegExp("%[0-9a-z]{1,}","i"),native:new RegExp("^(::)?("+i+")?([0-9a-f]+)?(::)?(%[0-9a-z]{1,})?$","i"),transitional:new RegExp("^((?:"+i+")|(?:::)(?:"+i+")?)"+n+"\\."+n+"\\."+n+"\\."+n+"(%[0-9a-z]{1,})?$","i")},r=function(r,t){var n,e,i,a,s,p;if(r.indexOf("::")!==r.lastIndexOf("::"))return null;for((p=(r.match(o.zoneIndex)||[])[0])&&(p=p.substring(1),r=r.replace(/%.+$/,"")),n=0,e=-1;(e=r.indexOf(":",e+1))>=0;)n++;if("::"===r.substr(0,2)&&n--,"::"===r.substr(-2,2)&&n--,n>t)return null;for(s=t-n,a=":";s--;)a+="0:";return":"===(r=r.replace("::",a))[0]&&(r=r.slice(1)),":"===r[r.length-1]&&(r=r.slice(0,-1)),t=function(){var t,n,e,o;for(o=[],t=0,n=(e=r.split(":")).length;t<n;t++)i=e[t],o.push(parseInt(i,16));return o}(),{parts:t,zoneId:p}},t.IPv6.parser=function(t){var n,e,i,a,s,p,u;if(o.native.test(t))return r(t,8);if((a=t.match(o.transitional))&&(u=a[6]||"",(n=r(a[1].slice(0,-1)+u,6)).parts)){for(e=0,i=(p=[parseInt(a[2]),parseInt(a[3]),parseInt(a[4]),parseInt(a[5])]).length;e<i;e++)if(!(0<=(s=p[e])&&s<=255))return null;return n.parts.push(p[0]<<8|p[1]),n.parts.push(p[2]<<8|p[3]),{parts:n.parts,zoneId:n.zoneId}}return null},t.IPv4.isIPv4=t.IPv6.isIPv6=function(r){return null!==this.parser(r)},t.IPv4.isValid=function(r){try{return new this(this.parser(r)),!0}catch(r){return r,!1}},t.IPv4.isValidFourPartDecimal=function(r){return!(!t.IPv4.isValid(r)||!r.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/))},t.IPv6.isValid=function(r){var t;if("string"==typeof r&&-1===r.indexOf(":"))return!1;try{return t=this.parser(r),new this(t.parts,t.zoneId),!0}catch(r){return r,!1}},t.IPv4.parse=function(r){var t;if(null===(t=this.parser(r)))throw new Error("ipaddr: string is not formatted like ip address");return new this(t)},t.IPv6.parse=function(r){var t;if(null===(t=this.parser(r)).parts)throw new Error("ipaddr: string is not formatted like ip address");return new this(t.parts,t.zoneId)},t.IPv4.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=32)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range")},t.IPv4.subnetMaskFromPrefixLength=function(r){var t,n,e;if((r=parseInt(r))<0||r>32)throw new Error("ipaddr: invalid IPv4 prefix length");for(e=[0,0,0,0],n=0,t=Math.floor(r/8);n<t;)e[n]=255,n++;return t<4&&(e[t]=Math.pow(2,r%8)-1<<8-r%8),new this(e)},t.IPv4.broadcastAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)|255^parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv4.networkAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)&parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv6.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=128)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range")},t.isValid=function(r){return t.IPv6.isValid(r)||t.IPv4.isValid(r)},t.parse=function(r){if(t.IPv6.isValid(r))return t.IPv6.parse(r);if(t.IPv4.isValid(r))return t.IPv4.parse(r);throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format")},t.parseCIDR=function(r){try{return t.IPv6.parseCIDR(r)}catch(n){n;try{return t.IPv4.parseCIDR(r)}catch(r){throw r,new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format")}}},t.fromByteArray=function(r){var n;if(4===(n=r.length))return new t.IPv4(r);if(16===n)return new t.IPv6(r);throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address")},t.process=function(r){var t;return t=this.parse(r),"ipv6"===t.kind()&&t.isIPv4MappedAddress()?t.toIPv4Address():t}}).call(this);
\ No newline at end of file
diff --git a/node_modules/ipaddr.js/lib/ipaddr.js b/node_modules/ipaddr.js/lib/ipaddr.js
new file mode 100644
index 0000000000000000000000000000000000000000..18bd93b5e6dfd2af35147a656b913b952cfc7043
--- /dev/null
+++ b/node_modules/ipaddr.js/lib/ipaddr.js
@@ -0,0 +1,673 @@
+(function() {
+ var expandIPv6, ipaddr, ipv4Part, ipv4Regexes, ipv6Part, ipv6Regexes, matchCIDR, root, zoneIndex;
+
+ ipaddr = {};
+
+ root = this;
+
+ if ((typeof module !== "undefined" && module !== null) && module.exports) {
+ module.exports = ipaddr;
+ } else {
+ root['ipaddr'] = ipaddr;
+ }
+
+ matchCIDR = function(first, second, partSize, cidrBits) {
+ var part, shift;
+ if (first.length !== second.length) {
+ throw new Error("ipaddr: cannot match CIDR for objects with different lengths");
+ }
+ part = 0;
+ while (cidrBits > 0) {
+ shift = partSize - cidrBits;
+ if (shift < 0) {
+ shift = 0;
+ }
+ if (first[part] >> shift !== second[part] >> shift) {
+ return false;
+ }
+ cidrBits -= partSize;
+ part += 1;
+ }
+ return true;
+ };
+
+ ipaddr.subnetMatch = function(address, rangeList, defaultName) {
+ var k, len, rangeName, rangeSubnets, subnet;
+ if (defaultName == null) {
+ defaultName = 'unicast';
+ }
+ for (rangeName in rangeList) {
+ rangeSubnets = rangeList[rangeName];
+ if (rangeSubnets[0] && !(rangeSubnets[0] instanceof Array)) {
+ rangeSubnets = [rangeSubnets];
+ }
+ for (k = 0, len = rangeSubnets.length; k < len; k++) {
+ subnet = rangeSubnets[k];
+ if (address.kind() === subnet[0].kind()) {
+ if (address.match.apply(address, subnet)) {
+ return rangeName;
+ }
+ }
+ }
+ }
+ return defaultName;
+ };
+
+ ipaddr.IPv4 = (function() {
+ function IPv4(octets) {
+ var k, len, octet;
+ if (octets.length !== 4) {
+ throw new Error("ipaddr: ipv4 octet count should be 4");
+ }
+ for (k = 0, len = octets.length; k < len; k++) {
+ octet = octets[k];
+ if (!((0 <= octet && octet <= 255))) {
+ throw new Error("ipaddr: ipv4 octet should fit in 8 bits");
+ }
+ }
+ this.octets = octets;
+ }
+
+ IPv4.prototype.kind = function() {
+ return 'ipv4';
+ };
+
+ IPv4.prototype.toString = function() {
+ return this.octets.join(".");
+ };
+
+ IPv4.prototype.toNormalizedString = function() {
+ return this.toString();
+ };
+
+ IPv4.prototype.toByteArray = function() {
+ return this.octets.slice(0);
+ };
+
+ IPv4.prototype.match = function(other, cidrRange) {
+ var ref;
+ if (cidrRange === void 0) {
+ ref = other, other = ref[0], cidrRange = ref[1];
+ }
+ if (other.kind() !== 'ipv4') {
+ throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");
+ }
+ return matchCIDR(this.octets, other.octets, 8, cidrRange);
+ };
+
+ IPv4.prototype.SpecialRanges = {
+ unspecified: [[new IPv4([0, 0, 0, 0]), 8]],
+ broadcast: [[new IPv4([255, 255, 255, 255]), 32]],
+ multicast: [[new IPv4([224, 0, 0, 0]), 4]],
+ linkLocal: [[new IPv4([169, 254, 0, 0]), 16]],
+ loopback: [[new IPv4([127, 0, 0, 0]), 8]],
+ carrierGradeNat: [[new IPv4([100, 64, 0, 0]), 10]],
+ "private": [[new IPv4([10, 0, 0, 0]), 8], [new IPv4([172, 16, 0, 0]), 12], [new IPv4([192, 168, 0, 0]), 16]],
+ reserved: [[new IPv4([192, 0, 0, 0]), 24], [new IPv4([192, 0, 2, 0]), 24], [new IPv4([192, 88, 99, 0]), 24], [new IPv4([198, 51, 100, 0]), 24], [new IPv4([203, 0, 113, 0]), 24], [new IPv4([240, 0, 0, 0]), 4]]
+ };
+
+ IPv4.prototype.range = function() {
+ return ipaddr.subnetMatch(this, this.SpecialRanges);
+ };
+
+ IPv4.prototype.toIPv4MappedAddress = function() {
+ return ipaddr.IPv6.parse("::ffff:" + (this.toString()));
+ };
+
+ IPv4.prototype.prefixLengthFromSubnetMask = function() {
+ var cidr, i, k, octet, stop, zeros, zerotable;
+ zerotable = {
+ 0: 8,
+ 128: 7,
+ 192: 6,
+ 224: 5,
+ 240: 4,
+ 248: 3,
+ 252: 2,
+ 254: 1,
+ 255: 0
+ };
+ cidr = 0;
+ stop = false;
+ for (i = k = 3; k >= 0; i = k += -1) {
+ octet = this.octets[i];
+ if (octet in zerotable) {
+ zeros = zerotable[octet];
+ if (stop && zeros !== 0) {
+ return null;
+ }
+ if (zeros !== 8) {
+ stop = true;
+ }
+ cidr += zeros;
+ } else {
+ return null;
+ }
+ }
+ return 32 - cidr;
+ };
+
+ return IPv4;
+
+ })();
+
+ ipv4Part = "(0?\\d+|0x[a-f0-9]+)";
+
+ ipv4Regexes = {
+ fourOctet: new RegExp("^" + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "$", 'i'),
+ longValue: new RegExp("^" + ipv4Part + "$", 'i')
+ };
+
+ ipaddr.IPv4.parser = function(string) {
+ var match, parseIntAuto, part, shift, value;
+ parseIntAuto = function(string) {
+ if (string[0] === "0" && string[1] !== "x") {
+ return parseInt(string, 8);
+ } else {
+ return parseInt(string);
+ }
+ };
+ if (match = string.match(ipv4Regexes.fourOctet)) {
+ return (function() {
+ var k, len, ref, results;
+ ref = match.slice(1, 6);
+ results = [];
+ for (k = 0, len = ref.length; k < len; k++) {
+ part = ref[k];
+ results.push(parseIntAuto(part));
+ }
+ return results;
+ })();
+ } else if (match = string.match(ipv4Regexes.longValue)) {
+ value = parseIntAuto(match[1]);
+ if (value > 0xffffffff || value < 0) {
+ throw new Error("ipaddr: address outside defined range");
+ }
+ return ((function() {
+ var k, results;
+ results = [];
+ for (shift = k = 0; k <= 24; shift = k += 8) {
+ results.push((value >> shift) & 0xff);
+ }
+ return results;
+ })()).reverse();
+ } else {
+ return null;
+ }
+ };
+
+ ipaddr.IPv6 = (function() {
+ function IPv6(parts, zoneId) {
+ var i, k, l, len, part, ref;
+ if (parts.length === 16) {
+ this.parts = [];
+ for (i = k = 0; k <= 14; i = k += 2) {
+ this.parts.push((parts[i] << 8) | parts[i + 1]);
+ }
+ } else if (parts.length === 8) {
+ this.parts = parts;
+ } else {
+ throw new Error("ipaddr: ipv6 part count should be 8 or 16");
+ }
+ ref = this.parts;
+ for (l = 0, len = ref.length; l < len; l++) {
+ part = ref[l];
+ if (!((0 <= part && part <= 0xffff))) {
+ throw new Error("ipaddr: ipv6 part should fit in 16 bits");
+ }
+ }
+ if (zoneId) {
+ this.zoneId = zoneId;
+ }
+ }
+
+ IPv6.prototype.kind = function() {
+ return 'ipv6';
+ };
+
+ IPv6.prototype.toString = function() {
+ return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/, '::');
+ };
+
+ IPv6.prototype.toRFC5952String = function() {
+ var bestMatchIndex, bestMatchLength, match, regex, string;
+ regex = /((^|:)(0(:|$)){2,})/g;
+ string = this.toNormalizedString();
+ bestMatchIndex = 0;
+ bestMatchLength = -1;
+ while ((match = regex.exec(string))) {
+ if (match[0].length > bestMatchLength) {
+ bestMatchIndex = match.index;
+ bestMatchLength = match[0].length;
+ }
+ }
+ if (bestMatchLength < 0) {
+ return string;
+ }
+ return string.substring(0, bestMatchIndex) + '::' + string.substring(bestMatchIndex + bestMatchLength);
+ };
+
+ IPv6.prototype.toByteArray = function() {
+ var bytes, k, len, part, ref;
+ bytes = [];
+ ref = this.parts;
+ for (k = 0, len = ref.length; k < len; k++) {
+ part = ref[k];
+ bytes.push(part >> 8);
+ bytes.push(part & 0xff);
+ }
+ return bytes;
+ };
+
+ IPv6.prototype.toNormalizedString = function() {
+ var addr, part, suffix;
+ addr = ((function() {
+ var k, len, ref, results;
+ ref = this.parts;
+ results = [];
+ for (k = 0, len = ref.length; k < len; k++) {
+ part = ref[k];
+ results.push(part.toString(16));
+ }
+ return results;
+ }).call(this)).join(":");
+ suffix = '';
+ if (this.zoneId) {
+ suffix = '%' + this.zoneId;
+ }
+ return addr + suffix;
+ };
+
+ IPv6.prototype.toFixedLengthString = function() {
+ var addr, part, suffix;
+ addr = ((function() {
+ var k, len, ref, results;
+ ref = this.parts;
+ results = [];
+ for (k = 0, len = ref.length; k < len; k++) {
+ part = ref[k];
+ results.push(part.toString(16).padStart(4, '0'));
+ }
+ return results;
+ }).call(this)).join(":");
+ suffix = '';
+ if (this.zoneId) {
+ suffix = '%' + this.zoneId;
+ }
+ return addr + suffix;
+ };
+
+ IPv6.prototype.match = function(other, cidrRange) {
+ var ref;
+ if (cidrRange === void 0) {
+ ref = other, other = ref[0], cidrRange = ref[1];
+ }
+ if (other.kind() !== 'ipv6') {
+ throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");
+ }
+ return matchCIDR(this.parts, other.parts, 16, cidrRange);
+ };
+
+ IPv6.prototype.SpecialRanges = {
+ unspecified: [new IPv6([0, 0, 0, 0, 0, 0, 0, 0]), 128],
+ linkLocal: [new IPv6([0xfe80, 0, 0, 0, 0, 0, 0, 0]), 10],
+ multicast: [new IPv6([0xff00, 0, 0, 0, 0, 0, 0, 0]), 8],
+ loopback: [new IPv6([0, 0, 0, 0, 0, 0, 0, 1]), 128],
+ uniqueLocal: [new IPv6([0xfc00, 0, 0, 0, 0, 0, 0, 0]), 7],
+ ipv4Mapped: [new IPv6([0, 0, 0, 0, 0, 0xffff, 0, 0]), 96],
+ rfc6145: [new IPv6([0, 0, 0, 0, 0xffff, 0, 0, 0]), 96],
+ rfc6052: [new IPv6([0x64, 0xff9b, 0, 0, 0, 0, 0, 0]), 96],
+ '6to4': [new IPv6([0x2002, 0, 0, 0, 0, 0, 0, 0]), 16],
+ teredo: [new IPv6([0x2001, 0, 0, 0, 0, 0, 0, 0]), 32],
+ reserved: [[new IPv6([0x2001, 0xdb8, 0, 0, 0, 0, 0, 0]), 32]]
+ };
+
+ IPv6.prototype.range = function() {
+ return ipaddr.subnetMatch(this, this.SpecialRanges);
+ };
+
+ IPv6.prototype.isIPv4MappedAddress = function() {
+ return this.range() === 'ipv4Mapped';
+ };
+
+ IPv6.prototype.toIPv4Address = function() {
+ var high, low, ref;
+ if (!this.isIPv4MappedAddress()) {
+ throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");
+ }
+ ref = this.parts.slice(-2), high = ref[0], low = ref[1];
+ return new ipaddr.IPv4([high >> 8, high & 0xff, low >> 8, low & 0xff]);
+ };
+
+ IPv6.prototype.prefixLengthFromSubnetMask = function() {
+ var cidr, i, k, part, stop, zeros, zerotable;
+ zerotable = {
+ 0: 16,
+ 32768: 15,
+ 49152: 14,
+ 57344: 13,
+ 61440: 12,
+ 63488: 11,
+ 64512: 10,
+ 65024: 9,
+ 65280: 8,
+ 65408: 7,
+ 65472: 6,
+ 65504: 5,
+ 65520: 4,
+ 65528: 3,
+ 65532: 2,
+ 65534: 1,
+ 65535: 0
+ };
+ cidr = 0;
+ stop = false;
+ for (i = k = 7; k >= 0; i = k += -1) {
+ part = this.parts[i];
+ if (part in zerotable) {
+ zeros = zerotable[part];
+ if (stop && zeros !== 0) {
+ return null;
+ }
+ if (zeros !== 16) {
+ stop = true;
+ }
+ cidr += zeros;
+ } else {
+ return null;
+ }
+ }
+ return 128 - cidr;
+ };
+
+ return IPv6;
+
+ })();
+
+ ipv6Part = "(?:[0-9a-f]+::?)+";
+
+ zoneIndex = "%[0-9a-z]{1,}";
+
+ ipv6Regexes = {
+ zoneIndex: new RegExp(zoneIndex, 'i'),
+ "native": new RegExp("^(::)?(" + ipv6Part + ")?([0-9a-f]+)?(::)?(" + zoneIndex + ")?$", 'i'),
+ transitional: new RegExp(("^((?:" + ipv6Part + ")|(?:::)(?:" + ipv6Part + ")?)") + (ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part) + ("(" + zoneIndex + ")?$"), 'i')
+ };
+
+ expandIPv6 = function(string, parts) {
+ var colonCount, lastColon, part, replacement, replacementCount, zoneId;
+ if (string.indexOf('::') !== string.lastIndexOf('::')) {
+ return null;
+ }
+ zoneId = (string.match(ipv6Regexes['zoneIndex']) || [])[0];
+ if (zoneId) {
+ zoneId = zoneId.substring(1);
+ string = string.replace(/%.+$/, '');
+ }
+ colonCount = 0;
+ lastColon = -1;
+ while ((lastColon = string.indexOf(':', lastColon + 1)) >= 0) {
+ colonCount++;
+ }
+ if (string.substr(0, 2) === '::') {
+ colonCount--;
+ }
+ if (string.substr(-2, 2) === '::') {
+ colonCount--;
+ }
+ if (colonCount > parts) {
+ return null;
+ }
+ replacementCount = parts - colonCount;
+ replacement = ':';
+ while (replacementCount--) {
+ replacement += '0:';
+ }
+ string = string.replace('::', replacement);
+ if (string[0] === ':') {
+ string = string.slice(1);
+ }
+ if (string[string.length - 1] === ':') {
+ string = string.slice(0, -1);
+ }
+ parts = (function() {
+ var k, len, ref, results;
+ ref = string.split(":");
+ results = [];
+ for (k = 0, len = ref.length; k < len; k++) {
+ part = ref[k];
+ results.push(parseInt(part, 16));
+ }
+ return results;
+ })();
+ return {
+ parts: parts,
+ zoneId: zoneId
+ };
+ };
+
+ ipaddr.IPv6.parser = function(string) {
+ var addr, k, len, match, octet, octets, zoneId;
+ if (ipv6Regexes['native'].test(string)) {
+ return expandIPv6(string, 8);
+ } else if (match = string.match(ipv6Regexes['transitional'])) {
+ zoneId = match[6] || '';
+ addr = expandIPv6(match[1].slice(0, -1) + zoneId, 6);
+ if (addr.parts) {
+ octets = [parseInt(match[2]), parseInt(match[3]), parseInt(match[4]), parseInt(match[5])];
+ for (k = 0, len = octets.length; k < len; k++) {
+ octet = octets[k];
+ if (!((0 <= octet && octet <= 255))) {
+ return null;
+ }
+ }
+ addr.parts.push(octets[0] << 8 | octets[1]);
+ addr.parts.push(octets[2] << 8 | octets[3]);
+ return {
+ parts: addr.parts,
+ zoneId: addr.zoneId
+ };
+ }
+ }
+ return null;
+ };
+
+ ipaddr.IPv4.isIPv4 = ipaddr.IPv6.isIPv6 = function(string) {
+ return this.parser(string) !== null;
+ };
+
+ ipaddr.IPv4.isValid = function(string) {
+ var e;
+ try {
+ new this(this.parser(string));
+ return true;
+ } catch (error1) {
+ e = error1;
+ return false;
+ }
+ };
+
+ ipaddr.IPv4.isValidFourPartDecimal = function(string) {
+ if (ipaddr.IPv4.isValid(string) && string.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/)) {
+ return true;
+ } else {
+ return false;
+ }
+ };
+
+ ipaddr.IPv6.isValid = function(string) {
+ var addr, e;
+ if (typeof string === "string" && string.indexOf(":") === -1) {
+ return false;
+ }
+ try {
+ addr = this.parser(string);
+ new this(addr.parts, addr.zoneId);
+ return true;
+ } catch (error1) {
+ e = error1;
+ return false;
+ }
+ };
+
+ ipaddr.IPv4.parse = function(string) {
+ var parts;
+ parts = this.parser(string);
+ if (parts === null) {
+ throw new Error("ipaddr: string is not formatted like ip address");
+ }
+ return new this(parts);
+ };
+
+ ipaddr.IPv6.parse = function(string) {
+ var addr;
+ addr = this.parser(string);
+ if (addr.parts === null) {
+ throw new Error("ipaddr: string is not formatted like ip address");
+ }
+ return new this(addr.parts, addr.zoneId);
+ };
+
+ ipaddr.IPv4.parseCIDR = function(string) {
+ var maskLength, match, parsed;
+ if (match = string.match(/^(.+)\/(\d+)$/)) {
+ maskLength = parseInt(match[2]);
+ if (maskLength >= 0 && maskLength <= 32) {
+ parsed = [this.parse(match[1]), maskLength];
+ Object.defineProperty(parsed, 'toString', {
+ value: function() {
+ return this.join('/');
+ }
+ });
+ return parsed;
+ }
+ }
+ throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range");
+ };
+
+ ipaddr.IPv4.subnetMaskFromPrefixLength = function(prefix) {
+ var filledOctetCount, j, octets;
+ prefix = parseInt(prefix);
+ if (prefix < 0 || prefix > 32) {
+ throw new Error('ipaddr: invalid IPv4 prefix length');
+ }
+ octets = [0, 0, 0, 0];
+ j = 0;
+ filledOctetCount = Math.floor(prefix / 8);
+ while (j < filledOctetCount) {
+ octets[j] = 255;
+ j++;
+ }
+ if (filledOctetCount < 4) {
+ octets[filledOctetCount] = Math.pow(2, prefix % 8) - 1 << 8 - (prefix % 8);
+ }
+ return new this(octets);
+ };
+
+ ipaddr.IPv4.broadcastAddressFromCIDR = function(string) {
+ var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
+ try {
+ cidr = this.parseCIDR(string);
+ ipInterfaceOctets = cidr[0].toByteArray();
+ subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
+ octets = [];
+ i = 0;
+ while (i < 4) {
+ octets.push(parseInt(ipInterfaceOctets[i], 10) | parseInt(subnetMaskOctets[i], 10) ^ 255);
+ i++;
+ }
+ return new this(octets);
+ } catch (error1) {
+ error = error1;
+ throw new Error('ipaddr: the address does not have IPv4 CIDR format');
+ }
+ };
+
+ ipaddr.IPv4.networkAddressFromCIDR = function(string) {
+ var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
+ try {
+ cidr = this.parseCIDR(string);
+ ipInterfaceOctets = cidr[0].toByteArray();
+ subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
+ octets = [];
+ i = 0;
+ while (i < 4) {
+ octets.push(parseInt(ipInterfaceOctets[i], 10) & parseInt(subnetMaskOctets[i], 10));
+ i++;
+ }
+ return new this(octets);
+ } catch (error1) {
+ error = error1;
+ throw new Error('ipaddr: the address does not have IPv4 CIDR format');
+ }
+ };
+
+ ipaddr.IPv6.parseCIDR = function(string) {
+ var maskLength, match, parsed;
+ if (match = string.match(/^(.+)\/(\d+)$/)) {
+ maskLength = parseInt(match[2]);
+ if (maskLength >= 0 && maskLength <= 128) {
+ parsed = [this.parse(match[1]), maskLength];
+ Object.defineProperty(parsed, 'toString', {
+ value: function() {
+ return this.join('/');
+ }
+ });
+ return parsed;
+ }
+ }
+ throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range");
+ };
+
+ ipaddr.isValid = function(string) {
+ return ipaddr.IPv6.isValid(string) || ipaddr.IPv4.isValid(string);
+ };
+
+ ipaddr.parse = function(string) {
+ if (ipaddr.IPv6.isValid(string)) {
+ return ipaddr.IPv6.parse(string);
+ } else if (ipaddr.IPv4.isValid(string)) {
+ return ipaddr.IPv4.parse(string);
+ } else {
+ throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format");
+ }
+ };
+
+ ipaddr.parseCIDR = function(string) {
+ var e;
+ try {
+ return ipaddr.IPv6.parseCIDR(string);
+ } catch (error1) {
+ e = error1;
+ try {
+ return ipaddr.IPv4.parseCIDR(string);
+ } catch (error1) {
+ e = error1;
+ throw new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format");
+ }
+ }
+ };
+
+ ipaddr.fromByteArray = function(bytes) {
+ var length;
+ length = bytes.length;
+ if (length === 4) {
+ return new ipaddr.IPv4(bytes);
+ } else if (length === 16) {
+ return new ipaddr.IPv6(bytes);
+ } else {
+ throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address");
+ }
+ };
+
+ ipaddr.process = function(string) {
+ var addr;
+ addr = this.parse(string);
+ if (addr.kind() === 'ipv6' && addr.isIPv4MappedAddress()) {
+ return addr.toIPv4Address();
+ } else {
+ return addr;
+ }
+ };
+
+}).call(this);
diff --git a/node_modules/ipaddr.js/lib/ipaddr.js.d.ts b/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
new file mode 100644
index 0000000000000000000000000000000000000000..52174b6b6b28411c03f230e779c6f1edf93f9423
--- /dev/null
+++ b/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
@@ -0,0 +1,68 @@
+declare module "ipaddr.js" {
+ type IPv4Range = 'unicast' | 'unspecified' | 'broadcast' | 'multicast' | 'linkLocal' | 'loopback' | 'carrierGradeNat' | 'private' | 'reserved';
+ type IPv6Range = 'unicast' | 'unspecified' | 'linkLocal' | 'multicast' | 'loopback' | 'uniqueLocal' | 'ipv4Mapped' | 'rfc6145' | 'rfc6052' | '6to4' | 'teredo' | 'reserved';
+
+ interface RangeList<T> {
+ [name: string]: [T, number] | [T, number][];
+ }
+
+ // Common methods/properties for IPv4 and IPv6 classes.
+ class IP {
+ prefixLengthFromSubnetMask(): number | null;
+ toByteArray(): number[];
+ toNormalizedString(): string;
+ toString(): string;
+ }
+
+ namespace Address {
+ export function isValid(addr: string): boolean;
+ export function fromByteArray(bytes: number[]): IPv4 | IPv6;
+ export function parse(addr: string): IPv4 | IPv6;
+ export function parseCIDR(mask: string): [IPv4 | IPv6, number];
+ export function process(addr: string): IPv4 | IPv6;
+ export function subnetMatch(addr: IPv4, rangeList: RangeList<IPv4>, defaultName?: string): string;
+ export function subnetMatch(addr: IPv6, rangeList: RangeList<IPv6>, defaultName?: string): string;
+
+ export class IPv4 extends IP {
+ static broadcastAddressFromCIDR(addr: string): IPv4;
+ static isIPv4(addr: string): boolean;
+ static isValidFourPartDecimal(addr: string): boolean;
+ static isValid(addr: string): boolean;
+ static networkAddressFromCIDR(addr: string): IPv4;
+ static parse(addr: string): IPv4;
+ static parseCIDR(addr: string): [IPv4, number];
+ static subnetMaskFromPrefixLength(prefix: number): IPv4;
+ constructor(octets: number[]);
+ octets: number[]
+
+ kind(): 'ipv4';
+ match(addr: IPv4, bits: number): boolean;
+ match(mask: [IPv4, number]): boolean;
+ range(): IPv4Range;
+ subnetMatch(rangeList: RangeList<IPv4>, defaultName?: string): string;
+ toIPv4MappedAddress(): IPv6;
+ }
+
+ export class IPv6 extends IP {
+ static broadcastAddressFromCIDR(addr: string): IPv6;
+ static isIPv6(addr: string): boolean;
+ static isValid(addr: string): boolean;
+ static parse(addr: string): IPv6;
+ static parseCIDR(addr: string): [IPv6, number];
+ static subnetMaskFromPrefixLength(prefix: number): IPv6;
+ constructor(parts: number[]);
+ parts: number[]
+ zoneId?: string
+
+ isIPv4MappedAddress(): boolean;
+ kind(): 'ipv6';
+ match(addr: IPv6, bits: number): boolean;
+ match(mask: [IPv6, number]): boolean;
+ range(): IPv6Range;
+ subnetMatch(rangeList: RangeList<IPv6>, defaultName?: string): string;
+ toIPv4Address(): IPv4;
+ }
+ }
+
+ export = Address;
+}
diff --git a/node_modules/ipaddr.js/package.json b/node_modules/ipaddr.js/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..f4d35475d17abd96f03b0e1133258703b284c785
--- /dev/null
+++ b/node_modules/ipaddr.js/package.json
@@ -0,0 +1,35 @@
+{
+ "name": "ipaddr.js",
+ "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.",
+ "version": "1.9.1",
+ "author": "whitequark <whitequark@whitequark.org>",
+ "directories": {
+ "lib": "./lib"
+ },
+ "dependencies": {},
+ "devDependencies": {
+ "coffee-script": "~1.12.6",
+ "nodeunit": "^0.11.3",
+ "uglify-js": "~3.0.19"
+ },
+ "scripts": {
+ "test": "cake build test"
+ },
+ "files": [
+ "lib/",
+ "LICENSE",
+ "ipaddr.min.js"
+ ],
+ "keywords": [
+ "ip",
+ "ipv4",
+ "ipv6"
+ ],
+ "repository": "git://github.com/whitequark/ipaddr.js",
+ "main": "./lib/ipaddr.js",
+ "engines": {
+ "node": ">= 0.10"
+ },
+ "license": "MIT",
+ "types": "./lib/ipaddr.js.d.ts"
+}
diff --git a/node_modules/merge-descriptors/HISTORY.md b/node_modules/merge-descriptors/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..486771f08bcb1c31a5f6cf0125ad8c422a2b2fcc
--- /dev/null
+++ b/node_modules/merge-descriptors/HISTORY.md
@@ -0,0 +1,21 @@
+1.0.1 / 2016-01-17
+==================
+
+ * perf: enable strict mode
+
+1.0.0 / 2015-03-01
+==================
+
+ * Add option to only add new descriptors
+ * Add simple argument validation
+ * Add jsdoc to source file
+
+0.0.2 / 2013-12-14
+==================
+
+ * Move repository to `component` organization
+
+0.0.1 / 2013-10-29
+==================
+
+ * Initial release
diff --git a/node_modules/merge-descriptors/LICENSE b/node_modules/merge-descriptors/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..274bfd82b2e075c7a264f01c10324d91d636403f
--- /dev/null
+++ b/node_modules/merge-descriptors/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2013 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/merge-descriptors/README.md b/node_modules/merge-descriptors/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..3403f4a0cca592db4d3918bc5bef567e1ae48d17
--- /dev/null
+++ b/node_modules/merge-descriptors/README.md
@@ -0,0 +1,49 @@
+# merge-descriptors
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Merge objects using descriptors.
+
+```js
+var thing = {
+ get name() {
+ return 'jon'
+ }
+}
+
+var animal = {
+
+}
+
+merge(animal, thing)
+
+animal.name === 'jon'
+```
+
+## API
+
+### merge(destination, source)
+
+Redefines `destination`'s descriptors with `source`'s. The return value is the
+`destination` object.
+
+### merge(destination, source, false)
+
+Defines `source`'s descriptors on `destination` if `destination` does not have
+a descriptor by the same name. The return value is the `destination` object.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/merge-descriptors.svg
+[npm-url]: https://npmjs.org/package/merge-descriptors
+[travis-image]: https://img.shields.io/travis/component/merge-descriptors/master.svg
+[travis-url]: https://travis-ci.org/component/merge-descriptors
+[coveralls-image]: https://img.shields.io/coveralls/component/merge-descriptors/master.svg
+[coveralls-url]: https://coveralls.io/r/component/merge-descriptors?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/merge-descriptors.svg
+[downloads-url]: https://npmjs.org/package/merge-descriptors
diff --git a/node_modules/merge-descriptors/index.js b/node_modules/merge-descriptors/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..f22ebab4c6b9c11ff31cce8ccadcca0b11a1c4e5
--- /dev/null
+++ b/node_modules/merge-descriptors/index.js
@@ -0,0 +1,60 @@
+/*!
+ * merge-descriptors
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = merge
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty
+
+/**
+ * Merge the property descriptors of `src` into `dest`
+ *
+ * @param {object} dest Object to add descriptors to
+ * @param {object} src Object to clone descriptors from
+ * @param {boolean} [redefine=true] Redefine `dest` properties with `src` properties
+ * @returns {object} Reference to dest
+ * @public
+ */
+
+function merge (dest, src, redefine) {
+ if (!dest) {
+ throw new TypeError('argument dest is required')
+ }
+
+ if (!src) {
+ throw new TypeError('argument src is required')
+ }
+
+ if (redefine === undefined) {
+ // Default to true
+ redefine = true
+ }
+
+ Object.getOwnPropertyNames(src).forEach(function forEachOwnPropertyName (name) {
+ if (!redefine && hasOwnProperty.call(dest, name)) {
+ // Skip descriptor
+ return
+ }
+
+ // Copy descriptor
+ var descriptor = Object.getOwnPropertyDescriptor(src, name)
+ Object.defineProperty(dest, name, descriptor)
+ })
+
+ return dest
+}
diff --git a/node_modules/merge-descriptors/package.json b/node_modules/merge-descriptors/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..aa9af0a85f45b460d6c06a6dd189dc42aad58460
--- /dev/null
+++ b/node_modules/merge-descriptors/package.json
@@ -0,0 +1,39 @@
+{
+ "name": "merge-descriptors",
+ "description": "Merge objects using descriptors",
+ "version": "1.0.3",
+ "author": {
+ "name": "Jonathan Ong",
+ "email": "me@jongleberry.com",
+ "url": "http://jongleberry.com",
+ "twitter": "https://twitter.com/jongleberry"
+ },
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Mike Grabowski <grabbou@gmail.com>"
+ ],
+ "license": "MIT",
+ "repository": "sindresorhus/merge-descriptors",
+ "funding": "https://github.com/sponsors/sindresorhus",
+ "devDependencies": {
+ "eslint": "5.9.0",
+ "eslint-config-standard": "12.0.0",
+ "eslint-plugin-import": "2.14.0",
+ "eslint-plugin-node": "7.0.1",
+ "eslint-plugin-promise": "4.0.1",
+ "eslint-plugin-standard": "4.0.0",
+ "mocha": "5.2.0",
+ "nyc": "13.1.0"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "README.md",
+ "index.js"
+ ],
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha test/",
+ "test-cov": "nyc --reporter=html --reporter=text npm test"
+ }
+}
diff --git a/node_modules/methods/HISTORY.md b/node_modules/methods/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..c0ecf072db3f9809c46c83f5641b5df99c686bbf
--- /dev/null
+++ b/node_modules/methods/HISTORY.md
@@ -0,0 +1,29 @@
+1.1.2 / 2016-01-17
+==================
+
+ * perf: enable strict mode
+
+1.1.1 / 2014-12-30
+==================
+
+ * Improve `browserify` support
+
+1.1.0 / 2014-07-05
+==================
+
+ * Add `CONNECT` method
+
+1.0.1 / 2014-06-02
+==================
+
+ * Fix module to work with harmony transform
+
+1.0.0 / 2014-05-08
+==================
+
+ * Add `PURGE` method
+
+0.1.0 / 2013-10-28
+==================
+
+ * Add `http.METHODS` support
diff --git a/node_modules/methods/LICENSE b/node_modules/methods/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..220dc1a247943ef3837b65754455dfb179260070
--- /dev/null
+++ b/node_modules/methods/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2013-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/node_modules/methods/README.md b/node_modules/methods/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..672a32bfe5d685306f18b7a81a15af9fbbd00a0f
--- /dev/null
+++ b/node_modules/methods/README.md
@@ -0,0 +1,51 @@
+# Methods
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+HTTP verbs that Node.js core's HTTP parser supports.
+
+This module provides an export that is just like `http.METHODS` from Node.js core,
+with the following differences:
+
+ * All method names are lower-cased.
+ * Contains a fallback list of methods for Node.js versions that do not have a
+ `http.METHODS` export (0.10 and lower).
+ * Provides the fallback list when using tools like `browserify` without pulling
+ in the `http` shim module.
+
+## Install
+
+```bash
+$ npm install methods
+```
+
+## API
+
+```js
+var methods = require('methods')
+```
+
+### methods
+
+This is an array of lower-cased method names that Node.js supports. If Node.js
+provides the `http.METHODS` export, then this is the same array lower-cased,
+otherwise it is a snapshot of the verbs from Node.js 0.10.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/methods.svg?style=flat
+[npm-url]: https://npmjs.org/package/methods
+[node-version-image]: https://img.shields.io/node/v/methods.svg?style=flat
+[node-version-url]: https://nodejs.org/en/download/
+[travis-image]: https://img.shields.io/travis/jshttp/methods.svg?style=flat
+[travis-url]: https://travis-ci.org/jshttp/methods
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/methods.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/jshttp/methods?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/methods.svg?style=flat
+[downloads-url]: https://npmjs.org/package/methods
diff --git a/node_modules/methods/index.js b/node_modules/methods/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..667a50bde7d852359b1ebd9fa8ea8b8582bc64ac
--- /dev/null
+++ b/node_modules/methods/index.js
@@ -0,0 +1,69 @@
+/*!
+ * methods
+ * Copyright(c) 2013-2014 TJ Holowaychuk
+ * Copyright(c) 2015-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var http = require('http');
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = getCurrentNodeMethods() || getBasicNodeMethods();
+
+/**
+ * Get the current Node.js methods.
+ * @private
+ */
+
+function getCurrentNodeMethods() {
+ return http.METHODS && http.METHODS.map(function lowerCaseMethod(method) {
+ return method.toLowerCase();
+ });
+}
+
+/**
+ * Get the "basic" Node.js methods, a snapshot from Node.js 0.10.
+ * @private
+ */
+
+function getBasicNodeMethods() {
+ return [
+ 'get',
+ 'post',
+ 'put',
+ 'head',
+ 'delete',
+ 'options',
+ 'trace',
+ 'copy',
+ 'lock',
+ 'mkcol',
+ 'move',
+ 'purge',
+ 'propfind',
+ 'proppatch',
+ 'unlock',
+ 'report',
+ 'mkactivity',
+ 'checkout',
+ 'merge',
+ 'm-search',
+ 'notify',
+ 'subscribe',
+ 'unsubscribe',
+ 'patch',
+ 'search',
+ 'connect'
+ ];
+}
diff --git a/node_modules/methods/package.json b/node_modules/methods/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..c4ce6f053c68581068898fd2a4be53a861e5b1b5
--- /dev/null
+++ b/node_modules/methods/package.json
@@ -0,0 +1,36 @@
+{
+ "name": "methods",
+ "description": "HTTP methods that node supports",
+ "version": "1.1.2",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
+ "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)"
+ ],
+ "license": "MIT",
+ "repository": "jshttp/methods",
+ "devDependencies": {
+ "istanbul": "0.4.1",
+ "mocha": "1.21.5"
+ },
+ "files": [
+ "index.js",
+ "HISTORY.md",
+ "LICENSE"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ },
+ "browser": {
+ "http": false
+ },
+ "keywords": [
+ "http",
+ "methods"
+ ]
+}
diff --git a/node_modules/mime/.npmignore b/node_modules/mime/.npmignore
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/node_modules/mime/CHANGELOG.md b/node_modules/mime/CHANGELOG.md
new file mode 100644
index 0000000000000000000000000000000000000000..f1275350531d30ca6dd665cbb5fe78fc5e702948
--- /dev/null
+++ b/node_modules/mime/CHANGELOG.md
@@ -0,0 +1,164 @@
+# Changelog
+
+## v1.6.0 (24/11/2017)
+*No changelog for this release.*
+
+---
+
+## v2.0.4 (24/11/2017)
+- [**closed**] Switch to mime-score module for resolving extension contention issues. [#182](https://github.com/broofa/node-mime/issues/182)
+- [**closed**] Update mime-db to 1.31.0 in v1.x branch [#181](https://github.com/broofa/node-mime/issues/181)
+
+---
+
+## v1.5.0 (22/11/2017)
+- [**closed**] need ES5 version ready in npm package [#179](https://github.com/broofa/node-mime/issues/179)
+- [**closed**] mime-db no trace of iWork - pages / numbers / etc. [#178](https://github.com/broofa/node-mime/issues/178)
+- [**closed**] How it works in brownser ? [#176](https://github.com/broofa/node-mime/issues/176)
+- [**closed**] Missing `./Mime` [#175](https://github.com/broofa/node-mime/issues/175)
+- [**closed**] Vulnerable Regular Expression [#167](https://github.com/broofa/node-mime/issues/167)
+
+---
+
+## v2.0.3 (25/09/2017)
+*No changelog for this release.*
+
+---
+
+## v1.4.1 (25/09/2017)
+- [**closed**] Issue when bundling with webpack [#172](https://github.com/broofa/node-mime/issues/172)
+
+---
+
+## v2.0.2 (15/09/2017)
+- [**V2**] fs.readFileSync is not a function [#165](https://github.com/broofa/node-mime/issues/165)
+- [**closed**] The extension for video/quicktime should map to .mov, not .qt [#164](https://github.com/broofa/node-mime/issues/164)
+- [**V2**] [v2 Feedback request] Mime class API [#163](https://github.com/broofa/node-mime/issues/163)
+- [**V2**] [v2 Feedback request] Resolving conflicts over extensions [#162](https://github.com/broofa/node-mime/issues/162)
+- [**V2**] Allow callers to load module with official, full, or no defined types. [#161](https://github.com/broofa/node-mime/issues/161)
+- [**V2**] Use "facets" to resolve extension conflicts [#160](https://github.com/broofa/node-mime/issues/160)
+- [**V2**] Remove fs and path dependencies [#152](https://github.com/broofa/node-mime/issues/152)
+- [**V2**] Default content-type should not be application/octet-stream [#139](https://github.com/broofa/node-mime/issues/139)
+- [**V2**] reset mime-types [#124](https://github.com/broofa/node-mime/issues/124)
+- [**V2**] Extensionless paths should return null or false [#113](https://github.com/broofa/node-mime/issues/113)
+
+---
+
+## v2.0.1 (14/09/2017)
+- [**closed**] Changelog for v2.0 does not mention breaking changes [#171](https://github.com/broofa/node-mime/issues/171)
+- [**closed**] MIME breaking with 'class' declaration as it is without 'use strict mode' [#170](https://github.com/broofa/node-mime/issues/170)
+
+---
+
+## v2.0.0 (12/09/2017)
+- [**closed**] woff and woff2 [#168](https://github.com/broofa/node-mime/issues/168)
+
+---
+
+## v1.4.0 (28/08/2017)
+- [**closed**] support for ac3 voc files [#159](https://github.com/broofa/node-mime/issues/159)
+- [**closed**] Help understanding change from application/xml to text/xml [#158](https://github.com/broofa/node-mime/issues/158)
+- [**closed**] no longer able to override mimetype [#157](https://github.com/broofa/node-mime/issues/157)
+- [**closed**] application/vnd.adobe.photoshop [#147](https://github.com/broofa/node-mime/issues/147)
+- [**closed**] Directories should appear as something other than application/octet-stream [#135](https://github.com/broofa/node-mime/issues/135)
+- [**closed**] requested features [#131](https://github.com/broofa/node-mime/issues/131)
+- [**closed**] Make types.json loading optional? [#129](https://github.com/broofa/node-mime/issues/129)
+- [**closed**] Cannot find module './types.json' [#120](https://github.com/broofa/node-mime/issues/120)
+- [**V2**] .wav files show up as "audio/x-wav" instead of "audio/x-wave" [#118](https://github.com/broofa/node-mime/issues/118)
+- [**closed**] Don't be a pain in the ass for node community [#108](https://github.com/broofa/node-mime/issues/108)
+- [**closed**] don't make default_type global [#78](https://github.com/broofa/node-mime/issues/78)
+- [**closed**] mime.extension() fails if the content-type is parameterized [#74](https://github.com/broofa/node-mime/issues/74)
+
+---
+
+## v1.3.6 (11/05/2017)
+- [**closed**] .md should be text/markdown as of March 2016 [#154](https://github.com/broofa/node-mime/issues/154)
+- [**closed**] Error while installing mime [#153](https://github.com/broofa/node-mime/issues/153)
+- [**closed**] application/manifest+json [#149](https://github.com/broofa/node-mime/issues/149)
+- [**closed**] Dynamic adaptive streaming over HTTP (DASH) file extension typo [#141](https://github.com/broofa/node-mime/issues/141)
+- [**closed**] charsets image/png undefined [#140](https://github.com/broofa/node-mime/issues/140)
+- [**closed**] Mime-db dependency out of date [#130](https://github.com/broofa/node-mime/issues/130)
+- [**closed**] how to support plist? [#126](https://github.com/broofa/node-mime/issues/126)
+- [**closed**] how does .types file format look like? [#123](https://github.com/broofa/node-mime/issues/123)
+- [**closed**] Feature: support for expanding MIME patterns [#121](https://github.com/broofa/node-mime/issues/121)
+- [**closed**] DEBUG_MIME doesn't work [#117](https://github.com/broofa/node-mime/issues/117)
+
+---
+
+## v1.3.4 (06/02/2015)
+*No changelog for this release.*
+
+---
+
+## v1.3.3 (06/02/2015)
+*No changelog for this release.*
+
+---
+
+## v1.3.1 (05/02/2015)
+- [**closed**] Consider adding support for Handlebars .hbs file ending [#111](https://github.com/broofa/node-mime/issues/111)
+- [**closed**] Consider adding support for hjson. [#110](https://github.com/broofa/node-mime/issues/110)
+- [**closed**] Add mime type for Opus audio files [#94](https://github.com/broofa/node-mime/issues/94)
+- [**closed**] Consider making the `Requesting New Types` information more visible [#77](https://github.com/broofa/node-mime/issues/77)
+
+---
+
+## v1.3.0 (05/02/2015)
+- [**closed**] Add common name? [#114](https://github.com/broofa/node-mime/issues/114)
+- [**closed**] application/x-yaml [#104](https://github.com/broofa/node-mime/issues/104)
+- [**closed**] Add mime type for WOFF file format 2.0 [#102](https://github.com/broofa/node-mime/issues/102)
+- [**closed**] application/x-msi for .msi [#99](https://github.com/broofa/node-mime/issues/99)
+- [**closed**] Add mimetype for gettext translation files [#98](https://github.com/broofa/node-mime/issues/98)
+- [**closed**] collaborators [#88](https://github.com/broofa/node-mime/issues/88)
+- [**closed**] getting errot in installation of mime module...any1 can help? [#87](https://github.com/broofa/node-mime/issues/87)
+- [**closed**] should application/json's charset be utf8? [#86](https://github.com/broofa/node-mime/issues/86)
+- [**closed**] Add "license" and "licenses" to package.json [#81](https://github.com/broofa/node-mime/issues/81)
+- [**closed**] lookup with extension-less file on Windows returns wrong type [#68](https://github.com/broofa/node-mime/issues/68)
+
+---
+
+## v1.2.11 (15/08/2013)
+- [**closed**] Update mime.types [#65](https://github.com/broofa/node-mime/issues/65)
+- [**closed**] Publish a new version [#63](https://github.com/broofa/node-mime/issues/63)
+- [**closed**] README should state upfront that "application/octet-stream" is default for unknown extension [#55](https://github.com/broofa/node-mime/issues/55)
+- [**closed**] Suggested improvement to the charset API [#52](https://github.com/broofa/node-mime/issues/52)
+
+---
+
+## v1.2.10 (25/07/2013)
+- [**closed**] Mime type for woff files should be application/font-woff and not application/x-font-woff [#62](https://github.com/broofa/node-mime/issues/62)
+- [**closed**] node.types in conflict with mime.types [#51](https://github.com/broofa/node-mime/issues/51)
+
+---
+
+## v1.2.9 (17/01/2013)
+- [**closed**] Please update "mime" NPM [#49](https://github.com/broofa/node-mime/issues/49)
+- [**closed**] Please add semicolon [#46](https://github.com/broofa/node-mime/issues/46)
+- [**closed**] parse full mime types [#43](https://github.com/broofa/node-mime/issues/43)
+
+---
+
+## v1.2.8 (10/01/2013)
+- [**closed**] /js directory mime is application/javascript. Is it correct? [#47](https://github.com/broofa/node-mime/issues/47)
+- [**closed**] Add mime types for lua code. [#45](https://github.com/broofa/node-mime/issues/45)
+
+---
+
+## v1.2.7 (19/10/2012)
+- [**closed**] cannot install 1.2.7 via npm [#41](https://github.com/broofa/node-mime/issues/41)
+- [**closed**] Transfer ownership to @broofa [#36](https://github.com/broofa/node-mime/issues/36)
+- [**closed**] it's wrong to set charset to UTF-8 for text [#30](https://github.com/broofa/node-mime/issues/30)
+- [**closed**] Allow multiple instances of MIME types container [#27](https://github.com/broofa/node-mime/issues/27)
+
+---
+
+## v1.2.5 (16/02/2012)
+- [**closed**] When looking up a types, check hasOwnProperty [#23](https://github.com/broofa/node-mime/issues/23)
+- [**closed**] Bump version to 1.2.2 [#18](https://github.com/broofa/node-mime/issues/18)
+- [**closed**] No license [#16](https://github.com/broofa/node-mime/issues/16)
+- [**closed**] Some types missing that are used by html5/css3 [#13](https://github.com/broofa/node-mime/issues/13)
+- [**closed**] npm install fails for 1.2.1 [#12](https://github.com/broofa/node-mime/issues/12)
+- [**closed**] image/pjpeg + image/x-png [#10](https://github.com/broofa/node-mime/issues/10)
+- [**closed**] symlink [#8](https://github.com/broofa/node-mime/issues/8)
+- [**closed**] gzip [#2](https://github.com/broofa/node-mime/issues/2)
+- [**closed**] ALL CAPS filenames return incorrect mime type [#1](https://github.com/broofa/node-mime/issues/1)
diff --git a/node_modules/mime/LICENSE b/node_modules/mime/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..d3f46f7e145990dad5954d78c5da9a2c2bdcbe36
--- /dev/null
+++ b/node_modules/mime/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2010 Benjamin Thomas, Robert Kieffer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/node_modules/mime/README.md b/node_modules/mime/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..506fbe550a8dee9f0bde702fda6a040dfed3aba8
--- /dev/null
+++ b/node_modules/mime/README.md
@@ -0,0 +1,90 @@
+# mime
+
+Comprehensive MIME type mapping API based on mime-db module.
+
+## Install
+
+Install with [npm](http://github.com/isaacs/npm):
+
+ npm install mime
+
+## Contributing / Testing
+
+ npm run test
+
+## Command Line
+
+ mime [path_string]
+
+E.g.
+
+ > mime scripts/jquery.js
+ application/javascript
+
+## API - Queries
+
+### mime.lookup(path)
+Get the mime type associated with a file, if no mime type is found `application/octet-stream` is returned. Performs a case-insensitive lookup using the extension in `path` (the substring after the last '/' or '.'). E.g.
+
+```js
+var mime = require('mime');
+
+mime.lookup('/path/to/file.txt'); // => 'text/plain'
+mime.lookup('file.txt'); // => 'text/plain'
+mime.lookup('.TXT'); // => 'text/plain'
+mime.lookup('htm'); // => 'text/html'
+```
+
+### mime.default_type
+Sets the mime type returned when `mime.lookup` fails to find the extension searched for. (Default is `application/octet-stream`.)
+
+### mime.extension(type)
+Get the default extension for `type`
+
+```js
+mime.extension('text/html'); // => 'html'
+mime.extension('application/octet-stream'); // => 'bin'
+```
+
+### mime.charsets.lookup()
+
+Map mime-type to charset
+
+```js
+mime.charsets.lookup('text/plain'); // => 'UTF-8'
+```
+
+(The logic for charset lookups is pretty rudimentary. Feel free to suggest improvements.)
+
+## API - Defining Custom Types
+
+Custom type mappings can be added on a per-project basis via the following APIs.
+
+### mime.define()
+
+Add custom mime/extension mappings
+
+```js
+mime.define({
+ 'text/x-some-format': ['x-sf', 'x-sft', 'x-sfml'],
+ 'application/x-my-type': ['x-mt', 'x-mtt'],
+ // etc ...
+});
+
+mime.lookup('x-sft'); // => 'text/x-some-format'
+```
+
+The first entry in the extensions array is returned by `mime.extension()`. E.g.
+
+```js
+mime.extension('text/x-some-format'); // => 'x-sf'
+```
+
+### mime.load(filepath)
+
+Load mappings from an Apache ".types" format file
+
+```js
+mime.load('./my_project.types');
+```
+The .types file format is simple - See the `types` dir for examples.
diff --git a/node_modules/mime/cli.js b/node_modules/mime/cli.js
new file mode 100644
index 0000000000000000000000000000000000000000..20b1ffeb2f97648e0faa7e022c98ed9e6a8e9a0d
--- /dev/null
+++ b/node_modules/mime/cli.js
@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+
+var mime = require('./mime.js');
+var file = process.argv[2];
+var type = mime.lookup(file);
+
+process.stdout.write(type + '\n');
+
diff --git a/node_modules/mime/mime.js b/node_modules/mime/mime.js
new file mode 100644
index 0000000000000000000000000000000000000000..d7efbde70b8e95fb7f67da9c8cfed11ce8ce4133
--- /dev/null
+++ b/node_modules/mime/mime.js
@@ -0,0 +1,108 @@
+var path = require('path');
+var fs = require('fs');
+
+function Mime() {
+ // Map of extension -> mime type
+ this.types = Object.create(null);
+
+ // Map of mime type -> extension
+ this.extensions = Object.create(null);
+}
+
+/**
+ * Define mimetype -> extension mappings. Each key is a mime-type that maps
+ * to an array of extensions associated with the type. The first extension is
+ * used as the default extension for the type.
+ *
+ * e.g. mime.define({'audio/ogg', ['oga', 'ogg', 'spx']});
+ *
+ * @param map (Object) type definitions
+ */
+Mime.prototype.define = function (map) {
+ for (var type in map) {
+ var exts = map[type];
+ for (var i = 0; i < exts.length; i++) {
+ if (process.env.DEBUG_MIME && this.types[exts[i]]) {
+ console.warn((this._loading || "define()").replace(/.*\//, ''), 'changes "' + exts[i] + '" extension type from ' +
+ this.types[exts[i]] + ' to ' + type);
+ }
+
+ this.types[exts[i]] = type;
+ }
+
+ // Default extension is the first one we encounter
+ if (!this.extensions[type]) {
+ this.extensions[type] = exts[0];
+ }
+ }
+};
+
+/**
+ * Load an Apache2-style ".types" file
+ *
+ * This may be called multiple times (it's expected). Where files declare
+ * overlapping types/extensions, the last file wins.
+ *
+ * @param file (String) path of file to load.
+ */
+Mime.prototype.load = function(file) {
+ this._loading = file;
+ // Read file and split into lines
+ var map = {},
+ content = fs.readFileSync(file, 'ascii'),
+ lines = content.split(/[\r\n]+/);
+
+ lines.forEach(function(line) {
+ // Clean up whitespace/comments, and split into fields
+ var fields = line.replace(/\s*#.*|^\s*|\s*$/g, '').split(/\s+/);
+ map[fields.shift()] = fields;
+ });
+
+ this.define(map);
+
+ this._loading = null;
+};
+
+/**
+ * Lookup a mime type based on extension
+ */
+Mime.prototype.lookup = function(path, fallback) {
+ var ext = path.replace(/^.*[\.\/\\]/, '').toLowerCase();
+
+ return this.types[ext] || fallback || this.default_type;
+};
+
+/**
+ * Return file extension associated with a mime type
+ */
+Mime.prototype.extension = function(mimeType) {
+ var type = mimeType.match(/^\s*([^;\s]*)(?:;|\s|$)/)[1].toLowerCase();
+ return this.extensions[type];
+};
+
+// Default instance
+var mime = new Mime();
+
+// Define built-in types
+mime.define(require('./types.json'));
+
+// Default type
+mime.default_type = mime.lookup('bin');
+
+//
+// Additional API specific to the default instance
+//
+
+mime.Mime = Mime;
+
+/**
+ * Lookup a charset based on mime type.
+ */
+mime.charsets = {
+ lookup: function(mimeType, fallback) {
+ // Assume text types are utf8
+ return (/^text\/|^application\/(javascript|json)/).test(mimeType) ? 'UTF-8' : fallback;
+ }
+};
+
+module.exports = mime;
diff --git a/node_modules/mime/package.json b/node_modules/mime/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..6bd24bc53c1a7067b60f43e559d1739d138b987f
--- /dev/null
+++ b/node_modules/mime/package.json
@@ -0,0 +1,44 @@
+{
+ "author": {
+ "name": "Robert Kieffer",
+ "url": "http://github.com/broofa",
+ "email": "robert@broofa.com"
+ },
+ "bin": {
+ "mime": "cli.js"
+ },
+ "engines": {
+ "node": ">=4"
+ },
+ "contributors": [
+ {
+ "name": "Benjamin Thomas",
+ "url": "http://github.com/bentomas",
+ "email": "benjamin@benjaminthomas.org"
+ }
+ ],
+ "description": "A comprehensive library for mime-type mapping",
+ "license": "MIT",
+ "dependencies": {},
+ "devDependencies": {
+ "github-release-notes": "0.13.1",
+ "mime-db": "1.31.0",
+ "mime-score": "1.1.0"
+ },
+ "scripts": {
+ "prepare": "node src/build.js",
+ "changelog": "gren changelog --tags=all --generate --override",
+ "test": "node src/test.js"
+ },
+ "keywords": [
+ "util",
+ "mime"
+ ],
+ "main": "mime.js",
+ "name": "mime",
+ "repository": {
+ "url": "https://github.com/broofa/node-mime",
+ "type": "git"
+ },
+ "version": "1.6.0"
+}
diff --git a/node_modules/mime/src/build.js b/node_modules/mime/src/build.js
new file mode 100644
index 0000000000000000000000000000000000000000..4928e48bcd5db783074ca4d842ba24931645e1f6
--- /dev/null
+++ b/node_modules/mime/src/build.js
@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const mimeScore = require('mime-score');
+
+let db = require('mime-db');
+let chalk = require('chalk');
+
+const STANDARD_FACET_SCORE = 900;
+
+const byExtension = {};
+
+// Clear out any conflict extensions in mime-db
+for (let type in db) {
+ let entry = db[type];
+ entry.type = type;
+
+ if (!entry.extensions) continue;
+
+ entry.extensions.forEach(ext => {
+ if (ext in byExtension) {
+ const e0 = entry;
+ const e1 = byExtension[ext];
+ e0.pri = mimeScore(e0.type, e0.source);
+ e1.pri = mimeScore(e1.type, e1.source);
+
+ let drop = e0.pri < e1.pri ? e0 : e1;
+ let keep = e0.pri >= e1.pri ? e0 : e1;
+ drop.extensions = drop.extensions.filter(e => e !== ext);
+
+ console.log(`${ext}: Keeping ${chalk.green(keep.type)} (${keep.pri}), dropping ${chalk.red(drop.type)} (${drop.pri})`);
+ }
+ byExtension[ext] = entry;
+ });
+}
+
+function writeTypesFile(types, path) {
+ fs.writeFileSync(path, JSON.stringify(types));
+}
+
+// Segregate into standard and non-standard types based on facet per
+// https://tools.ietf.org/html/rfc6838#section-3.1
+const types = {};
+
+Object.keys(db).sort().forEach(k => {
+ const entry = db[k];
+ types[entry.type] = entry.extensions;
+});
+
+writeTypesFile(types, path.join(__dirname, '..', 'types.json'));
diff --git a/node_modules/mime/src/test.js b/node_modules/mime/src/test.js
new file mode 100644
index 0000000000000000000000000000000000000000..42958a20d5bdbae6a4724c6a8cc99f292b00b265
--- /dev/null
+++ b/node_modules/mime/src/test.js
@@ -0,0 +1,60 @@
+/**
+ * Usage: node test.js
+ */
+
+var mime = require('../mime');
+var assert = require('assert');
+var path = require('path');
+
+//
+// Test mime lookups
+//
+
+assert.equal('text/plain', mime.lookup('text.txt')); // normal file
+assert.equal('text/plain', mime.lookup('TEXT.TXT')); // uppercase
+assert.equal('text/plain', mime.lookup('dir/text.txt')); // dir + file
+assert.equal('text/plain', mime.lookup('.text.txt')); // hidden file
+assert.equal('text/plain', mime.lookup('.txt')); // nameless
+assert.equal('text/plain', mime.lookup('txt')); // extension-only
+assert.equal('text/plain', mime.lookup('/txt')); // extension-less ()
+assert.equal('text/plain', mime.lookup('\\txt')); // Windows, extension-less
+assert.equal('application/octet-stream', mime.lookup('text.nope')); // unrecognized
+assert.equal('fallback', mime.lookup('text.fallback', 'fallback')); // alternate default
+
+//
+// Test extensions
+//
+
+assert.equal('txt', mime.extension(mime.types.text));
+assert.equal('html', mime.extension(mime.types.htm));
+assert.equal('bin', mime.extension('application/octet-stream'));
+assert.equal('bin', mime.extension('application/octet-stream '));
+assert.equal('html', mime.extension(' text/html; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html; charset=UTF-8 '));
+assert.equal('html', mime.extension('text/html; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html ; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html;charset=UTF-8'));
+assert.equal('html', mime.extension('text/Html;charset=UTF-8'));
+assert.equal(undefined, mime.extension('unrecognized'));
+
+//
+// Test node.types lookups
+//
+
+assert.equal('font/woff', mime.lookup('file.woff'));
+assert.equal('application/octet-stream', mime.lookup('file.buffer'));
+// TODO: Uncomment once #157 is resolved
+// assert.equal('audio/mp4', mime.lookup('file.m4a'));
+assert.equal('font/otf', mime.lookup('file.otf'));
+
+//
+// Test charsets
+//
+
+assert.equal('UTF-8', mime.charsets.lookup('text/plain'));
+assert.equal('UTF-8', mime.charsets.lookup(mime.types.js));
+assert.equal('UTF-8', mime.charsets.lookup(mime.types.json));
+assert.equal(undefined, mime.charsets.lookup(mime.types.bin));
+assert.equal('fallback', mime.charsets.lookup('application/octet-stream', 'fallback'));
+
+console.log('\nAll tests passed');
diff --git a/node_modules/mime/types.json b/node_modules/mime/types.json
new file mode 100644
index 0000000000000000000000000000000000000000..bec78abd491e093599b2615533687a6b3c360526
--- /dev/null
+++ b/node_modules/mime/types.json
@@ -0,0 +1 @@
+{"application/andrew-inset":["ez"],"application/applixware":["aw"],"application/atom+xml":["atom"],"application/atomcat+xml":["atomcat"],"application/atomsvc+xml":["atomsvc"],"application/bdoc":["bdoc"],"application/ccxml+xml":["ccxml"],"application/cdmi-capability":["cdmia"],"application/cdmi-container":["cdmic"],"application/cdmi-domain":["cdmid"],"application/cdmi-object":["cdmio"],"application/cdmi-queue":["cdmiq"],"application/cu-seeme":["cu"],"application/dash+xml":["mpd"],"application/davmount+xml":["davmount"],"application/docbook+xml":["dbk"],"application/dssc+der":["dssc"],"application/dssc+xml":["xdssc"],"application/ecmascript":["ecma"],"application/emma+xml":["emma"],"application/epub+zip":["epub"],"application/exi":["exi"],"application/font-tdpfr":["pfr"],"application/font-woff":[],"application/font-woff2":[],"application/geo+json":["geojson"],"application/gml+xml":["gml"],"application/gpx+xml":["gpx"],"application/gxf":["gxf"],"application/gzip":["gz"],"application/hyperstudio":["stk"],"application/inkml+xml":["ink","inkml"],"application/ipfix":["ipfix"],"application/java-archive":["jar","war","ear"],"application/java-serialized-object":["ser"],"application/java-vm":["class"],"application/javascript":["js","mjs"],"application/json":["json","map"],"application/json5":["json5"],"application/jsonml+json":["jsonml"],"application/ld+json":["jsonld"],"application/lost+xml":["lostxml"],"application/mac-binhex40":["hqx"],"application/mac-compactpro":["cpt"],"application/mads+xml":["mads"],"application/manifest+json":["webmanifest"],"application/marc":["mrc"],"application/marcxml+xml":["mrcx"],"application/mathematica":["ma","nb","mb"],"application/mathml+xml":["mathml"],"application/mbox":["mbox"],"application/mediaservercontrol+xml":["mscml"],"application/metalink+xml":["metalink"],"application/metalink4+xml":["meta4"],"application/mets+xml":["mets"],"application/mods+xml":["mods"],"application/mp21":["m21","mp21"],"application/mp4":["mp4s","m4p"],"application/msword":["doc","dot"],"application/mxf":["mxf"],"application/octet-stream":["bin","dms","lrf","mar","so","dist","distz","pkg","bpk","dump","elc","deploy","exe","dll","deb","dmg","iso","img","msi","msp","msm","buffer"],"application/oda":["oda"],"application/oebps-package+xml":["opf"],"application/ogg":["ogx"],"application/omdoc+xml":["omdoc"],"application/onenote":["onetoc","onetoc2","onetmp","onepkg"],"application/oxps":["oxps"],"application/patch-ops-error+xml":["xer"],"application/pdf":["pdf"],"application/pgp-encrypted":["pgp"],"application/pgp-signature":["asc","sig"],"application/pics-rules":["prf"],"application/pkcs10":["p10"],"application/pkcs7-mime":["p7m","p7c"],"application/pkcs7-signature":["p7s"],"application/pkcs8":["p8"],"application/pkix-attr-cert":["ac"],"application/pkix-cert":["cer"],"application/pkix-crl":["crl"],"application/pkix-pkipath":["pkipath"],"application/pkixcmp":["pki"],"application/pls+xml":["pls"],"application/postscript":["ai","eps","ps"],"application/prs.cww":["cww"],"application/pskc+xml":["pskcxml"],"application/raml+yaml":["raml"],"application/rdf+xml":["rdf"],"application/reginfo+xml":["rif"],"application/relax-ng-compact-syntax":["rnc"],"application/resource-lists+xml":["rl"],"application/resource-lists-diff+xml":["rld"],"application/rls-services+xml":["rs"],"application/rpki-ghostbusters":["gbr"],"application/rpki-manifest":["mft"],"application/rpki-roa":["roa"],"application/rsd+xml":["rsd"],"application/rss+xml":["rss"],"application/rtf":["rtf"],"application/sbml+xml":["sbml"],"application/scvp-cv-request":["scq"],"application/scvp-cv-response":["scs"],"application/scvp-vp-request":["spq"],"application/scvp-vp-response":["spp"],"application/sdp":["sdp"],"application/set-payment-initiation":["setpay"],"application/set-registration-initiation":["setreg"],"application/shf+xml":["shf"],"application/smil+xml":["smi","smil"],"application/sparql-query":["rq"],"application/sparql-results+xml":["srx"],"application/srgs":["gram"],"application/srgs+xml":["grxml"],"application/sru+xml":["sru"],"application/ssdl+xml":["ssdl"],"application/ssml+xml":["ssml"],"application/tei+xml":["tei","teicorpus"],"application/thraud+xml":["tfi"],"application/timestamped-data":["tsd"],"application/vnd.3gpp.pic-bw-large":["plb"],"application/vnd.3gpp.pic-bw-small":["psb"],"application/vnd.3gpp.pic-bw-var":["pvb"],"application/vnd.3gpp2.tcap":["tcap"],"application/vnd.3m.post-it-notes":["pwn"],"application/vnd.accpac.simply.aso":["aso"],"application/vnd.accpac.simply.imp":["imp"],"application/vnd.acucobol":["acu"],"application/vnd.acucorp":["atc","acutc"],"application/vnd.adobe.air-application-installer-package+zip":["air"],"application/vnd.adobe.formscentral.fcdt":["fcdt"],"application/vnd.adobe.fxp":["fxp","fxpl"],"application/vnd.adobe.xdp+xml":["xdp"],"application/vnd.adobe.xfdf":["xfdf"],"application/vnd.ahead.space":["ahead"],"application/vnd.airzip.filesecure.azf":["azf"],"application/vnd.airzip.filesecure.azs":["azs"],"application/vnd.amazon.ebook":["azw"],"application/vnd.americandynamics.acc":["acc"],"application/vnd.amiga.ami":["ami"],"application/vnd.android.package-archive":["apk"],"application/vnd.anser-web-certificate-issue-initiation":["cii"],"application/vnd.anser-web-funds-transfer-initiation":["fti"],"application/vnd.antix.game-component":["atx"],"application/vnd.apple.installer+xml":["mpkg"],"application/vnd.apple.mpegurl":["m3u8"],"application/vnd.apple.pkpass":["pkpass"],"application/vnd.aristanetworks.swi":["swi"],"application/vnd.astraea-software.iota":["iota"],"application/vnd.audiograph":["aep"],"application/vnd.blueice.multipass":["mpm"],"application/vnd.bmi":["bmi"],"application/vnd.businessobjects":["rep"],"application/vnd.chemdraw+xml":["cdxml"],"application/vnd.chipnuts.karaoke-mmd":["mmd"],"application/vnd.cinderella":["cdy"],"application/vnd.claymore":["cla"],"application/vnd.cloanto.rp9":["rp9"],"application/vnd.clonk.c4group":["c4g","c4d","c4f","c4p","c4u"],"application/vnd.cluetrust.cartomobile-config":["c11amc"],"application/vnd.cluetrust.cartomobile-config-pkg":["c11amz"],"application/vnd.commonspace":["csp"],"application/vnd.contact.cmsg":["cdbcmsg"],"application/vnd.cosmocaller":["cmc"],"application/vnd.crick.clicker":["clkx"],"application/vnd.crick.clicker.keyboard":["clkk"],"application/vnd.crick.clicker.palette":["clkp"],"application/vnd.crick.clicker.template":["clkt"],"application/vnd.crick.clicker.wordbank":["clkw"],"application/vnd.criticaltools.wbs+xml":["wbs"],"application/vnd.ctc-posml":["pml"],"application/vnd.cups-ppd":["ppd"],"application/vnd.curl.car":["car"],"application/vnd.curl.pcurl":["pcurl"],"application/vnd.dart":["dart"],"application/vnd.data-vision.rdz":["rdz"],"application/vnd.dece.data":["uvf","uvvf","uvd","uvvd"],"application/vnd.dece.ttml+xml":["uvt","uvvt"],"application/vnd.dece.unspecified":["uvx","uvvx"],"application/vnd.dece.zip":["uvz","uvvz"],"application/vnd.denovo.fcselayout-link":["fe_launch"],"application/vnd.dna":["dna"],"application/vnd.dolby.mlp":["mlp"],"application/vnd.dpgraph":["dpg"],"application/vnd.dreamfactory":["dfac"],"application/vnd.ds-keypoint":["kpxx"],"application/vnd.dvb.ait":["ait"],"application/vnd.dvb.service":["svc"],"application/vnd.dynageo":["geo"],"application/vnd.ecowin.chart":["mag"],"application/vnd.enliven":["nml"],"application/vnd.epson.esf":["esf"],"application/vnd.epson.msf":["msf"],"application/vnd.epson.quickanime":["qam"],"application/vnd.epson.salt":["slt"],"application/vnd.epson.ssf":["ssf"],"application/vnd.eszigno3+xml":["es3","et3"],"application/vnd.ezpix-album":["ez2"],"application/vnd.ezpix-package":["ez3"],"application/vnd.fdf":["fdf"],"application/vnd.fdsn.mseed":["mseed"],"application/vnd.fdsn.seed":["seed","dataless"],"application/vnd.flographit":["gph"],"application/vnd.fluxtime.clip":["ftc"],"application/vnd.framemaker":["fm","frame","maker","book"],"application/vnd.frogans.fnc":["fnc"],"application/vnd.frogans.ltf":["ltf"],"application/vnd.fsc.weblaunch":["fsc"],"application/vnd.fujitsu.oasys":["oas"],"application/vnd.fujitsu.oasys2":["oa2"],"application/vnd.fujitsu.oasys3":["oa3"],"application/vnd.fujitsu.oasysgp":["fg5"],"application/vnd.fujitsu.oasysprs":["bh2"],"application/vnd.fujixerox.ddd":["ddd"],"application/vnd.fujixerox.docuworks":["xdw"],"application/vnd.fujixerox.docuworks.binder":["xbd"],"application/vnd.fuzzysheet":["fzs"],"application/vnd.genomatix.tuxedo":["txd"],"application/vnd.geogebra.file":["ggb"],"application/vnd.geogebra.tool":["ggt"],"application/vnd.geometry-explorer":["gex","gre"],"application/vnd.geonext":["gxt"],"application/vnd.geoplan":["g2w"],"application/vnd.geospace":["g3w"],"application/vnd.gmx":["gmx"],"application/vnd.google-apps.document":["gdoc"],"application/vnd.google-apps.presentation":["gslides"],"application/vnd.google-apps.spreadsheet":["gsheet"],"application/vnd.google-earth.kml+xml":["kml"],"application/vnd.google-earth.kmz":["kmz"],"application/vnd.grafeq":["gqf","gqs"],"application/vnd.groove-account":["gac"],"application/vnd.groove-help":["ghf"],"application/vnd.groove-identity-message":["gim"],"application/vnd.groove-injector":["grv"],"application/vnd.groove-tool-message":["gtm"],"application/vnd.groove-tool-template":["tpl"],"application/vnd.groove-vcard":["vcg"],"application/vnd.hal+xml":["hal"],"application/vnd.handheld-entertainment+xml":["zmm"],"application/vnd.hbci":["hbci"],"application/vnd.hhe.lesson-player":["les"],"application/vnd.hp-hpgl":["hpgl"],"application/vnd.hp-hpid":["hpid"],"application/vnd.hp-hps":["hps"],"application/vnd.hp-jlyt":["jlt"],"application/vnd.hp-pcl":["pcl"],"application/vnd.hp-pclxl":["pclxl"],"application/vnd.hydrostatix.sof-data":["sfd-hdstx"],"application/vnd.ibm.minipay":["mpy"],"application/vnd.ibm.modcap":["afp","listafp","list3820"],"application/vnd.ibm.rights-management":["irm"],"application/vnd.ibm.secure-container":["sc"],"application/vnd.iccprofile":["icc","icm"],"application/vnd.igloader":["igl"],"application/vnd.immervision-ivp":["ivp"],"application/vnd.immervision-ivu":["ivu"],"application/vnd.insors.igm":["igm"],"application/vnd.intercon.formnet":["xpw","xpx"],"application/vnd.intergeo":["i2g"],"application/vnd.intu.qbo":["qbo"],"application/vnd.intu.qfx":["qfx"],"application/vnd.ipunplugged.rcprofile":["rcprofile"],"application/vnd.irepository.package+xml":["irp"],"application/vnd.is-xpr":["xpr"],"application/vnd.isac.fcs":["fcs"],"application/vnd.jam":["jam"],"application/vnd.jcp.javame.midlet-rms":["rms"],"application/vnd.jisp":["jisp"],"application/vnd.joost.joda-archive":["joda"],"application/vnd.kahootz":["ktz","ktr"],"application/vnd.kde.karbon":["karbon"],"application/vnd.kde.kchart":["chrt"],"application/vnd.kde.kformula":["kfo"],"application/vnd.kde.kivio":["flw"],"application/vnd.kde.kontour":["kon"],"application/vnd.kde.kpresenter":["kpr","kpt"],"application/vnd.kde.kspread":["ksp"],"application/vnd.kde.kword":["kwd","kwt"],"application/vnd.kenameaapp":["htke"],"application/vnd.kidspiration":["kia"],"application/vnd.kinar":["kne","knp"],"application/vnd.koan":["skp","skd","skt","skm"],"application/vnd.kodak-descriptor":["sse"],"application/vnd.las.las+xml":["lasxml"],"application/vnd.llamagraphics.life-balance.desktop":["lbd"],"application/vnd.llamagraphics.life-balance.exchange+xml":["lbe"],"application/vnd.lotus-1-2-3":["123"],"application/vnd.lotus-approach":["apr"],"application/vnd.lotus-freelance":["pre"],"application/vnd.lotus-notes":["nsf"],"application/vnd.lotus-organizer":["org"],"application/vnd.lotus-screencam":["scm"],"application/vnd.lotus-wordpro":["lwp"],"application/vnd.macports.portpkg":["portpkg"],"application/vnd.mcd":["mcd"],"application/vnd.medcalcdata":["mc1"],"application/vnd.mediastation.cdkey":["cdkey"],"application/vnd.mfer":["mwf"],"application/vnd.mfmp":["mfm"],"application/vnd.micrografx.flo":["flo"],"application/vnd.micrografx.igx":["igx"],"application/vnd.mif":["mif"],"application/vnd.mobius.daf":["daf"],"application/vnd.mobius.dis":["dis"],"application/vnd.mobius.mbk":["mbk"],"application/vnd.mobius.mqy":["mqy"],"application/vnd.mobius.msl":["msl"],"application/vnd.mobius.plc":["plc"],"application/vnd.mobius.txf":["txf"],"application/vnd.mophun.application":["mpn"],"application/vnd.mophun.certificate":["mpc"],"application/vnd.mozilla.xul+xml":["xul"],"application/vnd.ms-artgalry":["cil"],"application/vnd.ms-cab-compressed":["cab"],"application/vnd.ms-excel":["xls","xlm","xla","xlc","xlt","xlw"],"application/vnd.ms-excel.addin.macroenabled.12":["xlam"],"application/vnd.ms-excel.sheet.binary.macroenabled.12":["xlsb"],"application/vnd.ms-excel.sheet.macroenabled.12":["xlsm"],"application/vnd.ms-excel.template.macroenabled.12":["xltm"],"application/vnd.ms-fontobject":["eot"],"application/vnd.ms-htmlhelp":["chm"],"application/vnd.ms-ims":["ims"],"application/vnd.ms-lrm":["lrm"],"application/vnd.ms-officetheme":["thmx"],"application/vnd.ms-outlook":["msg"],"application/vnd.ms-pki.seccat":["cat"],"application/vnd.ms-pki.stl":["stl"],"application/vnd.ms-powerpoint":["ppt","pps","pot"],"application/vnd.ms-powerpoint.addin.macroenabled.12":["ppam"],"application/vnd.ms-powerpoint.presentation.macroenabled.12":["pptm"],"application/vnd.ms-powerpoint.slide.macroenabled.12":["sldm"],"application/vnd.ms-powerpoint.slideshow.macroenabled.12":["ppsm"],"application/vnd.ms-powerpoint.template.macroenabled.12":["potm"],"application/vnd.ms-project":["mpp","mpt"],"application/vnd.ms-word.document.macroenabled.12":["docm"],"application/vnd.ms-word.template.macroenabled.12":["dotm"],"application/vnd.ms-works":["wps","wks","wcm","wdb"],"application/vnd.ms-wpl":["wpl"],"application/vnd.ms-xpsdocument":["xps"],"application/vnd.mseq":["mseq"],"application/vnd.musician":["mus"],"application/vnd.muvee.style":["msty"],"application/vnd.mynfc":["taglet"],"application/vnd.neurolanguage.nlu":["nlu"],"application/vnd.nitf":["ntf","nitf"],"application/vnd.noblenet-directory":["nnd"],"application/vnd.noblenet-sealer":["nns"],"application/vnd.noblenet-web":["nnw"],"application/vnd.nokia.n-gage.data":["ngdat"],"application/vnd.nokia.n-gage.symbian.install":["n-gage"],"application/vnd.nokia.radio-preset":["rpst"],"application/vnd.nokia.radio-presets":["rpss"],"application/vnd.novadigm.edm":["edm"],"application/vnd.novadigm.edx":["edx"],"application/vnd.novadigm.ext":["ext"],"application/vnd.oasis.opendocument.chart":["odc"],"application/vnd.oasis.opendocument.chart-template":["otc"],"application/vnd.oasis.opendocument.database":["odb"],"application/vnd.oasis.opendocument.formula":["odf"],"application/vnd.oasis.opendocument.formula-template":["odft"],"application/vnd.oasis.opendocument.graphics":["odg"],"application/vnd.oasis.opendocument.graphics-template":["otg"],"application/vnd.oasis.opendocument.image":["odi"],"application/vnd.oasis.opendocument.image-template":["oti"],"application/vnd.oasis.opendocument.presentation":["odp"],"application/vnd.oasis.opendocument.presentation-template":["otp"],"application/vnd.oasis.opendocument.spreadsheet":["ods"],"application/vnd.oasis.opendocument.spreadsheet-template":["ots"],"application/vnd.oasis.opendocument.text":["odt"],"application/vnd.oasis.opendocument.text-master":["odm"],"application/vnd.oasis.opendocument.text-template":["ott"],"application/vnd.oasis.opendocument.text-web":["oth"],"application/vnd.olpc-sugar":["xo"],"application/vnd.oma.dd2+xml":["dd2"],"application/vnd.openofficeorg.extension":["oxt"],"application/vnd.openxmlformats-officedocument.presentationml.presentation":["pptx"],"application/vnd.openxmlformats-officedocument.presentationml.slide":["sldx"],"application/vnd.openxmlformats-officedocument.presentationml.slideshow":["ppsx"],"application/vnd.openxmlformats-officedocument.presentationml.template":["potx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet":["xlsx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.template":["xltx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.document":["docx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.template":["dotx"],"application/vnd.osgeo.mapguide.package":["mgp"],"application/vnd.osgi.dp":["dp"],"application/vnd.osgi.subsystem":["esa"],"application/vnd.palm":["pdb","pqa","oprc"],"application/vnd.pawaafile":["paw"],"application/vnd.pg.format":["str"],"application/vnd.pg.osasli":["ei6"],"application/vnd.picsel":["efif"],"application/vnd.pmi.widget":["wg"],"application/vnd.pocketlearn":["plf"],"application/vnd.powerbuilder6":["pbd"],"application/vnd.previewsystems.box":["box"],"application/vnd.proteus.magazine":["mgz"],"application/vnd.publishare-delta-tree":["qps"],"application/vnd.pvi.ptid1":["ptid"],"application/vnd.quark.quarkxpress":["qxd","qxt","qwd","qwt","qxl","qxb"],"application/vnd.realvnc.bed":["bed"],"application/vnd.recordare.musicxml":["mxl"],"application/vnd.recordare.musicxml+xml":["musicxml"],"application/vnd.rig.cryptonote":["cryptonote"],"application/vnd.rim.cod":["cod"],"application/vnd.rn-realmedia":["rm"],"application/vnd.rn-realmedia-vbr":["rmvb"],"application/vnd.route66.link66+xml":["link66"],"application/vnd.sailingtracker.track":["st"],"application/vnd.seemail":["see"],"application/vnd.sema":["sema"],"application/vnd.semd":["semd"],"application/vnd.semf":["semf"],"application/vnd.shana.informed.formdata":["ifm"],"application/vnd.shana.informed.formtemplate":["itp"],"application/vnd.shana.informed.interchange":["iif"],"application/vnd.shana.informed.package":["ipk"],"application/vnd.simtech-mindmapper":["twd","twds"],"application/vnd.smaf":["mmf"],"application/vnd.smart.teacher":["teacher"],"application/vnd.solent.sdkm+xml":["sdkm","sdkd"],"application/vnd.spotfire.dxp":["dxp"],"application/vnd.spotfire.sfs":["sfs"],"application/vnd.stardivision.calc":["sdc"],"application/vnd.stardivision.draw":["sda"],"application/vnd.stardivision.impress":["sdd"],"application/vnd.stardivision.math":["smf"],"application/vnd.stardivision.writer":["sdw","vor"],"application/vnd.stardivision.writer-global":["sgl"],"application/vnd.stepmania.package":["smzip"],"application/vnd.stepmania.stepchart":["sm"],"application/vnd.sun.wadl+xml":["wadl"],"application/vnd.sun.xml.calc":["sxc"],"application/vnd.sun.xml.calc.template":["stc"],"application/vnd.sun.xml.draw":["sxd"],"application/vnd.sun.xml.draw.template":["std"],"application/vnd.sun.xml.impress":["sxi"],"application/vnd.sun.xml.impress.template":["sti"],"application/vnd.sun.xml.math":["sxm"],"application/vnd.sun.xml.writer":["sxw"],"application/vnd.sun.xml.writer.global":["sxg"],"application/vnd.sun.xml.writer.template":["stw"],"application/vnd.sus-calendar":["sus","susp"],"application/vnd.svd":["svd"],"application/vnd.symbian.install":["sis","sisx"],"application/vnd.syncml+xml":["xsm"],"application/vnd.syncml.dm+wbxml":["bdm"],"application/vnd.syncml.dm+xml":["xdm"],"application/vnd.tao.intent-module-archive":["tao"],"application/vnd.tcpdump.pcap":["pcap","cap","dmp"],"application/vnd.tmobile-livetv":["tmo"],"application/vnd.trid.tpt":["tpt"],"application/vnd.triscape.mxs":["mxs"],"application/vnd.trueapp":["tra"],"application/vnd.ufdl":["ufd","ufdl"],"application/vnd.uiq.theme":["utz"],"application/vnd.umajin":["umj"],"application/vnd.unity":["unityweb"],"application/vnd.uoml+xml":["uoml"],"application/vnd.vcx":["vcx"],"application/vnd.visio":["vsd","vst","vss","vsw"],"application/vnd.visionary":["vis"],"application/vnd.vsf":["vsf"],"application/vnd.wap.wbxml":["wbxml"],"application/vnd.wap.wmlc":["wmlc"],"application/vnd.wap.wmlscriptc":["wmlsc"],"application/vnd.webturbo":["wtb"],"application/vnd.wolfram.player":["nbp"],"application/vnd.wordperfect":["wpd"],"application/vnd.wqd":["wqd"],"application/vnd.wt.stf":["stf"],"application/vnd.xara":["xar"],"application/vnd.xfdl":["xfdl"],"application/vnd.yamaha.hv-dic":["hvd"],"application/vnd.yamaha.hv-script":["hvs"],"application/vnd.yamaha.hv-voice":["hvp"],"application/vnd.yamaha.openscoreformat":["osf"],"application/vnd.yamaha.openscoreformat.osfpvg+xml":["osfpvg"],"application/vnd.yamaha.smaf-audio":["saf"],"application/vnd.yamaha.smaf-phrase":["spf"],"application/vnd.yellowriver-custom-menu":["cmp"],"application/vnd.zul":["zir","zirz"],"application/vnd.zzazz.deck+xml":["zaz"],"application/voicexml+xml":["vxml"],"application/wasm":["wasm"],"application/widget":["wgt"],"application/winhlp":["hlp"],"application/wsdl+xml":["wsdl"],"application/wspolicy+xml":["wspolicy"],"application/x-7z-compressed":["7z"],"application/x-abiword":["abw"],"application/x-ace-compressed":["ace"],"application/x-apple-diskimage":[],"application/x-arj":["arj"],"application/x-authorware-bin":["aab","x32","u32","vox"],"application/x-authorware-map":["aam"],"application/x-authorware-seg":["aas"],"application/x-bcpio":["bcpio"],"application/x-bdoc":[],"application/x-bittorrent":["torrent"],"application/x-blorb":["blb","blorb"],"application/x-bzip":["bz"],"application/x-bzip2":["bz2","boz"],"application/x-cbr":["cbr","cba","cbt","cbz","cb7"],"application/x-cdlink":["vcd"],"application/x-cfs-compressed":["cfs"],"application/x-chat":["chat"],"application/x-chess-pgn":["pgn"],"application/x-chrome-extension":["crx"],"application/x-cocoa":["cco"],"application/x-conference":["nsc"],"application/x-cpio":["cpio"],"application/x-csh":["csh"],"application/x-debian-package":["udeb"],"application/x-dgc-compressed":["dgc"],"application/x-director":["dir","dcr","dxr","cst","cct","cxt","w3d","fgd","swa"],"application/x-doom":["wad"],"application/x-dtbncx+xml":["ncx"],"application/x-dtbook+xml":["dtb"],"application/x-dtbresource+xml":["res"],"application/x-dvi":["dvi"],"application/x-envoy":["evy"],"application/x-eva":["eva"],"application/x-font-bdf":["bdf"],"application/x-font-ghostscript":["gsf"],"application/x-font-linux-psf":["psf"],"application/x-font-pcf":["pcf"],"application/x-font-snf":["snf"],"application/x-font-type1":["pfa","pfb","pfm","afm"],"application/x-freearc":["arc"],"application/x-futuresplash":["spl"],"application/x-gca-compressed":["gca"],"application/x-glulx":["ulx"],"application/x-gnumeric":["gnumeric"],"application/x-gramps-xml":["gramps"],"application/x-gtar":["gtar"],"application/x-hdf":["hdf"],"application/x-httpd-php":["php"],"application/x-install-instructions":["install"],"application/x-iso9660-image":[],"application/x-java-archive-diff":["jardiff"],"application/x-java-jnlp-file":["jnlp"],"application/x-latex":["latex"],"application/x-lua-bytecode":["luac"],"application/x-lzh-compressed":["lzh","lha"],"application/x-makeself":["run"],"application/x-mie":["mie"],"application/x-mobipocket-ebook":["prc","mobi"],"application/x-ms-application":["application"],"application/x-ms-shortcut":["lnk"],"application/x-ms-wmd":["wmd"],"application/x-ms-wmz":["wmz"],"application/x-ms-xbap":["xbap"],"application/x-msaccess":["mdb"],"application/x-msbinder":["obd"],"application/x-mscardfile":["crd"],"application/x-msclip":["clp"],"application/x-msdos-program":[],"application/x-msdownload":["com","bat"],"application/x-msmediaview":["mvb","m13","m14"],"application/x-msmetafile":["wmf","emf","emz"],"application/x-msmoney":["mny"],"application/x-mspublisher":["pub"],"application/x-msschedule":["scd"],"application/x-msterminal":["trm"],"application/x-mswrite":["wri"],"application/x-netcdf":["nc","cdf"],"application/x-ns-proxy-autoconfig":["pac"],"application/x-nzb":["nzb"],"application/x-perl":["pl","pm"],"application/x-pilot":[],"application/x-pkcs12":["p12","pfx"],"application/x-pkcs7-certificates":["p7b","spc"],"application/x-pkcs7-certreqresp":["p7r"],"application/x-rar-compressed":["rar"],"application/x-redhat-package-manager":["rpm"],"application/x-research-info-systems":["ris"],"application/x-sea":["sea"],"application/x-sh":["sh"],"application/x-shar":["shar"],"application/x-shockwave-flash":["swf"],"application/x-silverlight-app":["xap"],"application/x-sql":["sql"],"application/x-stuffit":["sit"],"application/x-stuffitx":["sitx"],"application/x-subrip":["srt"],"application/x-sv4cpio":["sv4cpio"],"application/x-sv4crc":["sv4crc"],"application/x-t3vm-image":["t3"],"application/x-tads":["gam"],"application/x-tar":["tar"],"application/x-tcl":["tcl","tk"],"application/x-tex":["tex"],"application/x-tex-tfm":["tfm"],"application/x-texinfo":["texinfo","texi"],"application/x-tgif":["obj"],"application/x-ustar":["ustar"],"application/x-virtualbox-hdd":["hdd"],"application/x-virtualbox-ova":["ova"],"application/x-virtualbox-ovf":["ovf"],"application/x-virtualbox-vbox":["vbox"],"application/x-virtualbox-vbox-extpack":["vbox-extpack"],"application/x-virtualbox-vdi":["vdi"],"application/x-virtualbox-vhd":["vhd"],"application/x-virtualbox-vmdk":["vmdk"],"application/x-wais-source":["src"],"application/x-web-app-manifest+json":["webapp"],"application/x-x509-ca-cert":["der","crt","pem"],"application/x-xfig":["fig"],"application/x-xliff+xml":["xlf"],"application/x-xpinstall":["xpi"],"application/x-xz":["xz"],"application/x-zmachine":["z1","z2","z3","z4","z5","z6","z7","z8"],"application/xaml+xml":["xaml"],"application/xcap-diff+xml":["xdf"],"application/xenc+xml":["xenc"],"application/xhtml+xml":["xhtml","xht"],"application/xml":["xml","xsl","xsd","rng"],"application/xml-dtd":["dtd"],"application/xop+xml":["xop"],"application/xproc+xml":["xpl"],"application/xslt+xml":["xslt"],"application/xspf+xml":["xspf"],"application/xv+xml":["mxml","xhvml","xvml","xvm"],"application/yang":["yang"],"application/yin+xml":["yin"],"application/zip":["zip"],"audio/3gpp":[],"audio/adpcm":["adp"],"audio/basic":["au","snd"],"audio/midi":["mid","midi","kar","rmi"],"audio/mp3":[],"audio/mp4":["m4a","mp4a"],"audio/mpeg":["mpga","mp2","mp2a","mp3","m2a","m3a"],"audio/ogg":["oga","ogg","spx"],"audio/s3m":["s3m"],"audio/silk":["sil"],"audio/vnd.dece.audio":["uva","uvva"],"audio/vnd.digital-winds":["eol"],"audio/vnd.dra":["dra"],"audio/vnd.dts":["dts"],"audio/vnd.dts.hd":["dtshd"],"audio/vnd.lucent.voice":["lvp"],"audio/vnd.ms-playready.media.pya":["pya"],"audio/vnd.nuera.ecelp4800":["ecelp4800"],"audio/vnd.nuera.ecelp7470":["ecelp7470"],"audio/vnd.nuera.ecelp9600":["ecelp9600"],"audio/vnd.rip":["rip"],"audio/wav":["wav"],"audio/wave":[],"audio/webm":["weba"],"audio/x-aac":["aac"],"audio/x-aiff":["aif","aiff","aifc"],"audio/x-caf":["caf"],"audio/x-flac":["flac"],"audio/x-m4a":[],"audio/x-matroska":["mka"],"audio/x-mpegurl":["m3u"],"audio/x-ms-wax":["wax"],"audio/x-ms-wma":["wma"],"audio/x-pn-realaudio":["ram","ra"],"audio/x-pn-realaudio-plugin":["rmp"],"audio/x-realaudio":[],"audio/x-wav":[],"audio/xm":["xm"],"chemical/x-cdx":["cdx"],"chemical/x-cif":["cif"],"chemical/x-cmdf":["cmdf"],"chemical/x-cml":["cml"],"chemical/x-csml":["csml"],"chemical/x-xyz":["xyz"],"font/collection":["ttc"],"font/otf":["otf"],"font/ttf":["ttf"],"font/woff":["woff"],"font/woff2":["woff2"],"image/apng":["apng"],"image/bmp":["bmp"],"image/cgm":["cgm"],"image/g3fax":["g3"],"image/gif":["gif"],"image/ief":["ief"],"image/jp2":["jp2","jpg2"],"image/jpeg":["jpeg","jpg","jpe"],"image/jpm":["jpm"],"image/jpx":["jpx","jpf"],"image/ktx":["ktx"],"image/png":["png"],"image/prs.btif":["btif"],"image/sgi":["sgi"],"image/svg+xml":["svg","svgz"],"image/tiff":["tiff","tif"],"image/vnd.adobe.photoshop":["psd"],"image/vnd.dece.graphic":["uvi","uvvi","uvg","uvvg"],"image/vnd.djvu":["djvu","djv"],"image/vnd.dvb.subtitle":[],"image/vnd.dwg":["dwg"],"image/vnd.dxf":["dxf"],"image/vnd.fastbidsheet":["fbs"],"image/vnd.fpx":["fpx"],"image/vnd.fst":["fst"],"image/vnd.fujixerox.edmics-mmr":["mmr"],"image/vnd.fujixerox.edmics-rlc":["rlc"],"image/vnd.ms-modi":["mdi"],"image/vnd.ms-photo":["wdp"],"image/vnd.net-fpx":["npx"],"image/vnd.wap.wbmp":["wbmp"],"image/vnd.xiff":["xif"],"image/webp":["webp"],"image/x-3ds":["3ds"],"image/x-cmu-raster":["ras"],"image/x-cmx":["cmx"],"image/x-freehand":["fh","fhc","fh4","fh5","fh7"],"image/x-icon":["ico"],"image/x-jng":["jng"],"image/x-mrsid-image":["sid"],"image/x-ms-bmp":[],"image/x-pcx":["pcx"],"image/x-pict":["pic","pct"],"image/x-portable-anymap":["pnm"],"image/x-portable-bitmap":["pbm"],"image/x-portable-graymap":["pgm"],"image/x-portable-pixmap":["ppm"],"image/x-rgb":["rgb"],"image/x-tga":["tga"],"image/x-xbitmap":["xbm"],"image/x-xpixmap":["xpm"],"image/x-xwindowdump":["xwd"],"message/rfc822":["eml","mime"],"model/gltf+json":["gltf"],"model/gltf-binary":["glb"],"model/iges":["igs","iges"],"model/mesh":["msh","mesh","silo"],"model/vnd.collada+xml":["dae"],"model/vnd.dwf":["dwf"],"model/vnd.gdl":["gdl"],"model/vnd.gtw":["gtw"],"model/vnd.mts":["mts"],"model/vnd.vtu":["vtu"],"model/vrml":["wrl","vrml"],"model/x3d+binary":["x3db","x3dbz"],"model/x3d+vrml":["x3dv","x3dvz"],"model/x3d+xml":["x3d","x3dz"],"text/cache-manifest":["appcache","manifest"],"text/calendar":["ics","ifb"],"text/coffeescript":["coffee","litcoffee"],"text/css":["css"],"text/csv":["csv"],"text/hjson":["hjson"],"text/html":["html","htm","shtml"],"text/jade":["jade"],"text/jsx":["jsx"],"text/less":["less"],"text/markdown":["markdown","md"],"text/mathml":["mml"],"text/n3":["n3"],"text/plain":["txt","text","conf","def","list","log","in","ini"],"text/prs.lines.tag":["dsc"],"text/richtext":["rtx"],"text/rtf":[],"text/sgml":["sgml","sgm"],"text/slim":["slim","slm"],"text/stylus":["stylus","styl"],"text/tab-separated-values":["tsv"],"text/troff":["t","tr","roff","man","me","ms"],"text/turtle":["ttl"],"text/uri-list":["uri","uris","urls"],"text/vcard":["vcard"],"text/vnd.curl":["curl"],"text/vnd.curl.dcurl":["dcurl"],"text/vnd.curl.mcurl":["mcurl"],"text/vnd.curl.scurl":["scurl"],"text/vnd.dvb.subtitle":["sub"],"text/vnd.fly":["fly"],"text/vnd.fmi.flexstor":["flx"],"text/vnd.graphviz":["gv"],"text/vnd.in3d.3dml":["3dml"],"text/vnd.in3d.spot":["spot"],"text/vnd.sun.j2me.app-descriptor":["jad"],"text/vnd.wap.wml":["wml"],"text/vnd.wap.wmlscript":["wmls"],"text/vtt":["vtt"],"text/x-asm":["s","asm"],"text/x-c":["c","cc","cxx","cpp","h","hh","dic"],"text/x-component":["htc"],"text/x-fortran":["f","for","f77","f90"],"text/x-handlebars-template":["hbs"],"text/x-java-source":["java"],"text/x-lua":["lua"],"text/x-markdown":["mkd"],"text/x-nfo":["nfo"],"text/x-opml":["opml"],"text/x-org":[],"text/x-pascal":["p","pas"],"text/x-processing":["pde"],"text/x-sass":["sass"],"text/x-scss":["scss"],"text/x-setext":["etx"],"text/x-sfv":["sfv"],"text/x-suse-ymp":["ymp"],"text/x-uuencode":["uu"],"text/x-vcalendar":["vcs"],"text/x-vcard":["vcf"],"text/xml":[],"text/yaml":["yaml","yml"],"video/3gpp":["3gp","3gpp"],"video/3gpp2":["3g2"],"video/h261":["h261"],"video/h263":["h263"],"video/h264":["h264"],"video/jpeg":["jpgv"],"video/jpm":["jpgm"],"video/mj2":["mj2","mjp2"],"video/mp2t":["ts"],"video/mp4":["mp4","mp4v","mpg4"],"video/mpeg":["mpeg","mpg","mpe","m1v","m2v"],"video/ogg":["ogv"],"video/quicktime":["qt","mov"],"video/vnd.dece.hd":["uvh","uvvh"],"video/vnd.dece.mobile":["uvm","uvvm"],"video/vnd.dece.pd":["uvp","uvvp"],"video/vnd.dece.sd":["uvs","uvvs"],"video/vnd.dece.video":["uvv","uvvv"],"video/vnd.dvb.file":["dvb"],"video/vnd.fvt":["fvt"],"video/vnd.mpegurl":["mxu","m4u"],"video/vnd.ms-playready.media.pyv":["pyv"],"video/vnd.uvvu.mp4":["uvu","uvvu"],"video/vnd.vivo":["viv"],"video/webm":["webm"],"video/x-f4v":["f4v"],"video/x-fli":["fli"],"video/x-flv":["flv"],"video/x-m4v":["m4v"],"video/x-matroska":["mkv","mk3d","mks"],"video/x-mng":["mng"],"video/x-ms-asf":["asf","asx"],"video/x-ms-vob":["vob"],"video/x-ms-wm":["wm"],"video/x-ms-wmv":["wmv"],"video/x-ms-wmx":["wmx"],"video/x-ms-wvx":["wvx"],"video/x-msvideo":["avi"],"video/x-sgi-movie":["movie"],"video/x-smv":["smv"],"x-conference/x-cooltalk":["ice"]}
\ No newline at end of file
diff --git a/node_modules/negotiator/HISTORY.md b/node_modules/negotiator/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..a9a544914c43bb8927b9ee9ff02aa2c2c7277fdb
--- /dev/null
+++ b/node_modules/negotiator/HISTORY.md
@@ -0,0 +1,108 @@
+0.6.3 / 2022-01-22
+==================
+
+ * Revert "Lazy-load modules from main entry point"
+
+0.6.2 / 2019-04-29
+==================
+
+ * Fix sorting charset, encoding, and language with extra parameters
+
+0.6.1 / 2016-05-02
+==================
+
+ * perf: improve `Accept` parsing speed
+ * perf: improve `Accept-Charset` parsing speed
+ * perf: improve `Accept-Encoding` parsing speed
+ * perf: improve `Accept-Language` parsing speed
+
+0.6.0 / 2015-09-29
+==================
+
+ * Fix including type extensions in parameters in `Accept` parsing
+ * Fix parsing `Accept` parameters with quoted equals
+ * Fix parsing `Accept` parameters with quoted semicolons
+ * Lazy-load modules from main entry point
+ * perf: delay type concatenation until needed
+ * perf: enable strict mode
+ * perf: hoist regular expressions
+ * perf: remove closures getting spec properties
+ * perf: remove a closure from media type parsing
+ * perf: remove property delete from media type parsing
+
+0.5.3 / 2015-05-10
+==================
+
+ * Fix media type parameter matching to be case-insensitive
+
+0.5.2 / 2015-05-06
+==================
+
+ * Fix comparing media types with quoted values
+ * Fix splitting media types with quoted commas
+
+0.5.1 / 2015-02-14
+==================
+
+ * Fix preference sorting to be stable for long acceptable lists
+
+0.5.0 / 2014-12-18
+==================
+
+ * Fix list return order when large accepted list
+ * Fix missing identity encoding when q=0 exists
+ * Remove dynamic building of Negotiator class
+
+0.4.9 / 2014-10-14
+==================
+
+ * Fix error when media type has invalid parameter
+
+0.4.8 / 2014-09-28
+==================
+
+ * Fix all negotiations to be case-insensitive
+ * Stable sort preferences of same quality according to client order
+ * Support Node.js 0.6
+
+0.4.7 / 2014-06-24
+==================
+
+ * Handle invalid provided languages
+ * Handle invalid provided media types
+
+0.4.6 / 2014-06-11
+==================
+
+ * Order by specificity when quality is the same
+
+0.4.5 / 2014-05-29
+==================
+
+ * Fix regression in empty header handling
+
+0.4.4 / 2014-05-29
+==================
+
+ * Fix behaviors when headers are not present
+
+0.4.3 / 2014-04-16
+==================
+
+ * Handle slashes on media params correctly
+
+0.4.2 / 2014-02-28
+==================
+
+ * Fix media type sorting
+ * Handle media types params strictly
+
+0.4.1 / 2014-01-16
+==================
+
+ * Use most specific matches
+
+0.4.0 / 2014-01-09
+==================
+
+ * Remove preferred prefix from methods
diff --git a/node_modules/negotiator/LICENSE b/node_modules/negotiator/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..ea6b9e2e9ac251526c95df2dd995cf5f1e861854
--- /dev/null
+++ b/node_modules/negotiator/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 Federico Romero
+Copyright (c) 2012-2014 Isaac Z. Schlueter
+Copyright (c) 2014-2015 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/negotiator/README.md b/node_modules/negotiator/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..82915e521b4d321d90111316c6193706f1d7b8bf
--- /dev/null
+++ b/node_modules/negotiator/README.md
@@ -0,0 +1,203 @@
+# negotiator
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+An HTTP content negotiator for Node.js
+
+## Installation
+
+```sh
+$ npm install negotiator
+```
+
+## API
+
+```js
+var Negotiator = require('negotiator')
+```
+
+### Accept Negotiation
+
+```js
+availableMediaTypes = ['text/html', 'text/plain', 'application/json']
+
+// The negotiator constructor receives a request object
+negotiator = new Negotiator(request)
+
+// Let's say Accept header is 'text/html, application/*;q=0.2, image/jpeg;q=0.8'
+
+negotiator.mediaTypes()
+// -> ['text/html', 'image/jpeg', 'application/*']
+
+negotiator.mediaTypes(availableMediaTypes)
+// -> ['text/html', 'application/json']
+
+negotiator.mediaType(availableMediaTypes)
+// -> 'text/html'
+```
+
+You can check a working example at `examples/accept.js`.
+
+#### Methods
+
+##### mediaType()
+
+Returns the most preferred media type from the client.
+
+##### mediaType(availableMediaType)
+
+Returns the most preferred media type from a list of available media types.
+
+##### mediaTypes()
+
+Returns an array of preferred media types ordered by the client preference.
+
+##### mediaTypes(availableMediaTypes)
+
+Returns an array of preferred media types ordered by priority from a list of
+available media types.
+
+### Accept-Language Negotiation
+
+```js
+negotiator = new Negotiator(request)
+
+availableLanguages = ['en', 'es', 'fr']
+
+// Let's say Accept-Language header is 'en;q=0.8, es, pt'
+
+negotiator.languages()
+// -> ['es', 'pt', 'en']
+
+negotiator.languages(availableLanguages)
+// -> ['es', 'en']
+
+language = negotiator.language(availableLanguages)
+// -> 'es'
+```
+
+You can check a working example at `examples/language.js`.
+
+#### Methods
+
+##### language()
+
+Returns the most preferred language from the client.
+
+##### language(availableLanguages)
+
+Returns the most preferred language from a list of available languages.
+
+##### languages()
+
+Returns an array of preferred languages ordered by the client preference.
+
+##### languages(availableLanguages)
+
+Returns an array of preferred languages ordered by priority from a list of
+available languages.
+
+### Accept-Charset Negotiation
+
+```js
+availableCharsets = ['utf-8', 'iso-8859-1', 'iso-8859-5']
+
+negotiator = new Negotiator(request)
+
+// Let's say Accept-Charset header is 'utf-8, iso-8859-1;q=0.8, utf-7;q=0.2'
+
+negotiator.charsets()
+// -> ['utf-8', 'iso-8859-1', 'utf-7']
+
+negotiator.charsets(availableCharsets)
+// -> ['utf-8', 'iso-8859-1']
+
+negotiator.charset(availableCharsets)
+// -> 'utf-8'
+```
+
+You can check a working example at `examples/charset.js`.
+
+#### Methods
+
+##### charset()
+
+Returns the most preferred charset from the client.
+
+##### charset(availableCharsets)
+
+Returns the most preferred charset from a list of available charsets.
+
+##### charsets()
+
+Returns an array of preferred charsets ordered by the client preference.
+
+##### charsets(availableCharsets)
+
+Returns an array of preferred charsets ordered by priority from a list of
+available charsets.
+
+### Accept-Encoding Negotiation
+
+```js
+availableEncodings = ['identity', 'gzip']
+
+negotiator = new Negotiator(request)
+
+// Let's say Accept-Encoding header is 'gzip, compress;q=0.2, identity;q=0.5'
+
+negotiator.encodings()
+// -> ['gzip', 'identity', 'compress']
+
+negotiator.encodings(availableEncodings)
+// -> ['gzip', 'identity']
+
+negotiator.encoding(availableEncodings)
+// -> 'gzip'
+```
+
+You can check a working example at `examples/encoding.js`.
+
+#### Methods
+
+##### encoding()
+
+Returns the most preferred encoding from the client.
+
+##### encoding(availableEncodings)
+
+Returns the most preferred encoding from a list of available encodings.
+
+##### encodings()
+
+Returns an array of preferred encodings ordered by the client preference.
+
+##### encodings(availableEncodings)
+
+Returns an array of preferred encodings ordered by priority from a list of
+available encodings.
+
+## See Also
+
+The [accepts](https://npmjs.org/package/accepts#readme) module builds on
+this module and provides an alternative interface, mime type validation,
+and more.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/negotiator.svg
+[npm-url]: https://npmjs.org/package/negotiator
+[node-version-image]: https://img.shields.io/node/v/negotiator.svg
+[node-version-url]: https://nodejs.org/en/download/
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/negotiator/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/negotiator?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/negotiator.svg
+[downloads-url]: https://npmjs.org/package/negotiator
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/negotiator/ci/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/negotiator/actions/workflows/ci.yml
diff --git a/node_modules/negotiator/index.js b/node_modules/negotiator/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..4788264b16c9f2282bba539529577ed31920425d
--- /dev/null
+++ b/node_modules/negotiator/index.js
@@ -0,0 +1,82 @@
+/*!
+ * negotiator
+ * Copyright(c) 2012 Federico Romero
+ * Copyright(c) 2012-2014 Isaac Z. Schlueter
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+var preferredCharsets = require('./lib/charset')
+var preferredEncodings = require('./lib/encoding')
+var preferredLanguages = require('./lib/language')
+var preferredMediaTypes = require('./lib/mediaType')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Negotiator;
+module.exports.Negotiator = Negotiator;
+
+/**
+ * Create a Negotiator instance from a request.
+ * @param {object} request
+ * @public
+ */
+
+function Negotiator(request) {
+ if (!(this instanceof Negotiator)) {
+ return new Negotiator(request);
+ }
+
+ this.request = request;
+}
+
+Negotiator.prototype.charset = function charset(available) {
+ var set = this.charsets(available);
+ return set && set[0];
+};
+
+Negotiator.prototype.charsets = function charsets(available) {
+ return preferredCharsets(this.request.headers['accept-charset'], available);
+};
+
+Negotiator.prototype.encoding = function encoding(available) {
+ var set = this.encodings(available);
+ return set && set[0];
+};
+
+Negotiator.prototype.encodings = function encodings(available) {
+ return preferredEncodings(this.request.headers['accept-encoding'], available);
+};
+
+Negotiator.prototype.language = function language(available) {
+ var set = this.languages(available);
+ return set && set[0];
+};
+
+Negotiator.prototype.languages = function languages(available) {
+ return preferredLanguages(this.request.headers['accept-language'], available);
+};
+
+Negotiator.prototype.mediaType = function mediaType(available) {
+ var set = this.mediaTypes(available);
+ return set && set[0];
+};
+
+Negotiator.prototype.mediaTypes = function mediaTypes(available) {
+ return preferredMediaTypes(this.request.headers.accept, available);
+};
+
+// Backwards compatibility
+Negotiator.prototype.preferredCharset = Negotiator.prototype.charset;
+Negotiator.prototype.preferredCharsets = Negotiator.prototype.charsets;
+Negotiator.prototype.preferredEncoding = Negotiator.prototype.encoding;
+Negotiator.prototype.preferredEncodings = Negotiator.prototype.encodings;
+Negotiator.prototype.preferredLanguage = Negotiator.prototype.language;
+Negotiator.prototype.preferredLanguages = Negotiator.prototype.languages;
+Negotiator.prototype.preferredMediaType = Negotiator.prototype.mediaType;
+Negotiator.prototype.preferredMediaTypes = Negotiator.prototype.mediaTypes;
diff --git a/node_modules/negotiator/lib/charset.js b/node_modules/negotiator/lib/charset.js
new file mode 100644
index 0000000000000000000000000000000000000000..cdd014803474a4b76b981c475a32ebcaa81a36e5
--- /dev/null
+++ b/node_modules/negotiator/lib/charset.js
@@ -0,0 +1,169 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredCharsets;
+module.exports.preferredCharsets = preferredCharsets;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleCharsetRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Charset header.
+ * @private
+ */
+
+function parseAcceptCharset(accept) {
+ var accepts = accept.split(',');
+
+ for (var i = 0, j = 0; i < accepts.length; i++) {
+ var charset = parseCharset(accepts[i].trim(), i);
+
+ if (charset) {
+ accepts[j++] = charset;
+ }
+ }
+
+ // trim accepts
+ accepts.length = j;
+
+ return accepts;
+}
+
+/**
+ * Parse a charset from the Accept-Charset header.
+ * @private
+ */
+
+function parseCharset(str, i) {
+ var match = simpleCharsetRegExp.exec(str);
+ if (!match) return null;
+
+ var charset = match[1];
+ var q = 1;
+ if (match[2]) {
+ var params = match[2].split(';')
+ for (var j = 0; j < params.length; j++) {
+ var p = params[j].trim().split('=');
+ if (p[0] === 'q') {
+ q = parseFloat(p[1]);
+ break;
+ }
+ }
+ }
+
+ return {
+ charset: charset,
+ q: q,
+ i: i
+ };
+}
+
+/**
+ * Get the priority of a charset.
+ * @private
+ */
+
+function getCharsetPriority(charset, accepted, index) {
+ var priority = {o: -1, q: 0, s: 0};
+
+ for (var i = 0; i < accepted.length; i++) {
+ var spec = specify(charset, accepted[i], index);
+
+ if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+ priority = spec;
+ }
+ }
+
+ return priority;
+}
+
+/**
+ * Get the specificity of the charset.
+ * @private
+ */
+
+function specify(charset, spec, index) {
+ var s = 0;
+ if(spec.charset.toLowerCase() === charset.toLowerCase()){
+ s |= 1;
+ } else if (spec.charset !== '*' ) {
+ return null
+ }
+
+ return {
+ i: index,
+ o: spec.i,
+ q: spec.q,
+ s: s
+ }
+}
+
+/**
+ * Get the preferred charsets from an Accept-Charset header.
+ * @public
+ */
+
+function preferredCharsets(accept, provided) {
+ // RFC 2616 sec 14.2: no header = *
+ var accepts = parseAcceptCharset(accept === undefined ? '*' : accept || '');
+
+ if (!provided) {
+ // sorted list of all charsets
+ return accepts
+ .filter(isQuality)
+ .sort(compareSpecs)
+ .map(getFullCharset);
+ }
+
+ var priorities = provided.map(function getPriority(type, index) {
+ return getCharsetPriority(type, accepts, index);
+ });
+
+ // sorted list of accepted charsets
+ return priorities.filter(isQuality).sort(compareSpecs).map(function getCharset(priority) {
+ return provided[priorities.indexOf(priority)];
+ });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+ return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full charset string.
+ * @private
+ */
+
+function getFullCharset(spec) {
+ return spec.charset;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+ return spec.q > 0;
+}
diff --git a/node_modules/negotiator/lib/encoding.js b/node_modules/negotiator/lib/encoding.js
new file mode 100644
index 0000000000000000000000000000000000000000..8432cd77b8a96940b87d747dbb30ee9c2d065a31
--- /dev/null
+++ b/node_modules/negotiator/lib/encoding.js
@@ -0,0 +1,184 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredEncodings;
+module.exports.preferredEncodings = preferredEncodings;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleEncodingRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Encoding header.
+ * @private
+ */
+
+function parseAcceptEncoding(accept) {
+ var accepts = accept.split(',');
+ var hasIdentity = false;
+ var minQuality = 1;
+
+ for (var i = 0, j = 0; i < accepts.length; i++) {
+ var encoding = parseEncoding(accepts[i].trim(), i);
+
+ if (encoding) {
+ accepts[j++] = encoding;
+ hasIdentity = hasIdentity || specify('identity', encoding);
+ minQuality = Math.min(minQuality, encoding.q || 1);
+ }
+ }
+
+ if (!hasIdentity) {
+ /*
+ * If identity doesn't explicitly appear in the accept-encoding header,
+ * it's added to the list of acceptable encoding with the lowest q
+ */
+ accepts[j++] = {
+ encoding: 'identity',
+ q: minQuality,
+ i: i
+ };
+ }
+
+ // trim accepts
+ accepts.length = j;
+
+ return accepts;
+}
+
+/**
+ * Parse an encoding from the Accept-Encoding header.
+ * @private
+ */
+
+function parseEncoding(str, i) {
+ var match = simpleEncodingRegExp.exec(str);
+ if (!match) return null;
+
+ var encoding = match[1];
+ var q = 1;
+ if (match[2]) {
+ var params = match[2].split(';');
+ for (var j = 0; j < params.length; j++) {
+ var p = params[j].trim().split('=');
+ if (p[0] === 'q') {
+ q = parseFloat(p[1]);
+ break;
+ }
+ }
+ }
+
+ return {
+ encoding: encoding,
+ q: q,
+ i: i
+ };
+}
+
+/**
+ * Get the priority of an encoding.
+ * @private
+ */
+
+function getEncodingPriority(encoding, accepted, index) {
+ var priority = {o: -1, q: 0, s: 0};
+
+ for (var i = 0; i < accepted.length; i++) {
+ var spec = specify(encoding, accepted[i], index);
+
+ if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+ priority = spec;
+ }
+ }
+
+ return priority;
+}
+
+/**
+ * Get the specificity of the encoding.
+ * @private
+ */
+
+function specify(encoding, spec, index) {
+ var s = 0;
+ if(spec.encoding.toLowerCase() === encoding.toLowerCase()){
+ s |= 1;
+ } else if (spec.encoding !== '*' ) {
+ return null
+ }
+
+ return {
+ i: index,
+ o: spec.i,
+ q: spec.q,
+ s: s
+ }
+};
+
+/**
+ * Get the preferred encodings from an Accept-Encoding header.
+ * @public
+ */
+
+function preferredEncodings(accept, provided) {
+ var accepts = parseAcceptEncoding(accept || '');
+
+ if (!provided) {
+ // sorted list of all encodings
+ return accepts
+ .filter(isQuality)
+ .sort(compareSpecs)
+ .map(getFullEncoding);
+ }
+
+ var priorities = provided.map(function getPriority(type, index) {
+ return getEncodingPriority(type, accepts, index);
+ });
+
+ // sorted list of accepted encodings
+ return priorities.filter(isQuality).sort(compareSpecs).map(function getEncoding(priority) {
+ return provided[priorities.indexOf(priority)];
+ });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+ return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full encoding string.
+ * @private
+ */
+
+function getFullEncoding(spec) {
+ return spec.encoding;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+ return spec.q > 0;
+}
diff --git a/node_modules/negotiator/lib/language.js b/node_modules/negotiator/lib/language.js
new file mode 100644
index 0000000000000000000000000000000000000000..a23167252719be841ad570eb655a703a4ae8fe9e
--- /dev/null
+++ b/node_modules/negotiator/lib/language.js
@@ -0,0 +1,179 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredLanguages;
+module.exports.preferredLanguages = preferredLanguages;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleLanguageRegExp = /^\s*([^\s\-;]+)(?:-([^\s;]+))?\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Language header.
+ * @private
+ */
+
+function parseAcceptLanguage(accept) {
+ var accepts = accept.split(',');
+
+ for (var i = 0, j = 0; i < accepts.length; i++) {
+ var language = parseLanguage(accepts[i].trim(), i);
+
+ if (language) {
+ accepts[j++] = language;
+ }
+ }
+
+ // trim accepts
+ accepts.length = j;
+
+ return accepts;
+}
+
+/**
+ * Parse a language from the Accept-Language header.
+ * @private
+ */
+
+function parseLanguage(str, i) {
+ var match = simpleLanguageRegExp.exec(str);
+ if (!match) return null;
+
+ var prefix = match[1]
+ var suffix = match[2]
+ var full = prefix
+
+ if (suffix) full += "-" + suffix;
+
+ var q = 1;
+ if (match[3]) {
+ var params = match[3].split(';')
+ for (var j = 0; j < params.length; j++) {
+ var p = params[j].split('=');
+ if (p[0] === 'q') q = parseFloat(p[1]);
+ }
+ }
+
+ return {
+ prefix: prefix,
+ suffix: suffix,
+ q: q,
+ i: i,
+ full: full
+ };
+}
+
+/**
+ * Get the priority of a language.
+ * @private
+ */
+
+function getLanguagePriority(language, accepted, index) {
+ var priority = {o: -1, q: 0, s: 0};
+
+ for (var i = 0; i < accepted.length; i++) {
+ var spec = specify(language, accepted[i], index);
+
+ if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+ priority = spec;
+ }
+ }
+
+ return priority;
+}
+
+/**
+ * Get the specificity of the language.
+ * @private
+ */
+
+function specify(language, spec, index) {
+ var p = parseLanguage(language)
+ if (!p) return null;
+ var s = 0;
+ if(spec.full.toLowerCase() === p.full.toLowerCase()){
+ s |= 4;
+ } else if (spec.prefix.toLowerCase() === p.full.toLowerCase()) {
+ s |= 2;
+ } else if (spec.full.toLowerCase() === p.prefix.toLowerCase()) {
+ s |= 1;
+ } else if (spec.full !== '*' ) {
+ return null
+ }
+
+ return {
+ i: index,
+ o: spec.i,
+ q: spec.q,
+ s: s
+ }
+};
+
+/**
+ * Get the preferred languages from an Accept-Language header.
+ * @public
+ */
+
+function preferredLanguages(accept, provided) {
+ // RFC 2616 sec 14.4: no header = *
+ var accepts = parseAcceptLanguage(accept === undefined ? '*' : accept || '');
+
+ if (!provided) {
+ // sorted list of all languages
+ return accepts
+ .filter(isQuality)
+ .sort(compareSpecs)
+ .map(getFullLanguage);
+ }
+
+ var priorities = provided.map(function getPriority(type, index) {
+ return getLanguagePriority(type, accepts, index);
+ });
+
+ // sorted list of accepted languages
+ return priorities.filter(isQuality).sort(compareSpecs).map(function getLanguage(priority) {
+ return provided[priorities.indexOf(priority)];
+ });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+ return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full language string.
+ * @private
+ */
+
+function getFullLanguage(spec) {
+ return spec.full;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+ return spec.q > 0;
+}
diff --git a/node_modules/negotiator/lib/mediaType.js b/node_modules/negotiator/lib/mediaType.js
new file mode 100644
index 0000000000000000000000000000000000000000..67309dd75f1b62cfe90bfa622919fdae8b80bc0b
--- /dev/null
+++ b/node_modules/negotiator/lib/mediaType.js
@@ -0,0 +1,294 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredMediaTypes;
+module.exports.preferredMediaTypes = preferredMediaTypes;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept header.
+ * @private
+ */
+
+function parseAccept(accept) {
+ var accepts = splitMediaTypes(accept);
+
+ for (var i = 0, j = 0; i < accepts.length; i++) {
+ var mediaType = parseMediaType(accepts[i].trim(), i);
+
+ if (mediaType) {
+ accepts[j++] = mediaType;
+ }
+ }
+
+ // trim accepts
+ accepts.length = j;
+
+ return accepts;
+}
+
+/**
+ * Parse a media type from the Accept header.
+ * @private
+ */
+
+function parseMediaType(str, i) {
+ var match = simpleMediaTypeRegExp.exec(str);
+ if (!match) return null;
+
+ var params = Object.create(null);
+ var q = 1;
+ var subtype = match[2];
+ var type = match[1];
+
+ if (match[3]) {
+ var kvps = splitParameters(match[3]).map(splitKeyValuePair);
+
+ for (var j = 0; j < kvps.length; j++) {
+ var pair = kvps[j];
+ var key = pair[0].toLowerCase();
+ var val = pair[1];
+
+ // get the value, unwrapping quotes
+ var value = val && val[0] === '"' && val[val.length - 1] === '"'
+ ? val.substr(1, val.length - 2)
+ : val;
+
+ if (key === 'q') {
+ q = parseFloat(value);
+ break;
+ }
+
+ // store parameter
+ params[key] = value;
+ }
+ }
+
+ return {
+ type: type,
+ subtype: subtype,
+ params: params,
+ q: q,
+ i: i
+ };
+}
+
+/**
+ * Get the priority of a media type.
+ * @private
+ */
+
+function getMediaTypePriority(type, accepted, index) {
+ var priority = {o: -1, q: 0, s: 0};
+
+ for (var i = 0; i < accepted.length; i++) {
+ var spec = specify(type, accepted[i], index);
+
+ if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+ priority = spec;
+ }
+ }
+
+ return priority;
+}
+
+/**
+ * Get the specificity of the media type.
+ * @private
+ */
+
+function specify(type, spec, index) {
+ var p = parseMediaType(type);
+ var s = 0;
+
+ if (!p) {
+ return null;
+ }
+
+ if(spec.type.toLowerCase() == p.type.toLowerCase()) {
+ s |= 4
+ } else if(spec.type != '*') {
+ return null;
+ }
+
+ if(spec.subtype.toLowerCase() == p.subtype.toLowerCase()) {
+ s |= 2
+ } else if(spec.subtype != '*') {
+ return null;
+ }
+
+ var keys = Object.keys(spec.params);
+ if (keys.length > 0) {
+ if (keys.every(function (k) {
+ return spec.params[k] == '*' || (spec.params[k] || '').toLowerCase() == (p.params[k] || '').toLowerCase();
+ })) {
+ s |= 1
+ } else {
+ return null
+ }
+ }
+
+ return {
+ i: index,
+ o: spec.i,
+ q: spec.q,
+ s: s,
+ }
+}
+
+/**
+ * Get the preferred media types from an Accept header.
+ * @public
+ */
+
+function preferredMediaTypes(accept, provided) {
+ // RFC 2616 sec 14.2: no header = */*
+ var accepts = parseAccept(accept === undefined ? '*/*' : accept || '');
+
+ if (!provided) {
+ // sorted list of all types
+ return accepts
+ .filter(isQuality)
+ .sort(compareSpecs)
+ .map(getFullType);
+ }
+
+ var priorities = provided.map(function getPriority(type, index) {
+ return getMediaTypePriority(type, accepts, index);
+ });
+
+ // sorted list of accepted types
+ return priorities.filter(isQuality).sort(compareSpecs).map(function getType(priority) {
+ return provided[priorities.indexOf(priority)];
+ });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+ return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full type string.
+ * @private
+ */
+
+function getFullType(spec) {
+ return spec.type + '/' + spec.subtype;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+ return spec.q > 0;
+}
+
+/**
+ * Count the number of quotes in a string.
+ * @private
+ */
+
+function quoteCount(string) {
+ var count = 0;
+ var index = 0;
+
+ while ((index = string.indexOf('"', index)) !== -1) {
+ count++;
+ index++;
+ }
+
+ return count;
+}
+
+/**
+ * Split a key value pair.
+ * @private
+ */
+
+function splitKeyValuePair(str) {
+ var index = str.indexOf('=');
+ var key;
+ var val;
+
+ if (index === -1) {
+ key = str;
+ } else {
+ key = str.substr(0, index);
+ val = str.substr(index + 1);
+ }
+
+ return [key, val];
+}
+
+/**
+ * Split an Accept header into media types.
+ * @private
+ */
+
+function splitMediaTypes(accept) {
+ var accepts = accept.split(',');
+
+ for (var i = 1, j = 0; i < accepts.length; i++) {
+ if (quoteCount(accepts[j]) % 2 == 0) {
+ accepts[++j] = accepts[i];
+ } else {
+ accepts[j] += ',' + accepts[i];
+ }
+ }
+
+ // trim accepts
+ accepts.length = j + 1;
+
+ return accepts;
+}
+
+/**
+ * Split a string of parameters.
+ * @private
+ */
+
+function splitParameters(str) {
+ var parameters = str.split(';');
+
+ for (var i = 1, j = 0; i < parameters.length; i++) {
+ if (quoteCount(parameters[j]) % 2 == 0) {
+ parameters[++j] = parameters[i];
+ } else {
+ parameters[j] += ';' + parameters[i];
+ }
+ }
+
+ // trim parameters
+ parameters.length = j + 1;
+
+ for (var i = 0; i < parameters.length; i++) {
+ parameters[i] = parameters[i].trim();
+ }
+
+ return parameters;
+}
diff --git a/node_modules/negotiator/package.json b/node_modules/negotiator/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..297635f6d34177956186df7c6a7e502ebb576da2
--- /dev/null
+++ b/node_modules/negotiator/package.json
@@ -0,0 +1,42 @@
+{
+ "name": "negotiator",
+ "description": "HTTP content negotiation",
+ "version": "0.6.3",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "Federico Romero <federico.romero@outboxlabs.com>",
+ "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "http",
+ "content negotiation",
+ "accept",
+ "accept-language",
+ "accept-encoding",
+ "accept-charset"
+ ],
+ "repository": "jshttp/negotiator",
+ "devDependencies": {
+ "eslint": "7.32.0",
+ "eslint-plugin-markdown": "2.2.1",
+ "mocha": "9.1.3",
+ "nyc": "15.1.0"
+ },
+ "files": [
+ "lib/",
+ "HISTORY.md",
+ "LICENSE",
+ "index.js",
+ "README.md"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --check-leaks --bail test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test"
+ }
+}
diff --git a/node_modules/path-to-regexp/LICENSE b/node_modules/path-to-regexp/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..983fbe8aec3f4e2d4add592bb1083b00d7366f66
--- /dev/null
+++ b/node_modules/path-to-regexp/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/node_modules/path-to-regexp/Readme.md b/node_modules/path-to-regexp/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..95452a6e9ee2ca18ec76107d4f7c78a5ef7991db
--- /dev/null
+++ b/node_modules/path-to-regexp/Readme.md
@@ -0,0 +1,35 @@
+# Path-to-RegExp
+
+Turn an Express-style path string such as `/user/:name` into a regular expression.
+
+**Note:** This is a legacy branch. You should upgrade to `1.x`.
+
+## Usage
+
+```javascript
+var pathToRegexp = require('path-to-regexp');
+```
+
+### pathToRegexp(path, keys, options)
+
+ - **path** A string in the express format, an array of such strings, or a regular expression
+ - **keys** An array to be populated with the keys present in the url. Once the function completes, this will be an array of strings.
+ - **options**
+ - **options.sensitive** Defaults to false, set this to true to make routes case sensitive
+ - **options.strict** Defaults to false, set this to true to make the trailing slash matter.
+ - **options.end** Defaults to true, set this to false to only match the prefix of the URL.
+
+```javascript
+var keys = [];
+var exp = pathToRegexp('/foo/:bar', keys);
+//keys = ['bar']
+//exp = /^\/foo\/(?:([^\/]+?))\/?$/i
+```
+
+## Live Demo
+
+You can see a live demo of this library in use at [express-route-tester](http://forbeslindesay.github.com/express-route-tester/).
+
+## License
+
+ MIT
diff --git a/node_modules/path-to-regexp/index.js b/node_modules/path-to-regexp/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..95d2f4bbad4a8fb52c7937fc3abdc28ea68b7d72
--- /dev/null
+++ b/node_modules/path-to-regexp/index.js
@@ -0,0 +1,156 @@
+/**
+ * Expose `pathToRegexp`.
+ */
+
+module.exports = pathToRegexp;
+
+/**
+ * Match matching groups in a regular expression.
+ */
+var MATCHING_GROUP_REGEXP = /\\.|\((?:\?<(.*?)>)?(?!\?)/g;
+
+/**
+ * Normalize the given path string,
+ * returning a regular expression.
+ *
+ * An empty array should be passed,
+ * which will contain the placeholder
+ * key names. For example "/user/:id" will
+ * then contain ["id"].
+ *
+ * @param {String|RegExp|Array} path
+ * @param {Array} keys
+ * @param {Object} options
+ * @return {RegExp}
+ * @api private
+ */
+
+function pathToRegexp(path, keys, options) {
+ options = options || {};
+ keys = keys || [];
+ var strict = options.strict;
+ var end = options.end !== false;
+ var flags = options.sensitive ? '' : 'i';
+ var lookahead = options.lookahead !== false;
+ var extraOffset = 0;
+ var keysOffset = keys.length;
+ var i = 0;
+ var name = 0;
+ var pos = 0;
+ var backtrack = '';
+ var m;
+
+ if (path instanceof RegExp) {
+ while (m = MATCHING_GROUP_REGEXP.exec(path.source)) {
+ if (m[0][0] === '\\') continue;
+
+ keys.push({
+ name: m[1] || name++,
+ optional: false,
+ offset: m.index
+ });
+ }
+
+ return path;
+ }
+
+ if (Array.isArray(path)) {
+ // Map array parts into regexps and return their source. We also pass
+ // the same keys and options instance into every generation to get
+ // consistent matching groups before we join the sources together.
+ path = path.map(function (value) {
+ return pathToRegexp(value, keys, options).source;
+ });
+
+ return new RegExp(path.join('|'), flags);
+ }
+
+ if (typeof path !== 'string') {
+ throw new TypeError('path must be a string, array of strings, or regular expression');
+ }
+
+ path = path.replace(
+ /\\.|(\/)?(\.)?:(\w+)(\(.*?\))?(\*)?(\?)?|[.*]|\/\(/g,
+ function (match, slash, format, key, capture, star, optional, offset) {
+ if (match[0] === '\\') {
+ backtrack += match;
+ pos += 2;
+ return match;
+ }
+
+ if (match === '.') {
+ backtrack += '\\.';
+ extraOffset += 1;
+ pos += 1;
+ return '\\.';
+ }
+
+ if (slash || format) {
+ backtrack = '';
+ } else {
+ backtrack += path.slice(pos, offset);
+ }
+
+ pos = offset + match.length;
+
+ if (match === '*') {
+ extraOffset += 3;
+ return '(.*)';
+ }
+
+ if (match === '/(') {
+ backtrack += '/';
+ extraOffset += 2;
+ return '/(?:';
+ }
+
+ slash = slash || '';
+ format = format ? '\\.' : '';
+ optional = optional || '';
+ capture = capture ?
+ capture.replace(/\\.|\*/, function (m) { return m === '*' ? '(.*)' : m; }) :
+ (backtrack ? '((?:(?!/|' + backtrack + ').)+?)' : '([^/' + format + ']+?)');
+
+ keys.push({
+ name: key,
+ optional: !!optional,
+ offset: offset + extraOffset
+ });
+
+ var result = '(?:'
+ + format + slash + capture
+ + (star ? '((?:[/' + format + '].+?)?)' : '')
+ + ')'
+ + optional;
+
+ extraOffset += result.length - match.length;
+
+ return result;
+ });
+
+ // This is a workaround for handling unnamed matching groups.
+ while (m = MATCHING_GROUP_REGEXP.exec(path)) {
+ if (m[0][0] === '\\') continue;
+
+ if (keysOffset + i === keys.length || keys[keysOffset + i].offset > m.index) {
+ keys.splice(keysOffset + i, 0, {
+ name: name++, // Unnamed matching groups must be consistently linear.
+ optional: false,
+ offset: m.index
+ });
+ }
+
+ i++;
+ }
+
+ path += strict ? '' : path[path.length - 1] === '/' ? '?' : '/?';
+
+ // If the path is non-ending, match until the end or a slash.
+ if (end) {
+ path += '$';
+ } else if (path[path.length - 1] !== '/') {
+ path += lookahead ? '(?=/|$)' : '(?:/|$)';
+ }
+
+ return new RegExp('^' + path, flags);
+};
diff --git a/node_modules/path-to-regexp/package.json b/node_modules/path-to-regexp/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..23b4b6a3bdcfc64317349c90dd867859a6b93728
--- /dev/null
+++ b/node_modules/path-to-regexp/package.json
@@ -0,0 +1,30 @@
+{
+ "name": "path-to-regexp",
+ "description": "Express style path to RegExp utility",
+ "version": "0.1.12",
+ "files": [
+ "index.js",
+ "LICENSE"
+ ],
+ "scripts": {
+ "test": "istanbul cover _mocha -- -R spec"
+ },
+ "keywords": [
+ "express",
+ "regexp"
+ ],
+ "component": {
+ "scripts": {
+ "path-to-regexp": "index.js"
+ }
+ },
+ "license": "MIT",
+ "repository": {
+ "type": "git",
+ "url": "https://github.com/pillarjs/path-to-regexp.git"
+ },
+ "devDependencies": {
+ "mocha": "^1.17.1",
+ "istanbul": "^0.2.6"
+ }
+}
diff --git a/node_modules/proxy-addr/HISTORY.md b/node_modules/proxy-addr/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..8480242a0c43af25ec8d685e941b6a79a65c8fb4
--- /dev/null
+++ b/node_modules/proxy-addr/HISTORY.md
@@ -0,0 +1,161 @@
+2.0.7 / 2021-05-31
+==================
+
+ * deps: forwarded@0.2.0
+ - Use `req.socket` over deprecated `req.connection`
+
+2.0.6 / 2020-02-24
+==================
+
+ * deps: ipaddr.js@1.9.1
+
+2.0.5 / 2019-04-16
+==================
+
+ * deps: ipaddr.js@1.9.0
+
+2.0.4 / 2018-07-26
+==================
+
+ * deps: ipaddr.js@1.8.0
+
+2.0.3 / 2018-02-19
+==================
+
+ * deps: ipaddr.js@1.6.0
+
+2.0.2 / 2017-09-24
+==================
+
+ * deps: forwarded@~0.1.2
+ - perf: improve header parsing
+ - perf: reduce overhead when no `X-Forwarded-For` header
+
+2.0.1 / 2017-09-10
+==================
+
+ * deps: forwarded@~0.1.1
+ - Fix trimming leading / trailing OWS
+ - perf: hoist regular expression
+ * deps: ipaddr.js@1.5.2
+
+2.0.0 / 2017-08-08
+==================
+
+ * Drop support for Node.js below 0.10
+
+1.1.5 / 2017-07-25
+==================
+
+ * Fix array argument being altered
+ * deps: ipaddr.js@1.4.0
+
+1.1.4 / 2017-03-24
+==================
+
+ * deps: ipaddr.js@1.3.0
+
+1.1.3 / 2017-01-14
+==================
+
+ * deps: ipaddr.js@1.2.0
+
+1.1.2 / 2016-05-29
+==================
+
+ * deps: ipaddr.js@1.1.1
+ - Fix IPv6-mapped IPv4 validation edge cases
+
+1.1.1 / 2016-05-03
+==================
+
+ * Fix regression matching mixed versions against multiple subnets
+
+1.1.0 / 2016-05-01
+==================
+
+ * Fix accepting various invalid netmasks
+ - IPv4 netmasks must be contingous
+ - IPv6 addresses cannot be used as a netmask
+ * deps: ipaddr.js@1.1.0
+
+1.0.10 / 2015-12-09
+===================
+
+ * deps: ipaddr.js@1.0.5
+ - Fix regression in `isValid` with non-string arguments
+
+1.0.9 / 2015-12-01
+==================
+
+ * deps: ipaddr.js@1.0.4
+ - Fix accepting some invalid IPv6 addresses
+ - Reject CIDRs with negative or overlong masks
+ * perf: enable strict mode
+
+1.0.8 / 2015-05-10
+==================
+
+ * deps: ipaddr.js@1.0.1
+
+1.0.7 / 2015-03-16
+==================
+
+ * deps: ipaddr.js@0.1.9
+ - Fix OOM on certain inputs to `isValid`
+
+1.0.6 / 2015-02-01
+==================
+
+ * deps: ipaddr.js@0.1.8
+
+1.0.5 / 2015-01-08
+==================
+
+ * deps: ipaddr.js@0.1.6
+
+1.0.4 / 2014-11-23
+==================
+
+ * deps: ipaddr.js@0.1.5
+ - Fix edge cases with `isValid`
+
+1.0.3 / 2014-09-21
+==================
+
+ * Use `forwarded` npm module
+
+1.0.2 / 2014-09-18
+==================
+
+ * Fix a global leak when multiple subnets are trusted
+ * Support Node.js 0.6
+ * deps: ipaddr.js@0.1.3
+
+1.0.1 / 2014-06-03
+==================
+
+ * Fix links in npm package
+
+1.0.0 / 2014-05-08
+==================
+
+ * Add `trust` argument to determine proxy trust on
+ * Accepts custom function
+ * Accepts IPv4/IPv6 address(es)
+ * Accepts subnets
+ * Accepts pre-defined names
+ * Add optional `trust` argument to `proxyaddr.all` to
+ stop at first untrusted
+ * Add `proxyaddr.compile` to pre-compile `trust` function
+ to make subsequent calls faster
+
+0.0.1 / 2014-05-04
+==================
+
+ * Fix bad npm publish
+
+0.0.0 / 2014-05-04
+==================
+
+ * Initial release
diff --git a/node_modules/proxy-addr/LICENSE b/node_modules/proxy-addr/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..cab251c2b9a81318267600f68130faa3a290e5fd
--- /dev/null
+++ b/node_modules/proxy-addr/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/proxy-addr/README.md b/node_modules/proxy-addr/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..69c0b63eab22e32821df374c5e84a37c665c28c3
--- /dev/null
+++ b/node_modules/proxy-addr/README.md
@@ -0,0 +1,139 @@
+# proxy-addr
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Determine address of proxied request
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install proxy-addr
+```
+
+## API
+
+```js
+var proxyaddr = require('proxy-addr')
+```
+
+### proxyaddr(req, trust)
+
+Return the address of the request, using the given `trust` parameter.
+
+The `trust` argument is a function that returns `true` if you trust
+the address, `false` if you don't. The closest untrusted address is
+returned.
+
+```js
+proxyaddr(req, function (addr) { return addr === '127.0.0.1' })
+proxyaddr(req, function (addr, i) { return i < 1 })
+```
+
+The `trust` arugment may also be a single IP address string or an
+array of trusted addresses, as plain IP addresses, CIDR-formatted
+strings, or IP/netmask strings.
+
+```js
+proxyaddr(req, '127.0.0.1')
+proxyaddr(req, ['127.0.0.0/8', '10.0.0.0/8'])
+proxyaddr(req, ['127.0.0.0/255.0.0.0', '192.168.0.0/255.255.0.0'])
+```
+
+This module also supports IPv6. Your IPv6 addresses will be normalized
+automatically (i.e. `fe80::00ed:1` equals `fe80:0:0:0:0:0:ed:1`).
+
+```js
+proxyaddr(req, '::1')
+proxyaddr(req, ['::1/128', 'fe80::/10'])
+```
+
+This module will automatically work with IPv4-mapped IPv6 addresses
+as well to support node.js in IPv6-only mode. This means that you do
+not have to specify both `::ffff:a00:1` and `10.0.0.1`.
+
+As a convenience, this module also takes certain pre-defined names
+in addition to IP addresses, which expand into IP addresses:
+
+```js
+proxyaddr(req, 'loopback')
+proxyaddr(req, ['loopback', 'fc00:ac:1ab5:fff::1/64'])
+```
+
+ * `loopback`: IPv4 and IPv6 loopback addresses (like `::1` and
+ `127.0.0.1`).
+ * `linklocal`: IPv4 and IPv6 link-local addresses (like
+ `fe80::1:1:1:1` and `169.254.0.1`).
+ * `uniquelocal`: IPv4 private addresses and IPv6 unique-local
+ addresses (like `fc00:ac:1ab5:fff::1` and `192.168.0.1`).
+
+When `trust` is specified as a function, it will be called for each
+address to determine if it is a trusted address. The function is
+given two arguments: `addr` and `i`, where `addr` is a string of
+the address to check and `i` is a number that represents the distance
+from the socket address.
+
+### proxyaddr.all(req, [trust])
+
+Return all the addresses of the request, optionally stopping at the
+first untrusted. This array is ordered from closest to furthest
+(i.e. `arr[0] === req.connection.remoteAddress`).
+
+```js
+proxyaddr.all(req)
+```
+
+The optional `trust` argument takes the same arguments as `trust`
+does in `proxyaddr(req, trust)`.
+
+```js
+proxyaddr.all(req, 'loopback')
+```
+
+### proxyaddr.compile(val)
+
+Compiles argument `val` into a `trust` function. This function takes
+the same arguments as `trust` does in `proxyaddr(req, trust)` and
+returns a function suitable for `proxyaddr(req, trust)`.
+
+```js
+var trust = proxyaddr.compile('loopback')
+var addr = proxyaddr(req, trust)
+```
+
+This function is meant to be optimized for use against every request.
+It is recommend to compile a trust function up-front for the trusted
+configuration and pass that to `proxyaddr(req, trust)` for each request.
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmarks
+
+```sh
+$ npm run-script bench
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/proxy-addr/master?label=ci
+[ci-url]: https://github.com/jshttp/proxy-addr/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/proxy-addr/master
+[coveralls-url]: https://coveralls.io/r/jshttp/proxy-addr?branch=master
+[node-image]: https://badgen.net/npm/node/proxy-addr
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/proxy-addr
+[npm-url]: https://npmjs.org/package/proxy-addr
+[npm-version-image]: https://badgen.net/npm/v/proxy-addr
diff --git a/node_modules/proxy-addr/index.js b/node_modules/proxy-addr/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..a909b05064a377ed49b5aea673d0849970f050e9
--- /dev/null
+++ b/node_modules/proxy-addr/index.js
@@ -0,0 +1,327 @@
+/*!
+ * proxy-addr
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = proxyaddr
+module.exports.all = alladdrs
+module.exports.compile = compile
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var forwarded = require('forwarded')
+var ipaddr = require('ipaddr.js')
+
+/**
+ * Variables.
+ * @private
+ */
+
+var DIGIT_REGEXP = /^[0-9]+$/
+var isip = ipaddr.isValid
+var parseip = ipaddr.parse
+
+/**
+ * Pre-defined IP ranges.
+ * @private
+ */
+
+var IP_RANGES = {
+ linklocal: ['169.254.0.0/16', 'fe80::/10'],
+ loopback: ['127.0.0.1/8', '::1/128'],
+ uniquelocal: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7']
+}
+
+/**
+ * Get all addresses in the request, optionally stopping
+ * at the first untrusted.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} [trust]
+ * @public
+ */
+
+function alladdrs (req, trust) {
+ // get addresses
+ var addrs = forwarded(req)
+
+ if (!trust) {
+ // Return all addresses
+ return addrs
+ }
+
+ if (typeof trust !== 'function') {
+ trust = compile(trust)
+ }
+
+ for (var i = 0; i < addrs.length - 1; i++) {
+ if (trust(addrs[i], i)) continue
+
+ addrs.length = i + 1
+ }
+
+ return addrs
+}
+
+/**
+ * Compile argument into trust function.
+ *
+ * @param {Array|String} val
+ * @private
+ */
+
+function compile (val) {
+ if (!val) {
+ throw new TypeError('argument is required')
+ }
+
+ var trust
+
+ if (typeof val === 'string') {
+ trust = [val]
+ } else if (Array.isArray(val)) {
+ trust = val.slice()
+ } else {
+ throw new TypeError('unsupported trust argument')
+ }
+
+ for (var i = 0; i < trust.length; i++) {
+ val = trust[i]
+
+ if (!Object.prototype.hasOwnProperty.call(IP_RANGES, val)) {
+ continue
+ }
+
+ // Splice in pre-defined range
+ val = IP_RANGES[val]
+ trust.splice.apply(trust, [i, 1].concat(val))
+ i += val.length - 1
+ }
+
+ return compileTrust(compileRangeSubnets(trust))
+}
+
+/**
+ * Compile `arr` elements into range subnets.
+ *
+ * @param {Array} arr
+ * @private
+ */
+
+function compileRangeSubnets (arr) {
+ var rangeSubnets = new Array(arr.length)
+
+ for (var i = 0; i < arr.length; i++) {
+ rangeSubnets[i] = parseipNotation(arr[i])
+ }
+
+ return rangeSubnets
+}
+
+/**
+ * Compile range subnet array into trust function.
+ *
+ * @param {Array} rangeSubnets
+ * @private
+ */
+
+function compileTrust (rangeSubnets) {
+ // Return optimized function based on length
+ var len = rangeSubnets.length
+ return len === 0
+ ? trustNone
+ : len === 1
+ ? trustSingle(rangeSubnets[0])
+ : trustMulti(rangeSubnets)
+}
+
+/**
+ * Parse IP notation string into range subnet.
+ *
+ * @param {String} note
+ * @private
+ */
+
+function parseipNotation (note) {
+ var pos = note.lastIndexOf('/')
+ var str = pos !== -1
+ ? note.substring(0, pos)
+ : note
+
+ if (!isip(str)) {
+ throw new TypeError('invalid IP address: ' + str)
+ }
+
+ var ip = parseip(str)
+
+ if (pos === -1 && ip.kind() === 'ipv6' && ip.isIPv4MappedAddress()) {
+ // Store as IPv4
+ ip = ip.toIPv4Address()
+ }
+
+ var max = ip.kind() === 'ipv6'
+ ? 128
+ : 32
+
+ var range = pos !== -1
+ ? note.substring(pos + 1, note.length)
+ : null
+
+ if (range === null) {
+ range = max
+ } else if (DIGIT_REGEXP.test(range)) {
+ range = parseInt(range, 10)
+ } else if (ip.kind() === 'ipv4' && isip(range)) {
+ range = parseNetmask(range)
+ } else {
+ range = null
+ }
+
+ if (range <= 0 || range > max) {
+ throw new TypeError('invalid range on address: ' + note)
+ }
+
+ return [ip, range]
+}
+
+/**
+ * Parse netmask string into CIDR range.
+ *
+ * @param {String} netmask
+ * @private
+ */
+
+function parseNetmask (netmask) {
+ var ip = parseip(netmask)
+ var kind = ip.kind()
+
+ return kind === 'ipv4'
+ ? ip.prefixLengthFromSubnetMask()
+ : null
+}
+
+/**
+ * Determine address of proxied request.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} trust
+ * @public
+ */
+
+function proxyaddr (req, trust) {
+ if (!req) {
+ throw new TypeError('req argument is required')
+ }
+
+ if (!trust) {
+ throw new TypeError('trust argument is required')
+ }
+
+ var addrs = alladdrs(req, trust)
+ var addr = addrs[addrs.length - 1]
+
+ return addr
+}
+
+/**
+ * Static trust function to trust nothing.
+ *
+ * @private
+ */
+
+function trustNone () {
+ return false
+}
+
+/**
+ * Compile trust function for multiple subnets.
+ *
+ * @param {Array} subnets
+ * @private
+ */
+
+function trustMulti (subnets) {
+ return function trust (addr) {
+ if (!isip(addr)) return false
+
+ var ip = parseip(addr)
+ var ipconv
+ var kind = ip.kind()
+
+ for (var i = 0; i < subnets.length; i++) {
+ var subnet = subnets[i]
+ var subnetip = subnet[0]
+ var subnetkind = subnetip.kind()
+ var subnetrange = subnet[1]
+ var trusted = ip
+
+ if (kind !== subnetkind) {
+ if (subnetkind === 'ipv4' && !ip.isIPv4MappedAddress()) {
+ // Incompatible IP addresses
+ continue
+ }
+
+ if (!ipconv) {
+ // Convert IP to match subnet IP kind
+ ipconv = subnetkind === 'ipv4'
+ ? ip.toIPv4Address()
+ : ip.toIPv4MappedAddress()
+ }
+
+ trusted = ipconv
+ }
+
+ if (trusted.match(subnetip, subnetrange)) {
+ return true
+ }
+ }
+
+ return false
+ }
+}
+
+/**
+ * Compile trust function for single subnet.
+ *
+ * @param {Object} subnet
+ * @private
+ */
+
+function trustSingle (subnet) {
+ var subnetip = subnet[0]
+ var subnetkind = subnetip.kind()
+ var subnetisipv4 = subnetkind === 'ipv4'
+ var subnetrange = subnet[1]
+
+ return function trust (addr) {
+ if (!isip(addr)) return false
+
+ var ip = parseip(addr)
+ var kind = ip.kind()
+
+ if (kind !== subnetkind) {
+ if (subnetisipv4 && !ip.isIPv4MappedAddress()) {
+ // Incompatible IP addresses
+ return false
+ }
+
+ // Convert IP to match subnet IP kind
+ ip = subnetisipv4
+ ? ip.toIPv4Address()
+ : ip.toIPv4MappedAddress()
+ }
+
+ return ip.match(subnetip, subnetrange)
+ }
+}
diff --git a/node_modules/proxy-addr/package.json b/node_modules/proxy-addr/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..24ba8f7db3cf17d87cff4bd53977b5239d459f90
--- /dev/null
+++ b/node_modules/proxy-addr/package.json
@@ -0,0 +1,47 @@
+{
+ "name": "proxy-addr",
+ "description": "Determine address of proxied request",
+ "version": "2.0.7",
+ "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "license": "MIT",
+ "keywords": [
+ "ip",
+ "proxy",
+ "x-forwarded-for"
+ ],
+ "repository": "jshttp/proxy-addr",
+ "dependencies": {
+ "forwarded": "0.2.0",
+ "ipaddr.js": "1.9.1"
+ },
+ "devDependencies": {
+ "benchmark": "2.1.4",
+ "beautify-benchmark": "0.2.4",
+ "deep-equal": "1.0.1",
+ "eslint": "7.26.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.23.4",
+ "eslint-plugin-markdown": "2.2.0",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "4.3.1",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "8.4.0",
+ "nyc": "15.1.0"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.10"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test"
+ }
+}
diff --git a/node_modules/range-parser/HISTORY.md b/node_modules/range-parser/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..70a973d800ef108fda6ee25ad76ec626594b656d
--- /dev/null
+++ b/node_modules/range-parser/HISTORY.md
@@ -0,0 +1,56 @@
+1.2.1 / 2019-05-10
+==================
+
+ * Improve error when `str` is not a string
+
+1.2.0 / 2016-06-01
+==================
+
+ * Add `combine` option to combine overlapping ranges
+
+1.1.0 / 2016-05-13
+==================
+
+ * Fix incorrectly returning -1 when there is at least one valid range
+ * perf: remove internal function
+
+1.0.3 / 2015-10-29
+==================
+
+ * perf: enable strict mode
+
+1.0.2 / 2014-09-08
+==================
+
+ * Support Node.js 0.6
+
+1.0.1 / 2014-09-07
+==================
+
+ * Move repository to jshttp
+
+1.0.0 / 2013-12-11
+==================
+
+ * Add repository to package.json
+ * Add MIT license
+
+0.0.4 / 2012-06-17
+==================
+
+ * Change ret -1 for unsatisfiable and -2 when invalid
+
+0.0.3 / 2012-06-17
+==================
+
+ * Fix last-byte-pos default to len - 1
+
+0.0.2 / 2012-06-14
+==================
+
+ * Add `.type`
+
+0.0.1 / 2012-06-11
+==================
+
+ * Initial release
diff --git a/node_modules/range-parser/LICENSE b/node_modules/range-parser/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..359995436311ca2c69c0d05c1b7ad389aa63e9b9
--- /dev/null
+++ b/node_modules/range-parser/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/range-parser/README.md b/node_modules/range-parser/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..c247e826e67075a49071a07f830fadc62d28d86a
--- /dev/null
+++ b/node_modules/range-parser/README.md
@@ -0,0 +1,84 @@
+# range-parser
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Range header field parser.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install range-parser
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var parseRange = require('range-parser')
+```
+
+### parseRange(size, header, options)
+
+Parse the given `header` string where `size` is the maximum size of the resource.
+An array of ranges will be returned or negative numbers indicating an error parsing.
+
+ * `-2` signals a malformed header string
+ * `-1` signals an unsatisfiable range
+
+<!-- eslint-disable no-undef -->
+
+```js
+// parse header from request
+var range = parseRange(size, req.headers.range)
+
+// the type of the range
+if (range.type === 'bytes') {
+ // the ranges
+ range.forEach(function (r) {
+ // do something with r.start and r.end
+ })
+}
+```
+
+#### Options
+
+These properties are accepted in the options object.
+
+##### combine
+
+Specifies if overlapping & adjacent ranges should be combined, defaults to `false`.
+When `true`, ranges will be combined and returned as if they were specified that
+way in the header.
+
+<!-- eslint-disable no-undef -->
+
+```js
+parseRange(100, 'bytes=50-55,0-10,5-10,56-60', { combine: true })
+// => [
+// { start: 0, end: 10 },
+// { start: 50, end: 60 }
+// ]
+```
+
+## License
+
+[MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/range-parser/master
+[coveralls-url]: https://coveralls.io/r/jshttp/range-parser?branch=master
+[node-image]: https://badgen.net/npm/node/range-parser
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/range-parser
+[npm-url]: https://npmjs.org/package/range-parser
+[npm-version-image]: https://badgen.net/npm/v/range-parser
+[travis-image]: https://badgen.net/travis/jshttp/range-parser/master
+[travis-url]: https://travis-ci.org/jshttp/range-parser
diff --git a/node_modules/range-parser/index.js b/node_modules/range-parser/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..b7dc5c0f15fe00172c496cae3bc48f238a3a8469
--- /dev/null
+++ b/node_modules/range-parser/index.js
@@ -0,0 +1,162 @@
+/*!
+ * range-parser
+ * Copyright(c) 2012-2014 TJ Holowaychuk
+ * Copyright(c) 2015-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = rangeParser
+
+/**
+ * Parse "Range" header `str` relative to the given file `size`.
+ *
+ * @param {Number} size
+ * @param {String} str
+ * @param {Object} [options]
+ * @return {Array}
+ * @public
+ */
+
+function rangeParser (size, str, options) {
+ if (typeof str !== 'string') {
+ throw new TypeError('argument str must be a string')
+ }
+
+ var index = str.indexOf('=')
+
+ if (index === -1) {
+ return -2
+ }
+
+ // split the range string
+ var arr = str.slice(index + 1).split(',')
+ var ranges = []
+
+ // add ranges type
+ ranges.type = str.slice(0, index)
+
+ // parse all ranges
+ for (var i = 0; i < arr.length; i++) {
+ var range = arr[i].split('-')
+ var start = parseInt(range[0], 10)
+ var end = parseInt(range[1], 10)
+
+ // -nnn
+ if (isNaN(start)) {
+ start = size - end
+ end = size - 1
+ // nnn-
+ } else if (isNaN(end)) {
+ end = size - 1
+ }
+
+ // limit last-byte-pos to current length
+ if (end > size - 1) {
+ end = size - 1
+ }
+
+ // invalid or unsatisifiable
+ if (isNaN(start) || isNaN(end) || start > end || start < 0) {
+ continue
+ }
+
+ // add range
+ ranges.push({
+ start: start,
+ end: end
+ })
+ }
+
+ if (ranges.length < 1) {
+ // unsatisifiable
+ return -1
+ }
+
+ return options && options.combine
+ ? combineRanges(ranges)
+ : ranges
+}
+
+/**
+ * Combine overlapping & adjacent ranges.
+ * @private
+ */
+
+function combineRanges (ranges) {
+ var ordered = ranges.map(mapWithIndex).sort(sortByRangeStart)
+
+ for (var j = 0, i = 1; i < ordered.length; i++) {
+ var range = ordered[i]
+ var current = ordered[j]
+
+ if (range.start > current.end + 1) {
+ // next range
+ ordered[++j] = range
+ } else if (range.end > current.end) {
+ // extend range
+ current.end = range.end
+ current.index = Math.min(current.index, range.index)
+ }
+ }
+
+ // trim ordered array
+ ordered.length = j + 1
+
+ // generate combined range
+ var combined = ordered.sort(sortByRangeIndex).map(mapWithoutIndex)
+
+ // copy ranges type
+ combined.type = ranges.type
+
+ return combined
+}
+
+/**
+ * Map function to add index value to ranges.
+ * @private
+ */
+
+function mapWithIndex (range, index) {
+ return {
+ start: range.start,
+ end: range.end,
+ index: index
+ }
+}
+
+/**
+ * Map function to remove index value from ranges.
+ * @private
+ */
+
+function mapWithoutIndex (range) {
+ return {
+ start: range.start,
+ end: range.end
+ }
+}
+
+/**
+ * Sort function to sort ranges by index.
+ * @private
+ */
+
+function sortByRangeIndex (a, b) {
+ return a.index - b.index
+}
+
+/**
+ * Sort function to sort ranges by start position.
+ * @private
+ */
+
+function sortByRangeStart (a, b) {
+ return a.start - b.start
+}
diff --git a/node_modules/range-parser/package.json b/node_modules/range-parser/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..abea6d852e9baa772152be996c4a6ed5b2e8e514
--- /dev/null
+++ b/node_modules/range-parser/package.json
@@ -0,0 +1,44 @@
+{
+ "name": "range-parser",
+ "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
+ "description": "Range header field string parser",
+ "version": "1.2.1",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "James Wyatt Cready <wyatt.cready@lanetix.com>",
+ "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "range",
+ "parser",
+ "http"
+ ],
+ "repository": "jshttp/range-parser",
+ "devDependencies": {
+ "deep-equal": "1.0.1",
+ "eslint": "5.16.0",
+ "eslint-config-standard": "12.0.0",
+ "eslint-plugin-markdown": "1.0.0",
+ "eslint-plugin-import": "2.17.2",
+ "eslint-plugin-node": "8.0.1",
+ "eslint-plugin-promise": "4.1.1",
+ "eslint-plugin-standard": "4.0.0",
+ "mocha": "6.1.4",
+ "nyc": "14.1.1"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.6"
+ },
+ "scripts": {
+ "lint": "eslint --plugin markdown --ext js,md .",
+ "test": "mocha --reporter spec",
+ "test-cov": "nyc --reporter=html --reporter=text npm test",
+ "test-travis": "nyc --reporter=text npm test"
+ }
+}
diff --git a/node_modules/send/HISTORY.md b/node_modules/send/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..0dd29d0f0f8b2d5f5b7d413d74e3ba5e81e6a4d1
--- /dev/null
+++ b/node_modules/send/HISTORY.md
@@ -0,0 +1,526 @@
+0.19.0 / 2024-09-10
+===================
+
+* Remove link renderization in html while redirecting
+
+0.18.0 / 2022-03-23
+===================
+
+ * Fix emitted 416 error missing headers property
+ * Limit the headers removed for 304 response
+ * deps: depd@2.0.0
+ - Replace internal `eval` usage with `Function` constructor
+ - Use instance methods on `process` to check for listeners
+ * deps: destroy@1.2.0
+ * deps: http-errors@2.0.0
+ - deps: depd@2.0.0
+ - deps: statuses@2.0.1
+ * deps: on-finished@2.4.1
+ * deps: statuses@2.0.1
+
+0.17.2 / 2021-12-11
+===================
+
+ * pref: ignore empty http tokens
+ * deps: http-errors@1.8.1
+ - deps: inherits@2.0.4
+ - deps: toidentifier@1.0.1
+ - deps: setprototypeof@1.2.0
+ * deps: ms@2.1.3
+
+0.17.1 / 2019-05-10
+===================
+
+ * Set stricter CSP header in redirect & error responses
+ * deps: range-parser@~1.2.1
+
+0.17.0 / 2019-05-03
+===================
+
+ * deps: http-errors@~1.7.2
+ - Set constructor name when possible
+ - Use `toidentifier` module to make class names
+ - deps: depd@~1.1.2
+ - deps: setprototypeof@1.1.1
+ - deps: statuses@'>= 1.5.0 < 2'
+ * deps: mime@1.6.0
+ - Add extensions for JPEG-2000 images
+ - Add new `font/*` types from IANA
+ - Add WASM mapping
+ - Update `.bdoc` to `application/bdoc`
+ - Update `.bmp` to `image/bmp`
+ - Update `.m4a` to `audio/mp4`
+ - Update `.rtf` to `application/rtf`
+ - Update `.wav` to `audio/wav`
+ - Update `.xml` to `application/xml`
+ - Update generic extensions to `application/octet-stream`:
+ `.deb`, `.dll`, `.dmg`, `.exe`, `.iso`, `.msi`
+ - Use mime-score module to resolve extension conflicts
+ * deps: ms@2.1.1
+ - Add `week`/`w` support
+ - Fix negative number handling
+ * deps: statuses@~1.5.0
+ * perf: remove redundant `path.normalize` call
+
+0.16.2 / 2018-02-07
+===================
+
+ * Fix incorrect end tag in default error & redirects
+ * deps: depd@~1.1.2
+ - perf: remove argument reassignment
+ * deps: encodeurl@~1.0.2
+ - Fix encoding `%` as last character
+ * deps: statuses@~1.4.0
+
+0.16.1 / 2017-09-29
+===================
+
+ * Fix regression in edge-case behavior for empty `path`
+
+0.16.0 / 2017-09-27
+===================
+
+ * Add `immutable` option
+ * Fix missing `</html>` in default error & redirects
+ * Use instance methods on steam to check for listeners
+ * deps: mime@1.4.1
+ - Add 70 new types for file extensions
+ - Set charset as "UTF-8" for .js and .json
+ * perf: improve path validation speed
+
+0.15.6 / 2017-09-22
+===================
+
+ * deps: debug@2.6.9
+ * perf: improve `If-Match` token parsing
+
+0.15.5 / 2017-09-20
+===================
+
+ * deps: etag@~1.8.1
+ - perf: replace regular expression with substring
+ * deps: fresh@0.5.2
+ - Fix handling of modified headers with invalid dates
+ - perf: improve ETag match loop
+ - perf: improve `If-None-Match` token parsing
+
+0.15.4 / 2017-08-05
+===================
+
+ * deps: debug@2.6.8
+ * deps: depd@~1.1.1
+ - Remove unnecessary `Buffer` loading
+ * deps: http-errors@~1.6.2
+ - deps: depd@1.1.1
+
+0.15.3 / 2017-05-16
+===================
+
+ * deps: debug@2.6.7
+ - deps: ms@2.0.0
+ * deps: ms@2.0.0
+
+0.15.2 / 2017-04-26
+===================
+
+ * deps: debug@2.6.4
+ - Fix `DEBUG_MAX_ARRAY_LENGTH`
+ - deps: ms@0.7.3
+ * deps: ms@1.0.0
+
+0.15.1 / 2017-03-04
+===================
+
+ * Fix issue when `Date.parse` does not return `NaN` on invalid date
+ * Fix strict violation in broken environments
+
+0.15.0 / 2017-02-25
+===================
+
+ * Support `If-Match` and `If-Unmodified-Since` headers
+ * Add `res` and `path` arguments to `directory` event
+ * Remove usage of `res._headers` private field
+ - Improves compatibility with Node.js 8 nightly
+ * Send complete HTML document in redirect & error responses
+ * Set default CSP header in redirect & error responses
+ * Use `res.getHeaderNames()` when available
+ * Use `res.headersSent` when available
+ * deps: debug@2.6.1
+ - Allow colors in workers
+ - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+ - Fix error when running under React Native
+ - Use same color for same namespace
+ - deps: ms@0.7.2
+ * deps: etag@~1.8.0
+ * deps: fresh@0.5.0
+ - Fix false detection of `no-cache` request directive
+ - Fix incorrect result when `If-None-Match` has both `*` and ETags
+ - Fix weak `ETag` matching to match spec
+ - perf: delay reading header values until needed
+ - perf: enable strict mode
+ - perf: hoist regular expressions
+ - perf: remove duplicate conditional
+ - perf: remove unnecessary boolean coercions
+ - perf: skip checking modified time if ETag check failed
+ - perf: skip parsing `If-None-Match` when no `ETag` header
+ - perf: use `Date.parse` instead of `new Date`
+ * deps: http-errors@~1.6.1
+ - Make `message` property enumerable for `HttpError`s
+ - deps: setprototypeof@1.0.3
+
+0.14.2 / 2017-01-23
+===================
+
+ * deps: http-errors@~1.5.1
+ - deps: inherits@2.0.3
+ - deps: setprototypeof@1.0.2
+ - deps: statuses@'>= 1.3.1 < 2'
+ * deps: ms@0.7.2
+ * deps: statuses@~1.3.1
+
+0.14.1 / 2016-06-09
+===================
+
+ * Fix redirect error when `path` contains raw non-URL characters
+ * Fix redirect when `path` starts with multiple forward slashes
+
+0.14.0 / 2016-06-06
+===================
+
+ * Add `acceptRanges` option
+ * Add `cacheControl` option
+ * Attempt to combine multiple ranges into single range
+ * Correctly inherit from `Stream` class
+ * Fix `Content-Range` header in 416 responses when using `start`/`end` options
+ * Fix `Content-Range` header missing from default 416 responses
+ * Ignore non-byte `Range` headers
+ * deps: http-errors@~1.5.0
+ - Add `HttpError` export, for `err instanceof createError.HttpError`
+ - Support new code `421 Misdirected Request`
+ - Use `setprototypeof` module to replace `__proto__` setting
+ - deps: inherits@2.0.1
+ - deps: statuses@'>= 1.3.0 < 2'
+ - perf: enable strict mode
+ * deps: range-parser@~1.2.0
+ - Fix incorrectly returning -1 when there is at least one valid range
+ - perf: remove internal function
+ * deps: statuses@~1.3.0
+ - Add `421 Misdirected Request`
+ - perf: enable strict mode
+ * perf: remove argument reassignment
+
+0.13.2 / 2016-03-05
+===================
+
+ * Fix invalid `Content-Type` header when `send.mime.default_type` unset
+
+0.13.1 / 2016-01-16
+===================
+
+ * deps: depd@~1.1.0
+ - Support web browser loading
+ - perf: enable strict mode
+ * deps: destroy@~1.0.4
+ - perf: enable strict mode
+ * deps: escape-html@~1.0.3
+ - perf: enable strict mode
+ - perf: optimize string replacement
+ - perf: use faster string coercion
+ * deps: range-parser@~1.0.3
+ - perf: enable strict mode
+
+0.13.0 / 2015-06-16
+===================
+
+ * Allow Node.js HTTP server to set `Date` response header
+ * Fix incorrectly removing `Content-Location` on 304 response
+ * Improve the default redirect response headers
+ * Send appropriate headers on default error response
+ * Use `http-errors` for standard emitted errors
+ * Use `statuses` instead of `http` module for status messages
+ * deps: escape-html@1.0.2
+ * deps: etag@~1.7.0
+ - Improve stat performance by removing hashing
+ * deps: fresh@0.3.0
+ - Add weak `ETag` matching support
+ * deps: on-finished@~2.3.0
+ - Add defined behavior for HTTP `CONNECT` requests
+ - Add defined behavior for HTTP `Upgrade` requests
+ - deps: ee-first@1.1.1
+ * perf: enable strict mode
+ * perf: remove unnecessary array allocations
+
+0.12.3 / 2015-05-13
+===================
+
+ * deps: debug@~2.2.0
+ - deps: ms@0.7.1
+ * deps: depd@~1.0.1
+ * deps: etag@~1.6.0
+ - Improve support for JXcore
+ - Support "fake" stats objects in environments without `fs`
+ * deps: ms@0.7.1
+ - Prevent extraordinarily long inputs
+ * deps: on-finished@~2.2.1
+
+0.12.2 / 2015-03-13
+===================
+
+ * Throw errors early for invalid `extensions` or `index` options
+ * deps: debug@~2.1.3
+ - Fix high intensity foreground color for bold
+ - deps: ms@0.7.0
+
+0.12.1 / 2015-02-17
+===================
+
+ * Fix regression sending zero-length files
+
+0.12.0 / 2015-02-16
+===================
+
+ * Always read the stat size from the file
+ * Fix mutating passed-in `options`
+ * deps: mime@1.3.4
+
+0.11.1 / 2015-01-20
+===================
+
+ * Fix `root` path disclosure
+
+0.11.0 / 2015-01-05
+===================
+
+ * deps: debug@~2.1.1
+ * deps: etag@~1.5.1
+ - deps: crc@3.2.1
+ * deps: ms@0.7.0
+ - Add `milliseconds`
+ - Add `msecs`
+ - Add `secs`
+ - Add `mins`
+ - Add `hrs`
+ - Add `yrs`
+ * deps: on-finished@~2.2.0
+
+0.10.1 / 2014-10-22
+===================
+
+ * deps: on-finished@~2.1.1
+ - Fix handling of pipelined requests
+
+0.10.0 / 2014-10-15
+===================
+
+ * deps: debug@~2.1.0
+ - Implement `DEBUG_FD` env variable support
+ * deps: depd@~1.0.0
+ * deps: etag@~1.5.0
+ - Improve string performance
+ - Slightly improve speed for weak ETags over 1KB
+
+0.9.3 / 2014-09-24
+==================
+
+ * deps: etag@~1.4.0
+ - Support "fake" stats objects
+
+0.9.2 / 2014-09-15
+==================
+
+ * deps: depd@0.4.5
+ * deps: etag@~1.3.1
+ * deps: range-parser@~1.0.2
+
+0.9.1 / 2014-09-07
+==================
+
+ * deps: fresh@0.2.4
+
+0.9.0 / 2014-09-07
+==================
+
+ * Add `lastModified` option
+ * Use `etag` to generate `ETag` header
+ * deps: debug@~2.0.0
+
+0.8.5 / 2014-09-04
+==================
+
+ * Fix malicious path detection for empty string path
+
+0.8.4 / 2014-09-04
+==================
+
+ * Fix a path traversal issue when using `root`
+
+0.8.3 / 2014-08-16
+==================
+
+ * deps: destroy@1.0.3
+ - renamed from dethroy
+ * deps: on-finished@2.1.0
+
+0.8.2 / 2014-08-14
+==================
+
+ * Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+ * deps: dethroy@1.0.2
+
+0.8.1 / 2014-08-05
+==================
+
+ * Fix `extensions` behavior when file already has extension
+
+0.8.0 / 2014-08-05
+==================
+
+ * Add `extensions` option
+
+0.7.4 / 2014-08-04
+==================
+
+ * Fix serving index files without root dir
+
+0.7.3 / 2014-07-29
+==================
+
+ * Fix incorrect 403 on Windows and Node.js 0.11
+
+0.7.2 / 2014-07-27
+==================
+
+ * deps: depd@0.4.4
+ - Work-around v8 generating empty stack traces
+
+0.7.1 / 2014-07-26
+==================
+
+ * deps: depd@0.4.3
+ - Fix exception when global `Error.stackTraceLimit` is too low
+
+0.7.0 / 2014-07-20
+==================
+
+ * Deprecate `hidden` option; use `dotfiles` option
+ * Add `dotfiles` option
+ * deps: debug@1.0.4
+ * deps: depd@0.4.2
+ - Add `TRACE_DEPRECATION` environment variable
+ - Remove non-standard grey color from color output
+ - Support `--no-deprecation` argument
+ - Support `--trace-deprecation` argument
+
+0.6.0 / 2014-07-11
+==================
+
+ * Deprecate `from` option; use `root` option
+ * Deprecate `send.etag()` -- use `etag` in `options`
+ * Deprecate `send.hidden()` -- use `hidden` in `options`
+ * Deprecate `send.index()` -- use `index` in `options`
+ * Deprecate `send.maxage()` -- use `maxAge` in `options`
+ * Deprecate `send.root()` -- use `root` in `options`
+ * Cap `maxAge` value to 1 year
+ * deps: debug@1.0.3
+ - Add support for multiple wildcards in namespaces
+
+0.5.0 / 2014-06-28
+==================
+
+ * Accept string for `maxAge` (converted by `ms`)
+ * Add `headers` event
+ * Include link in default redirect response
+ * Use `EventEmitter.listenerCount` to count listeners
+
+0.4.3 / 2014-06-11
+==================
+
+ * Do not throw un-catchable error on file open race condition
+ * Use `escape-html` for HTML escaping
+ * deps: debug@1.0.2
+ - fix some debugging output colors on node.js 0.8
+ * deps: finished@1.2.2
+ * deps: fresh@0.2.2
+
+0.4.2 / 2014-06-09
+==================
+
+ * fix "event emitter leak" warnings
+ * deps: debug@1.0.1
+ * deps: finished@1.2.1
+
+0.4.1 / 2014-06-02
+==================
+
+ * Send `max-age` in `Cache-Control` in correct format
+
+0.4.0 / 2014-05-27
+==================
+
+ * Calculate ETag with md5 for reduced collisions
+ * Fix wrong behavior when index file matches directory
+ * Ignore stream errors after request ends
+ - Goodbye `EBADF, read`
+ * Skip directories in index file search
+ * deps: debug@0.8.1
+
+0.3.0 / 2014-04-24
+==================
+
+ * Fix sending files with dots without root set
+ * Coerce option types
+ * Accept API options in options object
+ * Set etags to "weak"
+ * Include file path in etag
+ * Make "Can't set headers after they are sent." catchable
+ * Send full entity-body for multi range requests
+ * Default directory access to 403 when index disabled
+ * Support multiple index paths
+ * Support "If-Range" header
+ * Control whether to generate etags
+ * deps: mime@1.2.11
+
+0.2.0 / 2014-01-29
+==================
+
+ * update range-parser and fresh
+
+0.1.4 / 2013-08-11
+==================
+
+ * update fresh
+
+0.1.3 / 2013-07-08
+==================
+
+ * Revert "Fix fd leak"
+
+0.1.2 / 2013-07-03
+==================
+
+ * Fix fd leak
+
+0.1.0 / 2012-08-25
+==================
+
+ * add options parameter to send() that is passed to fs.createReadStream() [kanongil]
+
+0.0.4 / 2012-08-16
+==================
+
+ * allow custom "Accept-Ranges" definition
+
+0.0.3 / 2012-07-16
+==================
+
+ * fix normalization of the root directory. Closes #3
+
+0.0.2 / 2012-07-09
+==================
+
+ * add passing of req explicitly for now (YUCK)
+
+0.0.1 / 2010-01-03
+==================
+
+ * Initial release
diff --git a/node_modules/send/LICENSE b/node_modules/send/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..b6ea1c1fd44ff6f4af6a8e4e5d4793004b9e8524
--- /dev/null
+++ b/node_modules/send/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012 TJ Holowaychuk
+Copyright (c) 2014-2022 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/send/README.md b/node_modules/send/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fadf8383c056f23dc8634cec647e2244bd94fce7
--- /dev/null
+++ b/node_modules/send/README.md
@@ -0,0 +1,327 @@
+# send
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+[![Windows Build][appveyor-image]][appveyor-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Send is a library for streaming files from the file system as a http response
+supporting partial responses (Ranges), conditional-GET negotiation (If-Match,
+If-Unmodified-Since, If-None-Match, If-Modified-Since), high test coverage,
+and granular events which may be leveraged to take appropriate actions in your
+application or framework.
+
+Looking to serve up entire folders mapped to URLs? Try [serve-static](https://www.npmjs.org/package/serve-static).
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```bash
+$ npm install send
+```
+
+## API
+
+```js
+var send = require('send')
+```
+
+### send(req, path, [options])
+
+Create a new `SendStream` for the given path to send to a `res`. The `req` is
+the Node.js HTTP request and the `path` is a urlencoded path to send (urlencoded,
+not the actual file-system path).
+
+#### Options
+
+##### acceptRanges
+
+Enable or disable accepting ranged requests, defaults to true.
+Disabling this will not send `Accept-Ranges` and ignore the contents
+of the `Range` request header.
+
+##### cacheControl
+
+Enable or disable setting `Cache-Control` response header, defaults to
+true. Disabling this will ignore the `immutable` and `maxAge` options.
+
+##### dotfiles
+
+Set how "dotfiles" are treated when encountered. A dotfile is a file
+or directory that begins with a dot ("."). Note this check is done on
+the path itself without checking if the path actually exists on the
+disk. If `root` is specified, only the dotfiles above the root are
+checked (i.e. the root itself can be within a dotfile when when set
+to "deny").
+
+ - `'allow'` No special treatment for dotfiles.
+ - `'deny'` Send a 403 for any request for a dotfile.
+ - `'ignore'` Pretend like the dotfile does not exist and 404.
+
+The default value is _similar_ to `'ignore'`, with the exception that
+this default will not ignore the files within a directory that begins
+with a dot, for backward-compatibility.
+
+##### end
+
+Byte offset at which the stream ends, defaults to the length of the file
+minus 1. The end is inclusive in the stream, meaning `end: 3` will include
+the 4th byte in the stream.
+
+##### etag
+
+Enable or disable etag generation, defaults to true.
+
+##### extensions
+
+If a given file doesn't exist, try appending one of the given extensions,
+in the given order. By default, this is disabled (set to `false`). An
+example value that will serve extension-less HTML files: `['html', 'htm']`.
+This is skipped if the requested file already has an extension.
+
+##### immutable
+
+Enable or disable the `immutable` directive in the `Cache-Control` response
+header, defaults to `false`. If set to `true`, the `maxAge` option should
+also be specified to enable caching. The `immutable` directive will prevent
+supported clients from making conditional requests during the life of the
+`maxAge` option to check if the file has changed.
+
+##### index
+
+By default send supports "index.html" files, to disable this
+set `false` or to supply a new index pass a string or an array
+in preferred order.
+
+##### lastModified
+
+Enable or disable `Last-Modified` header, defaults to true. Uses the file
+system's last modified value.
+
+##### maxAge
+
+Provide a max-age in milliseconds for http caching, defaults to 0.
+This can also be a string accepted by the
+[ms](https://www.npmjs.org/package/ms#readme) module.
+
+##### root
+
+Serve files relative to `path`.
+
+##### start
+
+Byte offset at which the stream starts, defaults to 0. The start is inclusive,
+meaning `start: 2` will include the 3rd byte in the stream.
+
+#### Events
+
+The `SendStream` is an event emitter and will emit the following events:
+
+ - `error` an error occurred `(err)`
+ - `directory` a directory was requested `(res, path)`
+ - `file` a file was requested `(path, stat)`
+ - `headers` the headers are about to be set on a file `(res, path, stat)`
+ - `stream` file streaming has started `(stream)`
+ - `end` streaming has completed
+
+#### .pipe
+
+The `pipe` method is used to pipe the response into the Node.js HTTP response
+object, typically `send(req, path, options).pipe(res)`.
+
+### .mime
+
+The `mime` export is the global instance of of the
+[`mime` npm module](https://www.npmjs.com/package/mime).
+
+This is used to configure the MIME types that are associated with file extensions
+as well as other options for how to resolve the MIME type of a file (like the
+default type to use for an unknown file extension).
+
+## Error-handling
+
+By default when no `error` listeners are present an automatic response will be
+made, otherwise you have full control over the response, aka you may show a 5xx
+page etc.
+
+## Caching
+
+It does _not_ perform internal caching, you should use a reverse proxy cache
+such as Varnish for this, or those fancy things called CDNs. If your
+application is small enough that it would benefit from single-node memory
+caching, it's small enough that it does not need caching at all ;).
+
+## Debugging
+
+To enable `debug()` instrumentation output export __DEBUG__:
+
+```
+$ DEBUG=send node app
+```
+
+## Running tests
+
+```
+$ npm install
+$ npm test
+```
+
+## Examples
+
+### Serve a specific file
+
+This simple example will send a specific file to all requests.
+
+```js
+var http = require('http')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+ send(req, '/path/to/index.html')
+ .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Serve all files from a directory
+
+This simple example will just serve up all the files in a
+given directory as the top-level. For example, a request
+`GET /foo.txt` will send back `/www/public/foo.txt`.
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+ send(req, parseUrl(req).pathname, { root: '/www/public' })
+ .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Custom file types
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+// Default unknown types to text/plain
+send.mime.default_type = 'text/plain'
+
+// Add a custom type
+send.mime.define({
+ 'application/x-my-type': ['x-mt', 'x-mtt']
+})
+
+var server = http.createServer(function onRequest (req, res) {
+ send(req, parseUrl(req).pathname, { root: '/www/public' })
+ .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Custom directory index view
+
+This is a example of serving up a structure of directories with a
+custom function to render a listing of a directory.
+
+```js
+var http = require('http')
+var fs = require('fs')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+// Transfer arbitrary files from within /www/example.com/public/*
+// with a custom handler for directory listing
+var server = http.createServer(function onRequest (req, res) {
+ send(req, parseUrl(req).pathname, { index: false, root: '/www/public' })
+ .once('directory', directory)
+ .pipe(res)
+})
+
+server.listen(3000)
+
+// Custom directory handler
+function directory (res, path) {
+ var stream = this
+
+ // redirect to trailing slash for consistent url
+ if (!stream.hasTrailingSlash()) {
+ return stream.redirect(path)
+ }
+
+ // get directory list
+ fs.readdir(path, function onReaddir (err, list) {
+ if (err) return stream.error(err)
+
+ // render an index for the directory
+ res.setHeader('Content-Type', 'text/plain; charset=UTF-8')
+ res.end(list.join('\n') + '\n')
+ })
+}
+```
+
+### Serving from a root directory with custom error-handling
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+ // your custom error-handling logic:
+ function error (err) {
+ res.statusCode = err.status || 500
+ res.end(err.message)
+ }
+
+ // your custom headers
+ function headers (res, path, stat) {
+ // serve all files for download
+ res.setHeader('Content-Disposition', 'attachment')
+ }
+
+ // your custom directory handling logic:
+ function redirect () {
+ res.statusCode = 301
+ res.setHeader('Location', req.url + '/')
+ res.end('Redirecting to ' + req.url + '/')
+ }
+
+ // transfer arbitrary files from within
+ // /www/example.com/public/*
+ send(req, parseUrl(req).pathname, { root: '/www/public' })
+ .on('error', error)
+ .on('directory', redirect)
+ .on('headers', headers)
+ .pipe(res)
+})
+
+server.listen(3000)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/send/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/send
+[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/send/master
+[coveralls-url]: https://coveralls.io/r/pillarjs/send?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=linux
+[github-actions-ci-url]: https://github.com/pillarjs/send/actions/workflows/ci.yml
+[node-image]: https://badgen.net/npm/node/send
+[node-url]: https://nodejs.org/en/download/
+[npm-downloads-image]: https://badgen.net/npm/dm/send
+[npm-url]: https://npmjs.org/package/send
+[npm-version-image]: https://badgen.net/npm/v/send
diff --git a/node_modules/send/SECURITY.md b/node_modules/send/SECURITY.md
new file mode 100644
index 0000000000000000000000000000000000000000..46b48f7b0733cdfa849734a92b51bfc213a2ee49
--- /dev/null
+++ b/node_modules/send/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `send` team and community take all security bugs seriously. Thank you
+for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `send`. This information
+can be found in the npm registry using the command `npm owner ls send`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/pillarjs/send/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/node_modules/send/index.js b/node_modules/send/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..768f8ca60ccb772ef00c6a910753793ad73440c1
--- /dev/null
+++ b/node_modules/send/index.js
@@ -0,0 +1,1142 @@
+/*!
+ * send
+ * Copyright(c) 2012 TJ Holowaychuk
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var createError = require('http-errors')
+var debug = require('debug')('send')
+var deprecate = require('depd')('send')
+var destroy = require('destroy')
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var etag = require('etag')
+var fresh = require('fresh')
+var fs = require('fs')
+var mime = require('mime')
+var ms = require('ms')
+var onFinished = require('on-finished')
+var parseRange = require('range-parser')
+var path = require('path')
+var statuses = require('statuses')
+var Stream = require('stream')
+var util = require('util')
+
+/**
+ * Path function references.
+ * @private
+ */
+
+var extname = path.extname
+var join = path.join
+var normalize = path.normalize
+var resolve = path.resolve
+var sep = path.sep
+
+/**
+ * Regular expression for identifying a bytes Range header.
+ * @private
+ */
+
+var BYTES_RANGE_REGEXP = /^ *bytes=/
+
+/**
+ * Maximum value allowed for the max age.
+ * @private
+ */
+
+var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1000 // 1 year
+
+/**
+ * Regular expression to match a path with a directory up component.
+ * @private
+ */
+
+var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = send
+module.exports.mime = mime
+
+/**
+ * Return a `SendStream` for `req` and `path`.
+ *
+ * @param {object} req
+ * @param {string} path
+ * @param {object} [options]
+ * @return {SendStream}
+ * @public
+ */
+
+function send (req, path, options) {
+ return new SendStream(req, path, options)
+}
+
+/**
+ * Initialize a `SendStream` with the given `path`.
+ *
+ * @param {Request} req
+ * @param {String} path
+ * @param {object} [options]
+ * @private
+ */
+
+function SendStream (req, path, options) {
+ Stream.call(this)
+
+ var opts = options || {}
+
+ this.options = opts
+ this.path = path
+ this.req = req
+
+ this._acceptRanges = opts.acceptRanges !== undefined
+ ? Boolean(opts.acceptRanges)
+ : true
+
+ this._cacheControl = opts.cacheControl !== undefined
+ ? Boolean(opts.cacheControl)
+ : true
+
+ this._etag = opts.etag !== undefined
+ ? Boolean(opts.etag)
+ : true
+
+ this._dotfiles = opts.dotfiles !== undefined
+ ? opts.dotfiles
+ : 'ignore'
+
+ if (this._dotfiles !== 'ignore' && this._dotfiles !== 'allow' && this._dotfiles !== 'deny') {
+ throw new TypeError('dotfiles option must be "allow", "deny", or "ignore"')
+ }
+
+ this._hidden = Boolean(opts.hidden)
+
+ if (opts.hidden !== undefined) {
+ deprecate('hidden: use dotfiles: \'' + (this._hidden ? 'allow' : 'ignore') + '\' instead')
+ }
+
+ // legacy support
+ if (opts.dotfiles === undefined) {
+ this._dotfiles = undefined
+ }
+
+ this._extensions = opts.extensions !== undefined
+ ? normalizeList(opts.extensions, 'extensions option')
+ : []
+
+ this._immutable = opts.immutable !== undefined
+ ? Boolean(opts.immutable)
+ : false
+
+ this._index = opts.index !== undefined
+ ? normalizeList(opts.index, 'index option')
+ : ['index.html']
+
+ this._lastModified = opts.lastModified !== undefined
+ ? Boolean(opts.lastModified)
+ : true
+
+ this._maxage = opts.maxAge || opts.maxage
+ this._maxage = typeof this._maxage === 'string'
+ ? ms(this._maxage)
+ : Number(this._maxage)
+ this._maxage = !isNaN(this._maxage)
+ ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
+ : 0
+
+ this._root = opts.root
+ ? resolve(opts.root)
+ : null
+
+ if (!this._root && opts.from) {
+ this.from(opts.from)
+ }
+}
+
+/**
+ * Inherits from `Stream`.
+ */
+
+util.inherits(SendStream, Stream)
+
+/**
+ * Enable or disable etag generation.
+ *
+ * @param {Boolean} val
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.etag = deprecate.function(function etag (val) {
+ this._etag = Boolean(val)
+ debug('etag %s', this._etag)
+ return this
+}, 'send.etag: pass etag as option')
+
+/**
+ * Enable or disable "hidden" (dot) files.
+ *
+ * @param {Boolean} path
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.hidden = deprecate.function(function hidden (val) {
+ this._hidden = Boolean(val)
+ this._dotfiles = undefined
+ debug('hidden %s', this._hidden)
+ return this
+}, 'send.hidden: use dotfiles option')
+
+/**
+ * Set index `paths`, set to a falsy
+ * value to disable index support.
+ *
+ * @param {String|Boolean|Array} paths
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.index = deprecate.function(function index (paths) {
+ var index = !paths ? [] : normalizeList(paths, 'paths argument')
+ debug('index %o', paths)
+ this._index = index
+ return this
+}, 'send.index: pass index as option')
+
+/**
+ * Set root `path`.
+ *
+ * @param {String} path
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.root = function root (path) {
+ this._root = resolve(String(path))
+ debug('root %s', this._root)
+ return this
+}
+
+SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
+ 'send.from: pass root as option')
+
+SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
+ 'send.root: pass root as option')
+
+/**
+ * Set max-age to `maxAge`.
+ *
+ * @param {Number} maxAge
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
+ this._maxage = typeof maxAge === 'string'
+ ? ms(maxAge)
+ : Number(maxAge)
+ this._maxage = !isNaN(this._maxage)
+ ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
+ : 0
+ debug('max-age %d', this._maxage)
+ return this
+}, 'send.maxage: pass maxAge as option')
+
+/**
+ * Emit error with `status`.
+ *
+ * @param {number} status
+ * @param {Error} [err]
+ * @private
+ */
+
+SendStream.prototype.error = function error (status, err) {
+ // emit if listeners instead of responding
+ if (hasListeners(this, 'error')) {
+ return this.emit('error', createHttpError(status, err))
+ }
+
+ var res = this.res
+ var msg = statuses.message[status] || String(status)
+ var doc = createHtmlDocument('Error', escapeHtml(msg))
+
+ // clear existing headers
+ clearHeaders(res)
+
+ // add error headers
+ if (err && err.headers) {
+ setHeaders(res, err.headers)
+ }
+
+ // send basic response
+ res.statusCode = status
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', Buffer.byteLength(doc))
+ res.setHeader('Content-Security-Policy', "default-src 'none'")
+ res.setHeader('X-Content-Type-Options', 'nosniff')
+ res.end(doc)
+}
+
+/**
+ * Check if the pathname ends with "/".
+ *
+ * @return {boolean}
+ * @private
+ */
+
+SendStream.prototype.hasTrailingSlash = function hasTrailingSlash () {
+ return this.path[this.path.length - 1] === '/'
+}
+
+/**
+ * Check if this is a conditional GET request.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isConditionalGET = function isConditionalGET () {
+ return this.req.headers['if-match'] ||
+ this.req.headers['if-unmodified-since'] ||
+ this.req.headers['if-none-match'] ||
+ this.req.headers['if-modified-since']
+}
+
+/**
+ * Check if the request preconditions failed.
+ *
+ * @return {boolean}
+ * @private
+ */
+
+SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
+ var req = this.req
+ var res = this.res
+
+ // if-match
+ var match = req.headers['if-match']
+ if (match) {
+ var etag = res.getHeader('ETag')
+ return !etag || (match !== '*' && parseTokenList(match).every(function (match) {
+ return match !== etag && match !== 'W/' + etag && 'W/' + match !== etag
+ }))
+ }
+
+ // if-unmodified-since
+ var unmodifiedSince = parseHttpDate(req.headers['if-unmodified-since'])
+ if (!isNaN(unmodifiedSince)) {
+ var lastModified = parseHttpDate(res.getHeader('Last-Modified'))
+ return isNaN(lastModified) || lastModified > unmodifiedSince
+ }
+
+ return false
+}
+
+/**
+ * Strip various content header fields for a change in entity.
+ *
+ * @private
+ */
+
+SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
+ var res = this.res
+
+ res.removeHeader('Content-Encoding')
+ res.removeHeader('Content-Language')
+ res.removeHeader('Content-Length')
+ res.removeHeader('Content-Range')
+ res.removeHeader('Content-Type')
+}
+
+/**
+ * Respond with 304 not modified.
+ *
+ * @api private
+ */
+
+SendStream.prototype.notModified = function notModified () {
+ var res = this.res
+ debug('not modified')
+ this.removeContentHeaderFields()
+ res.statusCode = 304
+ res.end()
+}
+
+/**
+ * Raise error that headers already sent.
+ *
+ * @api private
+ */
+
+SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
+ var err = new Error('Can\'t set headers after they are sent.')
+ debug('headers already sent')
+ this.error(500, err)
+}
+
+/**
+ * Check if the request is cacheable, aka
+ * responded with 2xx or 304 (see RFC 2616 section 14.2{5,6}).
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isCachable = function isCachable () {
+ var statusCode = this.res.statusCode
+ return (statusCode >= 200 && statusCode < 300) ||
+ statusCode === 304
+}
+
+/**
+ * Handle stat() error.
+ *
+ * @param {Error} error
+ * @private
+ */
+
+SendStream.prototype.onStatError = function onStatError (error) {
+ switch (error.code) {
+ case 'ENAMETOOLONG':
+ case 'ENOENT':
+ case 'ENOTDIR':
+ this.error(404, error)
+ break
+ default:
+ this.error(500, error)
+ break
+ }
+}
+
+/**
+ * Check if the cache is fresh.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isFresh = function isFresh () {
+ return fresh(this.req.headers, {
+ etag: this.res.getHeader('ETag'),
+ 'last-modified': this.res.getHeader('Last-Modified')
+ })
+}
+
+/**
+ * Check if the range is fresh.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isRangeFresh = function isRangeFresh () {
+ var ifRange = this.req.headers['if-range']
+
+ if (!ifRange) {
+ return true
+ }
+
+ // if-range as etag
+ if (ifRange.indexOf('"') !== -1) {
+ var etag = this.res.getHeader('ETag')
+ return Boolean(etag && ifRange.indexOf(etag) !== -1)
+ }
+
+ // if-range as modified date
+ var lastModified = this.res.getHeader('Last-Modified')
+ return parseHttpDate(lastModified) <= parseHttpDate(ifRange)
+}
+
+/**
+ * Redirect to path.
+ *
+ * @param {string} path
+ * @private
+ */
+
+SendStream.prototype.redirect = function redirect (path) {
+ var res = this.res
+
+ if (hasListeners(this, 'directory')) {
+ this.emit('directory', res, path)
+ return
+ }
+
+ if (this.hasTrailingSlash()) {
+ this.error(403)
+ return
+ }
+
+ var loc = encodeUrl(collapseLeadingSlashes(this.path + '/'))
+ var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
+
+ // redirect
+ res.statusCode = 301
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', Buffer.byteLength(doc))
+ res.setHeader('Content-Security-Policy', "default-src 'none'")
+ res.setHeader('X-Content-Type-Options', 'nosniff')
+ res.setHeader('Location', loc)
+ res.end(doc)
+}
+
+/**
+ * Pipe to `res.
+ *
+ * @param {Stream} res
+ * @return {Stream} res
+ * @api public
+ */
+
+SendStream.prototype.pipe = function pipe (res) {
+ // root path
+ var root = this._root
+
+ // references
+ this.res = res
+
+ // decode the path
+ var path = decode(this.path)
+ if (path === -1) {
+ this.error(400)
+ return res
+ }
+
+ // null byte(s)
+ if (~path.indexOf('\0')) {
+ this.error(400)
+ return res
+ }
+
+ var parts
+ if (root !== null) {
+ // normalize
+ if (path) {
+ path = normalize('.' + sep + path)
+ }
+
+ // malicious path
+ if (UP_PATH_REGEXP.test(path)) {
+ debug('malicious path "%s"', path)
+ this.error(403)
+ return res
+ }
+
+ // explode path parts
+ parts = path.split(sep)
+
+ // join / normalize from optional root dir
+ path = normalize(join(root, path))
+ } else {
+ // ".." is malicious without "root"
+ if (UP_PATH_REGEXP.test(path)) {
+ debug('malicious path "%s"', path)
+ this.error(403)
+ return res
+ }
+
+ // explode path parts
+ parts = normalize(path).split(sep)
+
+ // resolve the path
+ path = resolve(path)
+ }
+
+ // dotfile handling
+ if (containsDotFile(parts)) {
+ var access = this._dotfiles
+
+ // legacy support
+ if (access === undefined) {
+ access = parts[parts.length - 1][0] === '.'
+ ? (this._hidden ? 'allow' : 'ignore')
+ : 'allow'
+ }
+
+ debug('%s dotfile "%s"', access, path)
+ switch (access) {
+ case 'allow':
+ break
+ case 'deny':
+ this.error(403)
+ return res
+ case 'ignore':
+ default:
+ this.error(404)
+ return res
+ }
+ }
+
+ // index file support
+ if (this._index.length && this.hasTrailingSlash()) {
+ this.sendIndex(path)
+ return res
+ }
+
+ this.sendFile(path)
+ return res
+}
+
+/**
+ * Transfer `path`.
+ *
+ * @param {String} path
+ * @api public
+ */
+
+SendStream.prototype.send = function send (path, stat) {
+ var len = stat.size
+ var options = this.options
+ var opts = {}
+ var res = this.res
+ var req = this.req
+ var ranges = req.headers.range
+ var offset = options.start || 0
+
+ if (headersSent(res)) {
+ // impossible to send now
+ this.headersAlreadySent()
+ return
+ }
+
+ debug('pipe "%s"', path)
+
+ // set header fields
+ this.setHeader(path, stat)
+
+ // set content-type
+ this.type(path)
+
+ // conditional GET support
+ if (this.isConditionalGET()) {
+ if (this.isPreconditionFailure()) {
+ this.error(412)
+ return
+ }
+
+ if (this.isCachable() && this.isFresh()) {
+ this.notModified()
+ return
+ }
+ }
+
+ // adjust len to start/end options
+ len = Math.max(0, len - offset)
+ if (options.end !== undefined) {
+ var bytes = options.end - offset + 1
+ if (len > bytes) len = bytes
+ }
+
+ // Range support
+ if (this._acceptRanges && BYTES_RANGE_REGEXP.test(ranges)) {
+ // parse
+ ranges = parseRange(len, ranges, {
+ combine: true
+ })
+
+ // If-Range support
+ if (!this.isRangeFresh()) {
+ debug('range stale')
+ ranges = -2
+ }
+
+ // unsatisfiable
+ if (ranges === -1) {
+ debug('range unsatisfiable')
+
+ // Content-Range
+ res.setHeader('Content-Range', contentRange('bytes', len))
+
+ // 416 Requested Range Not Satisfiable
+ return this.error(416, {
+ headers: { 'Content-Range': res.getHeader('Content-Range') }
+ })
+ }
+
+ // valid (syntactically invalid/multiple ranges are treated as a regular response)
+ if (ranges !== -2 && ranges.length === 1) {
+ debug('range %j', ranges)
+
+ // Content-Range
+ res.statusCode = 206
+ res.setHeader('Content-Range', contentRange('bytes', len, ranges[0]))
+
+ // adjust for requested range
+ offset += ranges[0].start
+ len = ranges[0].end - ranges[0].start + 1
+ }
+ }
+
+ // clone options
+ for (var prop in options) {
+ opts[prop] = options[prop]
+ }
+
+ // set read options
+ opts.start = offset
+ opts.end = Math.max(offset, offset + len - 1)
+
+ // content-length
+ res.setHeader('Content-Length', len)
+
+ // HEAD support
+ if (req.method === 'HEAD') {
+ res.end()
+ return
+ }
+
+ this.stream(path, opts)
+}
+
+/**
+ * Transfer file for `path`.
+ *
+ * @param {String} path
+ * @api private
+ */
+SendStream.prototype.sendFile = function sendFile (path) {
+ var i = 0
+ var self = this
+
+ debug('stat "%s"', path)
+ fs.stat(path, function onstat (err, stat) {
+ if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
+ // not found, check extensions
+ return next(err)
+ }
+ if (err) return self.onStatError(err)
+ if (stat.isDirectory()) return self.redirect(path)
+ self.emit('file', path, stat)
+ self.send(path, stat)
+ })
+
+ function next (err) {
+ if (self._extensions.length <= i) {
+ return err
+ ? self.onStatError(err)
+ : self.error(404)
+ }
+
+ var p = path + '.' + self._extensions[i++]
+
+ debug('stat "%s"', p)
+ fs.stat(p, function (err, stat) {
+ if (err) return next(err)
+ if (stat.isDirectory()) return next()
+ self.emit('file', p, stat)
+ self.send(p, stat)
+ })
+ }
+}
+
+/**
+ * Transfer index for `path`.
+ *
+ * @param {String} path
+ * @api private
+ */
+SendStream.prototype.sendIndex = function sendIndex (path) {
+ var i = -1
+ var self = this
+
+ function next (err) {
+ if (++i >= self._index.length) {
+ if (err) return self.onStatError(err)
+ return self.error(404)
+ }
+
+ var p = join(path, self._index[i])
+
+ debug('stat "%s"', p)
+ fs.stat(p, function (err, stat) {
+ if (err) return next(err)
+ if (stat.isDirectory()) return next()
+ self.emit('file', p, stat)
+ self.send(p, stat)
+ })
+ }
+
+ next()
+}
+
+/**
+ * Stream `path` to the response.
+ *
+ * @param {String} path
+ * @param {Object} options
+ * @api private
+ */
+
+SendStream.prototype.stream = function stream (path, options) {
+ var self = this
+ var res = this.res
+
+ // pipe
+ var stream = fs.createReadStream(path, options)
+ this.emit('stream', stream)
+ stream.pipe(res)
+
+ // cleanup
+ function cleanup () {
+ destroy(stream, true)
+ }
+
+ // response finished, cleanup
+ onFinished(res, cleanup)
+
+ // error handling
+ stream.on('error', function onerror (err) {
+ // clean up stream early
+ cleanup()
+
+ // error
+ self.onStatError(err)
+ })
+
+ // end
+ stream.on('end', function onend () {
+ self.emit('end')
+ })
+}
+
+/**
+ * Set content-type based on `path`
+ * if it hasn't been explicitly set.
+ *
+ * @param {String} path
+ * @api private
+ */
+
+SendStream.prototype.type = function type (path) {
+ var res = this.res
+
+ if (res.getHeader('Content-Type')) return
+
+ var type = mime.lookup(path)
+
+ if (!type) {
+ debug('no content-type')
+ return
+ }
+
+ var charset = mime.charsets.lookup(type)
+
+ debug('content-type %s', type)
+ res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''))
+}
+
+/**
+ * Set response header fields, most
+ * fields may be pre-defined.
+ *
+ * @param {String} path
+ * @param {Object} stat
+ * @api private
+ */
+
+SendStream.prototype.setHeader = function setHeader (path, stat) {
+ var res = this.res
+
+ this.emit('headers', res, path, stat)
+
+ if (this._acceptRanges && !res.getHeader('Accept-Ranges')) {
+ debug('accept ranges')
+ res.setHeader('Accept-Ranges', 'bytes')
+ }
+
+ if (this._cacheControl && !res.getHeader('Cache-Control')) {
+ var cacheControl = 'public, max-age=' + Math.floor(this._maxage / 1000)
+
+ if (this._immutable) {
+ cacheControl += ', immutable'
+ }
+
+ debug('cache-control %s', cacheControl)
+ res.setHeader('Cache-Control', cacheControl)
+ }
+
+ if (this._lastModified && !res.getHeader('Last-Modified')) {
+ var modified = stat.mtime.toUTCString()
+ debug('modified %s', modified)
+ res.setHeader('Last-Modified', modified)
+ }
+
+ if (this._etag && !res.getHeader('ETag')) {
+ var val = etag(stat)
+ debug('etag %s', val)
+ res.setHeader('ETag', val)
+ }
+}
+
+/**
+ * Clear all headers from a response.
+ *
+ * @param {object} res
+ * @private
+ */
+
+function clearHeaders (res) {
+ var headers = getHeaderNames(res)
+
+ for (var i = 0; i < headers.length; i++) {
+ res.removeHeader(headers[i])
+ }
+}
+
+/**
+ * Collapse all leading slashes into a single slash
+ *
+ * @param {string} str
+ * @private
+ */
+function collapseLeadingSlashes (str) {
+ for (var i = 0; i < str.length; i++) {
+ if (str[i] !== '/') {
+ break
+ }
+ }
+
+ return i > 1
+ ? '/' + str.substr(i)
+ : str
+}
+
+/**
+ * Determine if path parts contain a dotfile.
+ *
+ * @api private
+ */
+
+function containsDotFile (parts) {
+ for (var i = 0; i < parts.length; i++) {
+ var part = parts[i]
+ if (part.length > 1 && part[0] === '.') {
+ return true
+ }
+ }
+
+ return false
+}
+
+/**
+ * Create a Content-Range header.
+ *
+ * @param {string} type
+ * @param {number} size
+ * @param {array} [range]
+ */
+
+function contentRange (type, size, range) {
+ return type + ' ' + (range ? range.start + '-' + range.end : '*') + '/' + size
+}
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} title
+ * @param {string} body
+ * @private
+ */
+
+function createHtmlDocument (title, body) {
+ return '<!DOCTYPE html>\n' +
+ '<html lang="en">\n' +
+ '<head>\n' +
+ '<meta charset="utf-8">\n' +
+ '<title>' + title + '</title>\n' +
+ '</head>\n' +
+ '<body>\n' +
+ '<pre>' + body + '</pre>\n' +
+ '</body>\n' +
+ '</html>\n'
+}
+
+/**
+ * Create a HttpError object from simple arguments.
+ *
+ * @param {number} status
+ * @param {Error|object} err
+ * @private
+ */
+
+function createHttpError (status, err) {
+ if (!err) {
+ return createError(status)
+ }
+
+ return err instanceof Error
+ ? createError(status, err, { expose: false })
+ : createError(status, err)
+}
+
+/**
+ * decodeURIComponent.
+ *
+ * Allows V8 to only deoptimize this fn instead of all
+ * of send().
+ *
+ * @param {String} path
+ * @api private
+ */
+
+function decode (path) {
+ try {
+ return decodeURIComponent(path)
+ } catch (err) {
+ return -1
+ }
+}
+
+/**
+ * Get the header names on a respnse.
+ *
+ * @param {object} res
+ * @returns {array[string]}
+ * @private
+ */
+
+function getHeaderNames (res) {
+ return typeof res.getHeaderNames !== 'function'
+ ? Object.keys(res._headers || {})
+ : res.getHeaderNames()
+}
+
+/**
+ * Determine if emitter has listeners of a given type.
+ *
+ * The way to do this check is done three different ways in Node.js >= 0.8
+ * so this consolidates them into a minimal set using instance methods.
+ *
+ * @param {EventEmitter} emitter
+ * @param {string} type
+ * @returns {boolean}
+ * @private
+ */
+
+function hasListeners (emitter, type) {
+ var count = typeof emitter.listenerCount !== 'function'
+ ? emitter.listeners(type).length
+ : emitter.listenerCount(type)
+
+ return count > 0
+}
+
+/**
+ * Determine if the response headers have been sent.
+ *
+ * @param {object} res
+ * @returns {boolean}
+ * @private
+ */
+
+function headersSent (res) {
+ return typeof res.headersSent !== 'boolean'
+ ? Boolean(res._header)
+ : res.headersSent
+}
+
+/**
+ * Normalize the index option into an array.
+ *
+ * @param {boolean|string|array} val
+ * @param {string} name
+ * @private
+ */
+
+function normalizeList (val, name) {
+ var list = [].concat(val || [])
+
+ for (var i = 0; i < list.length; i++) {
+ if (typeof list[i] !== 'string') {
+ throw new TypeError(name + ' must be array of strings or false')
+ }
+ }
+
+ return list
+}
+
+/**
+ * Parse an HTTP Date into a number.
+ *
+ * @param {string} date
+ * @private
+ */
+
+function parseHttpDate (date) {
+ var timestamp = date && Date.parse(date)
+
+ return typeof timestamp === 'number'
+ ? timestamp
+ : NaN
+}
+
+/**
+ * Parse a HTTP token list.
+ *
+ * @param {string} str
+ * @private
+ */
+
+function parseTokenList (str) {
+ var end = 0
+ var list = []
+ var start = 0
+
+ // gather tokens
+ for (var i = 0, len = str.length; i < len; i++) {
+ switch (str.charCodeAt(i)) {
+ case 0x20: /* */
+ if (start === end) {
+ start = end = i + 1
+ }
+ break
+ case 0x2c: /* , */
+ if (start !== end) {
+ list.push(str.substring(start, end))
+ }
+ start = end = i + 1
+ break
+ default:
+ end = i + 1
+ break
+ }
+ }
+
+ // final token
+ if (start !== end) {
+ list.push(str.substring(start, end))
+ }
+
+ return list
+}
+
+/**
+ * Set an object of headers on a response.
+ *
+ * @param {object} res
+ * @param {object} headers
+ * @private
+ */
+
+function setHeaders (res, headers) {
+ var keys = Object.keys(headers)
+
+ for (var i = 0; i < keys.length; i++) {
+ var key = keys[i]
+ res.setHeader(key, headers[key])
+ }
+}
diff --git a/node_modules/send/node_modules/encodeurl/HISTORY.md b/node_modules/send/node_modules/encodeurl/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..41313b2b3ee8a02ec17c62184bd6a31ebd5a9703
--- /dev/null
+++ b/node_modules/send/node_modules/encodeurl/HISTORY.md
@@ -0,0 +1,14 @@
+1.0.2 / 2018-01-21
+==================
+
+ * Fix encoding `%` as last character
+
+1.0.1 / 2016-06-09
+==================
+
+ * Fix encoding unpaired surrogates at start/end of string
+
+1.0.0 / 2016-06-08
+==================
+
+ * Initial release
diff --git a/node_modules/send/node_modules/encodeurl/LICENSE b/node_modules/send/node_modules/encodeurl/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..8812229bc59b5f365549fb3c799b32a4d4acdabc
--- /dev/null
+++ b/node_modules/send/node_modules/encodeurl/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/send/node_modules/encodeurl/README.md b/node_modules/send/node_modules/encodeurl/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..127c5a0d491b284eab066ee42ef8a1e136160101
--- /dev/null
+++ b/node_modules/send/node_modules/encodeurl/README.md
@@ -0,0 +1,128 @@
+# encodeurl
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install encodeurl
+```
+
+## API
+
+```js
+var encodeUrl = require('encodeurl')
+```
+
+### encodeUrl(url)
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+
+This function will take an already-encoded URL and encode all the non-URL
+code points (as UTF-8 byte sequences). This function will not encode the
+"%" character unless it is not part of a valid sequence (`%20` will be
+left as-is, but `%foo` will be encoded as `%25foo`).
+
+This encode is meant to be "safe" and does not throw errors. It will try as
+hard as it can to properly encode the given URL, including replacing any raw,
+unpaired surrogate pairs with the Unicode replacement character prior to
+encoding.
+
+This function is _similar_ to the intrinsic function `encodeURI`, except it
+will not encode the `%` character if that is part of a valid sequence, will
+not encode `[` and `]` (for IPv6 hostnames) and will replace raw, unpaired
+surrogate pairs with the Unicode replacement character (instead of throwing).
+
+## Examples
+
+### Encode a URL containing user-controled data
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+
+http.createServer(function onRequest (req, res) {
+ // get encoded form of inbound url
+ var url = encodeUrl(req.url)
+
+ // create html message
+ var body = '<p>Location ' + escapeHtml(url) + ' not found</p>'
+
+ // send a 404
+ res.statusCode = 404
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+ res.end(body, 'utf-8')
+})
+```
+
+### Encode a URL for use in a header field
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var url = require('url')
+
+http.createServer(function onRequest (req, res) {
+ // parse inbound url
+ var href = url.parse(req)
+
+ // set new host for redirect
+ href.host = 'localhost'
+ href.protocol = 'https:'
+ href.slashes = true
+
+ // create location header
+ var location = encodeUrl(url.format(href))
+
+ // create html message
+ var body = '<p>Redirecting to new site: ' + escapeHtml(location) + '</p>'
+
+ // send a 301
+ res.statusCode = 301
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+ res.setHeader('Location', location)
+ res.end(body, 'utf-8')
+})
+```
+
+## Testing
+
+```sh
+$ npm test
+$ npm run lint
+```
+
+## References
+
+- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986]
+- [WHATWG URL Living Standard][whatwg-url]
+
+[rfc-3986]: https://tools.ietf.org/html/rfc3986
+[whatwg-url]: https://url.spec.whatwg.org/
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/encodeurl.svg
+[npm-url]: https://npmjs.org/package/encodeurl
+[node-version-image]: https://img.shields.io/node/v/encodeurl.svg
+[node-version-url]: https://nodejs.org/en/download
+[travis-image]: https://img.shields.io/travis/pillarjs/encodeurl.svg
+[travis-url]: https://travis-ci.org/pillarjs/encodeurl
+[coveralls-image]: https://img.shields.io/coveralls/pillarjs/encodeurl.svg
+[coveralls-url]: https://coveralls.io/r/pillarjs/encodeurl?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/encodeurl.svg
+[downloads-url]: https://npmjs.org/package/encodeurl
diff --git a/node_modules/send/node_modules/encodeurl/index.js b/node_modules/send/node_modules/encodeurl/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..fc4906c6c7896396a877e1f369c78f804e3afa10
--- /dev/null
+++ b/node_modules/send/node_modules/encodeurl/index.js
@@ -0,0 +1,60 @@
+/*!
+ * encodeurl
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = encodeUrl
+
+/**
+ * RegExp to match non-URL code points, *after* encoding (i.e. not including "%")
+ * and including invalid escape sequences.
+ * @private
+ */
+
+var ENCODE_CHARS_REGEXP = /(?:[^\x21\x25\x26-\x3B\x3D\x3F-\x5B\x5D\x5F\x61-\x7A\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g
+
+/**
+ * RegExp to match unmatched surrogate pair.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g
+
+/**
+ * String to replace unmatched surrogate pair with.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2'
+
+/**
+ * Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+ *
+ * This function will take an already-encoded URL and encode all the non-URL
+ * code points. This function will not encode the "%" character unless it is
+ * not part of a valid sequence (`%20` will be left as-is, but `%foo` will
+ * be encoded as `%25foo`).
+ *
+ * This encode is meant to be "safe" and does not throw errors. It will try as
+ * hard as it can to properly encode the given URL, including replacing any raw,
+ * unpaired surrogate pairs with the Unicode replacement character prior to
+ * encoding.
+ *
+ * @param {string} url
+ * @return {string}
+ * @public
+ */
+
+function encodeUrl (url) {
+ return String(url)
+ .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE)
+ .replace(ENCODE_CHARS_REGEXP, encodeURI)
+}
diff --git a/node_modules/send/node_modules/encodeurl/package.json b/node_modules/send/node_modules/encodeurl/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..b9f25ef10b2fc15b4a9c2ea5aa48856d73f1aade
--- /dev/null
+++ b/node_modules/send/node_modules/encodeurl/package.json
@@ -0,0 +1,40 @@
+{
+ "name": "encodeurl",
+ "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
+ "version": "1.0.2",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>"
+ ],
+ "license": "MIT",
+ "keywords": [
+ "encode",
+ "encodeurl",
+ "url"
+ ],
+ "repository": "pillarjs/encodeurl",
+ "devDependencies": {
+ "eslint": "3.19.0",
+ "eslint-config-standard": "10.2.1",
+ "eslint-plugin-import": "2.8.0",
+ "eslint-plugin-node": "5.2.1",
+ "eslint-plugin-promise": "3.6.0",
+ "eslint-plugin-standard": "3.0.1",
+ "istanbul": "0.4.5",
+ "mocha": "2.5.3"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ }
+}
diff --git a/node_modules/send/node_modules/ms/index.js b/node_modules/send/node_modules/ms/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..ea734fb73820316ed1c0f6a2f6e96dce0e3eb6f0
--- /dev/null
+++ b/node_modules/send/node_modules/ms/index.js
@@ -0,0 +1,162 @@
+/**
+ * Helpers.
+ */
+
+var s = 1000;
+var m = s * 60;
+var h = m * 60;
+var d = h * 24;
+var w = d * 7;
+var y = d * 365.25;
+
+/**
+ * Parse or format the given `val`.
+ *
+ * Options:
+ *
+ * - `long` verbose formatting [false]
+ *
+ * @param {String|Number} val
+ * @param {Object} [options]
+ * @throws {Error} throw an error if val is not a non-empty string or a number
+ * @return {String|Number}
+ * @api public
+ */
+
+module.exports = function (val, options) {
+ options = options || {};
+ var type = typeof val;
+ if (type === 'string' && val.length > 0) {
+ return parse(val);
+ } else if (type === 'number' && isFinite(val)) {
+ return options.long ? fmtLong(val) : fmtShort(val);
+ }
+ throw new Error(
+ 'val is not a non-empty string or a valid number. val=' +
+ JSON.stringify(val)
+ );
+};
+
+/**
+ * Parse the given `str` and return milliseconds.
+ *
+ * @param {String} str
+ * @return {Number}
+ * @api private
+ */
+
+function parse(str) {
+ str = String(str);
+ if (str.length > 100) {
+ return;
+ }
+ var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(
+ str
+ );
+ if (!match) {
+ return;
+ }
+ var n = parseFloat(match[1]);
+ var type = (match[2] || 'ms').toLowerCase();
+ switch (type) {
+ case 'years':
+ case 'year':
+ case 'yrs':
+ case 'yr':
+ case 'y':
+ return n * y;
+ case 'weeks':
+ case 'week':
+ case 'w':
+ return n * w;
+ case 'days':
+ case 'day':
+ case 'd':
+ return n * d;
+ case 'hours':
+ case 'hour':
+ case 'hrs':
+ case 'hr':
+ case 'h':
+ return n * h;
+ case 'minutes':
+ case 'minute':
+ case 'mins':
+ case 'min':
+ case 'm':
+ return n * m;
+ case 'seconds':
+ case 'second':
+ case 'secs':
+ case 'sec':
+ case 's':
+ return n * s;
+ case 'milliseconds':
+ case 'millisecond':
+ case 'msecs':
+ case 'msec':
+ case 'ms':
+ return n;
+ default:
+ return undefined;
+ }
+}
+
+/**
+ * Short format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtShort(ms) {
+ var msAbs = Math.abs(ms);
+ if (msAbs >= d) {
+ return Math.round(ms / d) + 'd';
+ }
+ if (msAbs >= h) {
+ return Math.round(ms / h) + 'h';
+ }
+ if (msAbs >= m) {
+ return Math.round(ms / m) + 'm';
+ }
+ if (msAbs >= s) {
+ return Math.round(ms / s) + 's';
+ }
+ return ms + 'ms';
+}
+
+/**
+ * Long format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtLong(ms) {
+ var msAbs = Math.abs(ms);
+ if (msAbs >= d) {
+ return plural(ms, msAbs, d, 'day');
+ }
+ if (msAbs >= h) {
+ return plural(ms, msAbs, h, 'hour');
+ }
+ if (msAbs >= m) {
+ return plural(ms, msAbs, m, 'minute');
+ }
+ if (msAbs >= s) {
+ return plural(ms, msAbs, s, 'second');
+ }
+ return ms + ' ms';
+}
+
+/**
+ * Pluralization helper.
+ */
+
+function plural(ms, msAbs, n, name) {
+ var isPlural = msAbs >= n * 1.5;
+ return Math.round(ms / n) + ' ' + name + (isPlural ? 's' : '');
+}
diff --git a/node_modules/send/node_modules/ms/license.md b/node_modules/send/node_modules/ms/license.md
new file mode 100644
index 0000000000000000000000000000000000000000..fa5d39b6213f8a5e142b643575f99d9149cc71c6
--- /dev/null
+++ b/node_modules/send/node_modules/ms/license.md
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Vercel, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/node_modules/send/node_modules/ms/package.json b/node_modules/send/node_modules/ms/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..49971890df8e2b9a4a5f4909fbd6678b862d8a50
--- /dev/null
+++ b/node_modules/send/node_modules/ms/package.json
@@ -0,0 +1,38 @@
+{
+ "name": "ms",
+ "version": "2.1.3",
+ "description": "Tiny millisecond conversion utility",
+ "repository": "vercel/ms",
+ "main": "./index",
+ "files": [
+ "index.js"
+ ],
+ "scripts": {
+ "precommit": "lint-staged",
+ "lint": "eslint lib/* bin/*",
+ "test": "mocha tests.js"
+ },
+ "eslintConfig": {
+ "extends": "eslint:recommended",
+ "env": {
+ "node": true,
+ "es6": true
+ }
+ },
+ "lint-staged": {
+ "*.js": [
+ "npm run lint",
+ "prettier --single-quote --write",
+ "git add"
+ ]
+ },
+ "license": "MIT",
+ "devDependencies": {
+ "eslint": "4.18.2",
+ "expect.js": "0.3.1",
+ "husky": "0.14.3",
+ "lint-staged": "5.0.0",
+ "mocha": "4.0.1",
+ "prettier": "2.0.5"
+ }
+}
diff --git a/node_modules/send/node_modules/ms/readme.md b/node_modules/send/node_modules/ms/readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..0fc1abb3b8e30a3ab97023d243127c75b1b3a4d7
--- /dev/null
+++ b/node_modules/send/node_modules/ms/readme.md
@@ -0,0 +1,59 @@
+# ms
+
+
+
+Use this package to easily convert various time formats to milliseconds.
+
+## Examples
+
+```js
+ms('2 days') // 172800000
+ms('1d') // 86400000
+ms('10h') // 36000000
+ms('2.5 hrs') // 9000000
+ms('2h') // 7200000
+ms('1m') // 60000
+ms('5s') // 5000
+ms('1y') // 31557600000
+ms('100') // 100
+ms('-3 days') // -259200000
+ms('-1h') // -3600000
+ms('-200') // -200
+```
+
+### Convert from Milliseconds
+
+```js
+ms(60000) // "1m"
+ms(2 * 60000) // "2m"
+ms(-3 * 60000) // "-3m"
+ms(ms('10 hours')) // "10h"
+```
+
+### Time Format Written-Out
+
+```js
+ms(60000, { long: true }) // "1 minute"
+ms(2 * 60000, { long: true }) // "2 minutes"
+ms(-3 * 60000, { long: true }) // "-3 minutes"
+ms(ms('10 hours'), { long: true }) // "10 hours"
+```
+
+## Features
+
+- Works both in [Node.js](https://nodejs.org) and in the browser
+- If a number is supplied to `ms`, a string with a unit is returned
+- If a string that contains the number is supplied, it returns it as a number (e.g.: it returns `100` for `'100'`)
+- If you pass a string with a number and a valid unit, the number of equivalent milliseconds is returned
+
+## Related Packages
+
+- [ms.macro](https://github.com/knpwrs/ms.macro) - Run `ms` as a macro at build-time.
+
+## Caught a Bug?
+
+1. [Fork](https://help.github.com/articles/fork-a-repo/) this repository to your own GitHub account and then [clone](https://help.github.com/articles/cloning-a-repository/) it to your local device
+2. Link the package to the global module directory: `npm link`
+3. Within the module you want to test your local development instance of ms, just link it to the dependencies: `npm link ms`. Instead of the default one from npm, Node.js will now use your clone of ms!
+
+As always, you can run the tests using: `npm test`
diff --git a/node_modules/send/package.json b/node_modules/send/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..a3233e005711b7fbfc358d07c33ef8821b6ca5e8
--- /dev/null
+++ b/node_modules/send/package.json
@@ -0,0 +1,62 @@
+{
+ "name": "send",
+ "description": "Better streaming static file server with Range and conditional-GET support",
+ "version": "0.19.0",
+ "author": "TJ Holowaychuk <tj@vision-media.ca>",
+ "contributors": [
+ "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "James Wyatt Cready <jcready@gmail.com>",
+ "Jesús Leganés Combarro <piranna@gmail.com>"
+ ],
+ "license": "MIT",
+ "repository": "pillarjs/send",
+ "keywords": [
+ "static",
+ "file",
+ "server"
+ ],
+ "dependencies": {
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "destroy": "1.2.0",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "mime": "1.6.0",
+ "ms": "2.1.3",
+ "on-finished": "2.4.1",
+ "range-parser": "~1.2.1",
+ "statuses": "2.0.1"
+ },
+ "devDependencies": {
+ "after": "0.8.2",
+ "eslint": "7.32.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.25.4",
+ "eslint-plugin-markdown": "2.2.1",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "5.2.0",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "9.2.2",
+ "nyc": "15.1.0",
+ "supertest": "6.2.2"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "README.md",
+ "SECURITY.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8.0"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --check-leaks --reporter spec --bail",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test"
+ }
+}
diff --git a/node_modules/serve-static/HISTORY.md b/node_modules/serve-static/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..dccf667866f235c68664f91e3cbeefb29f23330e
--- /dev/null
+++ b/node_modules/serve-static/HISTORY.md
@@ -0,0 +1,487 @@
+1.16.2 / 2024-09-11
+===================
+
+* deps: encodeurl@~2.0.0
+
+1.16.1 / 2024-09-11
+===================
+
+* deps: send@0.19.0
+
+1.16.0 / 2024-09-10
+===================
+
+* Remove link renderization in html while redirecting
+
+
+1.15.0 / 2022-03-24
+===================
+
+ * deps: send@0.18.0
+ - Fix emitted 416 error missing headers property
+ - Limit the headers removed for 304 response
+ - deps: depd@2.0.0
+ - deps: destroy@1.2.0
+ - deps: http-errors@2.0.0
+ - deps: on-finished@2.4.1
+ - deps: statuses@2.0.1
+
+1.14.2 / 2021-12-15
+===================
+
+ * deps: send@0.17.2
+ - deps: http-errors@1.8.1
+ - deps: ms@2.1.3
+ - pref: ignore empty http tokens
+
+1.14.1 / 2019-05-10
+===================
+
+ * Set stricter CSP header in redirect response
+ * deps: send@0.17.1
+ - deps: range-parser@~1.2.1
+
+1.14.0 / 2019-05-07
+===================
+
+ * deps: parseurl@~1.3.3
+ * deps: send@0.17.0
+ - deps: http-errors@~1.7.2
+ - deps: mime@1.6.0
+ - deps: ms@2.1.1
+ - deps: statuses@~1.5.0
+ - perf: remove redundant `path.normalize` call
+
+1.13.2 / 2018-02-07
+===================
+
+ * Fix incorrect end tag in redirects
+ * deps: encodeurl@~1.0.2
+ - Fix encoding `%` as last character
+ * deps: send@0.16.2
+ - deps: depd@~1.1.2
+ - deps: encodeurl@~1.0.2
+ - deps: statuses@~1.4.0
+
+1.13.1 / 2017-09-29
+===================
+
+ * Fix regression when `root` is incorrectly set to a file
+ * deps: send@0.16.1
+
+1.13.0 / 2017-09-27
+===================
+
+ * deps: send@0.16.0
+ - Add 70 new types for file extensions
+ - Add `immutable` option
+ - Fix missing `</html>` in default error & redirects
+ - Set charset as "UTF-8" for .js and .json
+ - Use instance methods on steam to check for listeners
+ - deps: mime@1.4.1
+ - perf: improve path validation speed
+
+1.12.6 / 2017-09-22
+===================
+
+ * deps: send@0.15.6
+ - deps: debug@2.6.9
+ - perf: improve `If-Match` token parsing
+ * perf: improve slash collapsing
+
+1.12.5 / 2017-09-21
+===================
+
+ * deps: parseurl@~1.3.2
+ - perf: reduce overhead for full URLs
+ - perf: unroll the "fast-path" `RegExp`
+ * deps: send@0.15.5
+ - Fix handling of modified headers with invalid dates
+ - deps: etag@~1.8.1
+ - deps: fresh@0.5.2
+
+1.12.4 / 2017-08-05
+===================
+
+ * deps: send@0.15.4
+ - deps: debug@2.6.8
+ - deps: depd@~1.1.1
+ - deps: http-errors@~1.6.2
+
+1.12.3 / 2017-05-16
+===================
+
+ * deps: send@0.15.3
+ - deps: debug@2.6.7
+
+1.12.2 / 2017-04-26
+===================
+
+ * deps: send@0.15.2
+ - deps: debug@2.6.4
+
+1.12.1 / 2017-03-04
+===================
+
+ * deps: send@0.15.1
+ - Fix issue when `Date.parse` does not return `NaN` on invalid date
+ - Fix strict violation in broken environments
+
+1.12.0 / 2017-02-25
+===================
+
+ * Send complete HTML document in redirect response
+ * Set default CSP header in redirect response
+ * deps: send@0.15.0
+ - Fix false detection of `no-cache` request directive
+ - Fix incorrect result when `If-None-Match` has both `*` and ETags
+ - Fix weak `ETag` matching to match spec
+ - Remove usage of `res._headers` private field
+ - Support `If-Match` and `If-Unmodified-Since` headers
+ - Use `res.getHeaderNames()` when available
+ - Use `res.headersSent` when available
+ - deps: debug@2.6.1
+ - deps: etag@~1.8.0
+ - deps: fresh@0.5.0
+ - deps: http-errors@~1.6.1
+
+1.11.2 / 2017-01-23
+===================
+
+ * deps: send@0.14.2
+ - deps: http-errors@~1.5.1
+ - deps: ms@0.7.2
+ - deps: statuses@~1.3.1
+
+1.11.1 / 2016-06-10
+===================
+
+ * Fix redirect error when `req.url` contains raw non-URL characters
+ * deps: send@0.14.1
+
+1.11.0 / 2016-06-07
+===================
+
+ * Use status code 301 for redirects
+ * deps: send@0.14.0
+ - Add `acceptRanges` option
+ - Add `cacheControl` option
+ - Attempt to combine multiple ranges into single range
+ - Correctly inherit from `Stream` class
+ - Fix `Content-Range` header in 416 responses when using `start`/`end` options
+ - Fix `Content-Range` header missing from default 416 responses
+ - Ignore non-byte `Range` headers
+ - deps: http-errors@~1.5.0
+ - deps: range-parser@~1.2.0
+ - deps: statuses@~1.3.0
+ - perf: remove argument reassignment
+
+1.10.3 / 2016-05-30
+===================
+
+ * deps: send@0.13.2
+ - Fix invalid `Content-Type` header when `send.mime.default_type` unset
+
+1.10.2 / 2016-01-19
+===================
+
+ * deps: parseurl@~1.3.1
+ - perf: enable strict mode
+
+1.10.1 / 2016-01-16
+===================
+
+ * deps: escape-html@~1.0.3
+ - perf: enable strict mode
+ - perf: optimize string replacement
+ - perf: use faster string coercion
+ * deps: send@0.13.1
+ - deps: depd@~1.1.0
+ - deps: destroy@~1.0.4
+ - deps: escape-html@~1.0.3
+ - deps: range-parser@~1.0.3
+
+1.10.0 / 2015-06-17
+===================
+
+ * Add `fallthrough` option
+ - Allows declaring this middleware is the final destination
+ - Provides better integration with Express patterns
+ * Fix reading options from options prototype
+ * Improve the default redirect response headers
+ * deps: escape-html@1.0.2
+ * deps: send@0.13.0
+ - Allow Node.js HTTP server to set `Date` response header
+ - Fix incorrectly removing `Content-Location` on 304 response
+ - Improve the default redirect response headers
+ - Send appropriate headers on default error response
+ - Use `http-errors` for standard emitted errors
+ - Use `statuses` instead of `http` module for status messages
+ - deps: escape-html@1.0.2
+ - deps: etag@~1.7.0
+ - deps: fresh@0.3.0
+ - deps: on-finished@~2.3.0
+ - perf: enable strict mode
+ - perf: remove unnecessary array allocations
+ * perf: enable strict mode
+ * perf: remove argument reassignment
+
+1.9.3 / 2015-05-14
+==================
+
+ * deps: send@0.12.3
+ - deps: debug@~2.2.0
+ - deps: depd@~1.0.1
+ - deps: etag@~1.6.0
+ - deps: ms@0.7.1
+ - deps: on-finished@~2.2.1
+
+1.9.2 / 2015-03-14
+==================
+
+ * deps: send@0.12.2
+ - Throw errors early for invalid `extensions` or `index` options
+ - deps: debug@~2.1.3
+
+1.9.1 / 2015-02-17
+==================
+
+ * deps: send@0.12.1
+ - Fix regression sending zero-length files
+
+1.9.0 / 2015-02-16
+==================
+
+ * deps: send@0.12.0
+ - Always read the stat size from the file
+ - Fix mutating passed-in `options`
+ - deps: mime@1.3.4
+
+1.8.1 / 2015-01-20
+==================
+
+ * Fix redirect loop in Node.js 0.11.14
+ * deps: send@0.11.1
+ - Fix root path disclosure
+
+1.8.0 / 2015-01-05
+==================
+
+ * deps: send@0.11.0
+ - deps: debug@~2.1.1
+ - deps: etag@~1.5.1
+ - deps: ms@0.7.0
+ - deps: on-finished@~2.2.0
+
+1.7.2 / 2015-01-02
+==================
+
+ * Fix potential open redirect when mounted at root
+
+1.7.1 / 2014-10-22
+==================
+
+ * deps: send@0.10.1
+ - deps: on-finished@~2.1.1
+
+1.7.0 / 2014-10-15
+==================
+
+ * deps: send@0.10.0
+ - deps: debug@~2.1.0
+ - deps: depd@~1.0.0
+ - deps: etag@~1.5.0
+
+1.6.5 / 2015-02-04
+==================
+
+ * Fix potential open redirect when mounted at root
+ - Back-ported from v1.7.2
+
+1.6.4 / 2014-10-08
+==================
+
+ * Fix redirect loop when index file serving disabled
+
+1.6.3 / 2014-09-24
+==================
+
+ * deps: send@0.9.3
+ - deps: etag@~1.4.0
+
+1.6.2 / 2014-09-15
+==================
+
+ * deps: send@0.9.2
+ - deps: depd@0.4.5
+ - deps: etag@~1.3.1
+ - deps: range-parser@~1.0.2
+
+1.6.1 / 2014-09-07
+==================
+
+ * deps: send@0.9.1
+ - deps: fresh@0.2.4
+
+1.6.0 / 2014-09-07
+==================
+
+ * deps: send@0.9.0
+ - Add `lastModified` option
+ - Use `etag` to generate `ETag` header
+ - deps: debug@~2.0.0
+
+1.5.4 / 2014-09-04
+==================
+
+ * deps: send@0.8.5
+ - Fix a path traversal issue when using `root`
+ - Fix malicious path detection for empty string path
+
+1.5.3 / 2014-08-17
+==================
+
+ * deps: send@0.8.3
+
+1.5.2 / 2014-08-14
+==================
+
+ * deps: send@0.8.2
+ - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+
+1.5.1 / 2014-08-09
+==================
+
+ * Fix parsing of weird `req.originalUrl` values
+ * deps: parseurl@~1.3.0
+ * deps: utils-merge@1.0.0
+
+1.5.0 / 2014-08-05
+==================
+
+ * deps: send@0.8.1
+ - Add `extensions` option
+
+1.4.4 / 2014-08-04
+==================
+
+ * deps: send@0.7.4
+ - Fix serving index files without root dir
+
+1.4.3 / 2014-07-29
+==================
+
+ * deps: send@0.7.3
+ - Fix incorrect 403 on Windows and Node.js 0.11
+
+1.4.2 / 2014-07-27
+==================
+
+ * deps: send@0.7.2
+ - deps: depd@0.4.4
+
+1.4.1 / 2014-07-26
+==================
+
+ * deps: send@0.7.1
+ - deps: depd@0.4.3
+
+1.4.0 / 2014-07-21
+==================
+
+ * deps: parseurl@~1.2.0
+ - Cache URLs based on original value
+ - Remove no-longer-needed URL mis-parse work-around
+ - Simplify the "fast-path" `RegExp`
+ * deps: send@0.7.0
+ - Add `dotfiles` option
+ - deps: debug@1.0.4
+ - deps: depd@0.4.2
+
+1.3.2 / 2014-07-11
+==================
+
+ * deps: send@0.6.0
+ - Cap `maxAge` value to 1 year
+ - deps: debug@1.0.3
+
+1.3.1 / 2014-07-09
+==================
+
+ * deps: parseurl@~1.1.3
+ - faster parsing of href-only URLs
+
+1.3.0 / 2014-06-28
+==================
+
+ * Add `setHeaders` option
+ * Include HTML link in redirect response
+ * deps: send@0.5.0
+ - Accept string for `maxAge` (converted by `ms`)
+
+1.2.3 / 2014-06-11
+==================
+
+ * deps: send@0.4.3
+ - Do not throw un-catchable error on file open race condition
+ - Use `escape-html` for HTML escaping
+ - deps: debug@1.0.2
+ - deps: finished@1.2.2
+ - deps: fresh@0.2.2
+
+1.2.2 / 2014-06-09
+==================
+
+ * deps: send@0.4.2
+ - fix "event emitter leak" warnings
+ - deps: debug@1.0.1
+ - deps: finished@1.2.1
+
+1.2.1 / 2014-06-02
+==================
+
+ * use `escape-html` for escaping
+ * deps: send@0.4.1
+ - Send `max-age` in `Cache-Control` in correct format
+
+1.2.0 / 2014-05-29
+==================
+
+ * deps: send@0.4.0
+ - Calculate ETag with md5 for reduced collisions
+ - Fix wrong behavior when index file matches directory
+ - Ignore stream errors after request ends
+ - Skip directories in index file search
+ - deps: debug@0.8.1
+
+1.1.0 / 2014-04-24
+==================
+
+ * Accept options directly to `send` module
+ * deps: send@0.3.0
+
+1.0.4 / 2014-04-07
+==================
+
+ * Resolve relative paths at middleware setup
+ * Use parseurl to parse the URL from request
+
+1.0.3 / 2014-03-20
+==================
+
+ * Do not rely on connect-like environments
+
+1.0.2 / 2014-03-06
+==================
+
+ * deps: send@0.2.0
+
+1.0.1 / 2014-03-05
+==================
+
+ * Add mime export for back-compat
+
+1.0.0 / 2014-03-05
+==================
+
+ * Genesis from `connect`
diff --git a/node_modules/serve-static/LICENSE b/node_modules/serve-static/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..cbe62e8e7f20b6aa70e4d138b1503837ae4e5f95
--- /dev/null
+++ b/node_modules/serve-static/LICENSE
@@ -0,0 +1,25 @@
+(The MIT License)
+
+Copyright (c) 2010 Sencha Inc.
+Copyright (c) 2011 LearnBoost
+Copyright (c) 2011 TJ Holowaychuk
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/serve-static/README.md b/node_modules/serve-static/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..262d944ab7510ecb39b47055189a92793c94aa26
--- /dev/null
+++ b/node_modules/serve-static/README.md
@@ -0,0 +1,257 @@
+# serve-static
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+[![Windows Build][appveyor-image]][appveyor-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install serve-static
+```
+
+## API
+
+```js
+var serveStatic = require('serve-static')
+```
+
+### serveStatic(root, options)
+
+Create a new middleware function to serve files from within a given root
+directory. The file to serve will be determined by combining `req.url`
+with the provided root directory. When a file is not found, instead of
+sending a 404 response, this module will instead call `next()` to move on
+to the next middleware, allowing for stacking and fall-backs.
+
+#### Options
+
+##### acceptRanges
+
+Enable or disable accepting ranged requests, defaults to true.
+Disabling this will not send `Accept-Ranges` and ignore the contents
+of the `Range` request header.
+
+##### cacheControl
+
+Enable or disable setting `Cache-Control` response header, defaults to
+true. Disabling this will ignore the `immutable` and `maxAge` options.
+
+##### dotfiles
+
+ Set how "dotfiles" are treated when encountered. A dotfile is a file
+or directory that begins with a dot ("."). Note this check is done on
+the path itself without checking if the path actually exists on the
+disk. If `root` is specified, only the dotfiles above the root are
+checked (i.e. the root itself can be within a dotfile when set
+to "deny").
+
+ - `'allow'` No special treatment for dotfiles.
+ - `'deny'` Deny a request for a dotfile and 403/`next()`.
+ - `'ignore'` Pretend like the dotfile does not exist and 404/`next()`.
+
+The default value is similar to `'ignore'`, with the exception that this
+default will not ignore the files within a directory that begins with a dot.
+
+##### etag
+
+Enable or disable etag generation, defaults to true.
+
+##### extensions
+
+Set file extension fallbacks. When set, if a file is not found, the given
+extensions will be added to the file name and search for. The first that
+exists will be served. Example: `['html', 'htm']`.
+
+The default value is `false`.
+
+##### fallthrough
+
+Set the middleware to have client errors fall-through as just unhandled
+requests, otherwise forward a client error. The difference is that client
+errors like a bad request or a request to a non-existent file will cause
+this middleware to simply `next()` to your next middleware when this value
+is `true`. When this value is `false`, these errors (even 404s), will invoke
+`next(err)`.
+
+Typically `true` is desired such that multiple physical directories can be
+mapped to the same web address or for routes to fill in non-existent files.
+
+The value `false` can be used if this middleware is mounted at a path that
+is designed to be strictly a single file system directory, which allows for
+short-circuiting 404s for less overhead. This middleware will also reply to
+all methods.
+
+The default value is `true`.
+
+##### immutable
+
+Enable or disable the `immutable` directive in the `Cache-Control` response
+header, defaults to `false`. If set to `true`, the `maxAge` option should
+also be specified to enable caching. The `immutable` directive will prevent
+supported clients from making conditional requests during the life of the
+`maxAge` option to check if the file has changed.
+
+##### index
+
+By default this module will send "index.html" files in response to a request
+on a directory. To disable this set `false` or to supply a new index pass a
+string or an array in preferred order.
+
+##### lastModified
+
+Enable or disable `Last-Modified` header, defaults to true. Uses the file
+system's last modified value.
+
+##### maxAge
+
+Provide a max-age in milliseconds for http caching, defaults to 0. This
+can also be a string accepted by the [ms](https://www.npmjs.org/package/ms#readme)
+module.
+
+##### redirect
+
+Redirect to trailing "/" when the pathname is a dir. Defaults to `true`.
+
+##### setHeaders
+
+Function to set custom headers on response. Alterations to the headers need to
+occur synchronously. The function is called as `fn(res, path, stat)`, where
+the arguments are:
+
+ - `res` the response object
+ - `path` the file path that is being sent
+ - `stat` the stat object of the file that is being sent
+
+## Examples
+
+### Serve files with vanilla node.js http server
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+// Serve up public/ftp folder
+var serve = serveStatic('public/ftp', { index: ['index.html', 'index.htm'] })
+
+// Create server
+var server = http.createServer(function onRequest (req, res) {
+ serve(req, res, finalhandler(req, res))
+})
+
+// Listen
+server.listen(3000)
+```
+
+### Serve all files as downloads
+
+```js
+var contentDisposition = require('content-disposition')
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+// Serve up public/ftp folder
+var serve = serveStatic('public/ftp', {
+ index: false,
+ setHeaders: setHeaders
+})
+
+// Set header to force download
+function setHeaders (res, path) {
+ res.setHeader('Content-Disposition', contentDisposition(path))
+}
+
+// Create server
+var server = http.createServer(function onRequest (req, res) {
+ serve(req, res, finalhandler(req, res))
+})
+
+// Listen
+server.listen(3000)
+```
+
+### Serving using express
+
+#### Simple
+
+This is a simple example of using Express.
+
+```js
+var express = require('express')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic('public/ftp', { index: ['default.html', 'default.htm'] }))
+app.listen(3000)
+```
+
+#### Multiple roots
+
+This example shows a simple way to search through multiple directories.
+Files are searched for in `public-optimized/` first, then `public/` second
+as a fallback.
+
+```js
+var express = require('express')
+var path = require('path')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic(path.join(__dirname, 'public-optimized')))
+app.use(serveStatic(path.join(__dirname, 'public')))
+app.listen(3000)
+```
+
+#### Different settings for paths
+
+This example shows how to set a different max age depending on the served
+file type. In this example, HTML files are not cached, while everything else
+is for 1 day.
+
+```js
+var express = require('express')
+var path = require('path')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic(path.join(__dirname, 'public'), {
+ maxAge: '1d',
+ setHeaders: setCustomCacheControl
+}))
+
+app.listen(3000)
+
+function setCustomCacheControl (res, path) {
+ if (serveStatic.mime.lookup(path) === 'text/html') {
+ // Custom Cache-Control for HTML files
+ res.setHeader('Cache-Control', 'public, max-age=0')
+ }
+}
+```
+
+## License
+
+[MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/serve-static/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/serve-static
+[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/serve-static/master
+[coveralls-url]: https://coveralls.io/r/expressjs/serve-static?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/serve-static/master?label=linux
+[github-actions-ci-url]: https://github.com/expressjs/serve-static/actions/workflows/ci.yml
+[node-image]: https://badgen.net/npm/node/serve-static
+[node-url]: https://nodejs.org/en/download/
+[npm-downloads-image]: https://badgen.net/npm/dm/serve-static
+[npm-url]: https://npmjs.org/package/serve-static
+[npm-version-image]: https://badgen.net/npm/v/serve-static
diff --git a/node_modules/serve-static/index.js b/node_modules/serve-static/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..3f3e64e9eaad83c4638b1a458ecfa6c49a6bebc1
--- /dev/null
+++ b/node_modules/serve-static/index.js
@@ -0,0 +1,209 @@
+/*!
+ * serve-static
+ * Copyright(c) 2010 Sencha Inc.
+ * Copyright(c) 2011 TJ Holowaychuk
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var parseUrl = require('parseurl')
+var resolve = require('path').resolve
+var send = require('send')
+var url = require('url')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = serveStatic
+module.exports.mime = send.mime
+
+/**
+ * @param {string} root
+ * @param {object} [options]
+ * @return {function}
+ * @public
+ */
+
+function serveStatic (root, options) {
+ if (!root) {
+ throw new TypeError('root path required')
+ }
+
+ if (typeof root !== 'string') {
+ throw new TypeError('root path must be a string')
+ }
+
+ // copy options object
+ var opts = Object.create(options || null)
+
+ // fall-though
+ var fallthrough = opts.fallthrough !== false
+
+ // default redirect
+ var redirect = opts.redirect !== false
+
+ // headers listener
+ var setHeaders = opts.setHeaders
+
+ if (setHeaders && typeof setHeaders !== 'function') {
+ throw new TypeError('option setHeaders must be function')
+ }
+
+ // setup options for send
+ opts.maxage = opts.maxage || opts.maxAge || 0
+ opts.root = resolve(root)
+
+ // construct directory listener
+ var onDirectory = redirect
+ ? createRedirectDirectoryListener()
+ : createNotFoundDirectoryListener()
+
+ return function serveStatic (req, res, next) {
+ if (req.method !== 'GET' && req.method !== 'HEAD') {
+ if (fallthrough) {
+ return next()
+ }
+
+ // method not allowed
+ res.statusCode = 405
+ res.setHeader('Allow', 'GET, HEAD')
+ res.setHeader('Content-Length', '0')
+ res.end()
+ return
+ }
+
+ var forwardError = !fallthrough
+ var originalUrl = parseUrl.original(req)
+ var path = parseUrl(req).pathname
+
+ // make sure redirect occurs at mount
+ if (path === '/' && originalUrl.pathname.substr(-1) !== '/') {
+ path = ''
+ }
+
+ // create send stream
+ var stream = send(req, path, opts)
+
+ // add directory handler
+ stream.on('directory', onDirectory)
+
+ // add headers listener
+ if (setHeaders) {
+ stream.on('headers', setHeaders)
+ }
+
+ // add file listener for fallthrough
+ if (fallthrough) {
+ stream.on('file', function onFile () {
+ // once file is determined, always forward error
+ forwardError = true
+ })
+ }
+
+ // forward errors
+ stream.on('error', function error (err) {
+ if (forwardError || !(err.statusCode < 500)) {
+ next(err)
+ return
+ }
+
+ next()
+ })
+
+ // pipe
+ stream.pipe(res)
+ }
+}
+
+/**
+ * Collapse all leading slashes into a single slash
+ * @private
+ */
+function collapseLeadingSlashes (str) {
+ for (var i = 0; i < str.length; i++) {
+ if (str.charCodeAt(i) !== 0x2f /* / */) {
+ break
+ }
+ }
+
+ return i > 1
+ ? '/' + str.substr(i)
+ : str
+}
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} title
+ * @param {string} body
+ * @private
+ */
+
+function createHtmlDocument (title, body) {
+ return '<!DOCTYPE html>\n' +
+ '<html lang="en">\n' +
+ '<head>\n' +
+ '<meta charset="utf-8">\n' +
+ '<title>' + title + '</title>\n' +
+ '</head>\n' +
+ '<body>\n' +
+ '<pre>' + body + '</pre>\n' +
+ '</body>\n' +
+ '</html>\n'
+}
+
+/**
+ * Create a directory listener that just 404s.
+ * @private
+ */
+
+function createNotFoundDirectoryListener () {
+ return function notFound () {
+ this.error(404)
+ }
+}
+
+/**
+ * Create a directory listener that performs a redirect.
+ * @private
+ */
+
+function createRedirectDirectoryListener () {
+ return function redirect (res) {
+ if (this.hasTrailingSlash()) {
+ this.error(404)
+ return
+ }
+
+ // get original URL
+ var originalUrl = parseUrl.original(this.req)
+
+ // append trailing slash
+ originalUrl.path = null
+ originalUrl.pathname = collapseLeadingSlashes(originalUrl.pathname + '/')
+
+ // reformat the URL
+ var loc = encodeUrl(url.format(originalUrl))
+ var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
+
+ // send redirect response
+ res.statusCode = 301
+ res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+ res.setHeader('Content-Length', Buffer.byteLength(doc))
+ res.setHeader('Content-Security-Policy', "default-src 'none'")
+ res.setHeader('X-Content-Type-Options', 'nosniff')
+ res.setHeader('Location', loc)
+ res.end(doc)
+ }
+}
diff --git a/node_modules/serve-static/package.json b/node_modules/serve-static/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..49d7542351e8f02de0439c66bd2ff3cd1ffd6299
--- /dev/null
+++ b/node_modules/serve-static/package.json
@@ -0,0 +1,42 @@
+{
+ "name": "serve-static",
+ "description": "Serve static files",
+ "version": "1.16.2",
+ "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "license": "MIT",
+ "repository": "expressjs/serve-static",
+ "dependencies": {
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "parseurl": "~1.3.3",
+ "send": "0.19.0"
+ },
+ "devDependencies": {
+ "eslint": "7.32.0",
+ "eslint-config-standard": "14.1.1",
+ "eslint-plugin-import": "2.25.4",
+ "eslint-plugin-markdown": "2.2.1",
+ "eslint-plugin-node": "11.1.0",
+ "eslint-plugin-promise": "5.2.0",
+ "eslint-plugin-standard": "4.1.0",
+ "mocha": "9.2.2",
+ "nyc": "15.1.0",
+ "safe-buffer": "5.2.1",
+ "supertest": "6.2.2"
+ },
+ "files": [
+ "LICENSE",
+ "HISTORY.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8.0"
+ },
+ "scripts": {
+ "lint": "eslint .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+ "test-cov": "nyc --reporter=html --reporter=text npm test",
+ "version": "node scripts/version-history.js && git add HISTORY.md"
+ }
+}
diff --git a/node_modules/utils-merge/.npmignore b/node_modules/utils-merge/.npmignore
new file mode 100644
index 0000000000000000000000000000000000000000..3e53844186447e50779e1a5d63835e7fb7b134ce
--- /dev/null
+++ b/node_modules/utils-merge/.npmignore
@@ -0,0 +1,9 @@
+CONTRIBUTING.md
+Makefile
+docs/
+examples/
+reports/
+test/
+
+.jshintrc
+.travis.yml
diff --git a/node_modules/utils-merge/LICENSE b/node_modules/utils-merge/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..76f6d083db5f4d381a91b89f6ff437e10d1a0fb8
--- /dev/null
+++ b/node_modules/utils-merge/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013-2017 Jared Hanson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/utils-merge/README.md b/node_modules/utils-merge/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..0cb71171255f78b087185dba6e09f7bb6a74dd98
--- /dev/null
+++ b/node_modules/utils-merge/README.md
@@ -0,0 +1,34 @@
+# utils-merge
+
+[](https://www.npmjs.com/package/utils-merge)
+[](https://travis-ci.org/jaredhanson/utils-merge)
+[](https://codeclimate.com/github/jaredhanson/utils-merge)
+[](https://coveralls.io/r/jaredhanson/utils-merge)
+[](https://david-dm.org/jaredhanson/utils-merge)
+
+
+Merges the properties from a source object into a destination object.
+
+## Install
+
+```bash
+$ npm install utils-merge
+```
+
+## Usage
+
+```javascript
+var a = { foo: 'bar' }
+ , b = { bar: 'baz' };
+
+merge(a, b);
+// => { foo: 'bar', bar: 'baz' }
+```
+
+## License
+
+[The MIT License](http://opensource.org/licenses/MIT)
+
+Copyright (c) 2013-2017 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>
+
+<a target='_blank' rel='nofollow' href='https://app.codesponsor.io/link/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge'> <img alt='Sponsor' width='888' height='68' src='https://app.codesponsor.io/embed/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge.svg' /></a>
diff --git a/node_modules/utils-merge/index.js b/node_modules/utils-merge/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..4265c694fec6f4eb174612ee434c3ab7da8e40fa
--- /dev/null
+++ b/node_modules/utils-merge/index.js
@@ -0,0 +1,23 @@
+/**
+ * Merge object b with object a.
+ *
+ * var a = { foo: 'bar' }
+ * , b = { bar: 'baz' };
+ *
+ * merge(a, b);
+ * // => { foo: 'bar', bar: 'baz' }
+ *
+ * @param {Object} a
+ * @param {Object} b
+ * @return {Object}
+ * @api public
+ */
+
+exports = module.exports = function(a, b){
+ if (a && b) {
+ for (var key in b) {
+ a[key] = b[key];
+ }
+ }
+ return a;
+};
diff --git a/node_modules/utils-merge/package.json b/node_modules/utils-merge/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..e36b0781c1909d7893646e532bf617fdcb73d3c0
--- /dev/null
+++ b/node_modules/utils-merge/package.json
@@ -0,0 +1,40 @@
+{
+ "name": "utils-merge",
+ "version": "1.0.1",
+ "description": "merge() utility function",
+ "keywords": [
+ "util"
+ ],
+ "author": {
+ "name": "Jared Hanson",
+ "email": "jaredhanson@gmail.com",
+ "url": "http://www.jaredhanson.net/"
+ },
+ "repository": {
+ "type": "git",
+ "url": "git://github.com/jaredhanson/utils-merge.git"
+ },
+ "bugs": {
+ "url": "http://github.com/jaredhanson/utils-merge/issues"
+ },
+ "license": "MIT",
+ "licenses": [
+ {
+ "type": "MIT",
+ "url": "http://opensource.org/licenses/MIT"
+ }
+ ],
+ "main": "./index",
+ "dependencies": {},
+ "devDependencies": {
+ "make-node": "0.3.x",
+ "mocha": "1.x.x",
+ "chai": "1.x.x"
+ },
+ "engines": {
+ "node": ">= 0.4.0"
+ },
+ "scripts": {
+ "test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js"
+ }
+}
diff --git a/node_modules/vary/HISTORY.md b/node_modules/vary/HISTORY.md
new file mode 100644
index 0000000000000000000000000000000000000000..f6cbcf7f9be9d45391c5e4e14d02541f59087351
--- /dev/null
+++ b/node_modules/vary/HISTORY.md
@@ -0,0 +1,39 @@
+1.1.2 / 2017-09-23
+==================
+
+ * perf: improve header token parsing speed
+
+1.1.1 / 2017-03-20
+==================
+
+ * perf: hoist regular expression
+
+1.1.0 / 2015-09-29
+==================
+
+ * Only accept valid field names in the `field` argument
+ - Ensures the resulting string is a valid HTTP header value
+
+1.0.1 / 2015-07-08
+==================
+
+ * Fix setting empty header from empty `field`
+ * perf: enable strict mode
+ * perf: remove argument reassignments
+
+1.0.0 / 2014-08-10
+==================
+
+ * Accept valid `Vary` header string as `field`
+ * Add `vary.append` for low-level string manipulation
+ * Move to `jshttp` orgainzation
+
+0.1.0 / 2014-06-05
+==================
+
+ * Support array of fields to set
+
+0.0.0 / 2014-06-04
+==================
+
+ * Initial release
diff --git a/node_modules/vary/LICENSE b/node_modules/vary/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..84441fbb5709262c2bfc9b5ff0166ad4f024a1b8
--- /dev/null
+++ b/node_modules/vary/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/node_modules/vary/README.md b/node_modules/vary/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..cc000b34684a1d0b03d4c4cb4fac3e1094a81eec
--- /dev/null
+++ b/node_modules/vary/README.md
@@ -0,0 +1,101 @@
+# vary
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Manipulate the HTTP Vary header
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install vary
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var vary = require('vary')
+```
+
+### vary(res, field)
+
+Adds the given header `field` to the `Vary` response header of `res`.
+This can be a string of a single field, a string of a valid `Vary`
+header, or an array of multiple fields.
+
+This will append the header if not already listed, otherwise leaves
+it listed in the current location.
+
+<!-- eslint-disable no-undef -->
+
+```js
+// Append "Origin" to the Vary header of the response
+vary(res, 'Origin')
+```
+
+### vary.append(header, field)
+
+Adds the given header `field` to the `Vary` response header string `header`.
+This can be a string of a single field, a string of a valid `Vary` header,
+or an array of multiple fields.
+
+This will append the header if not already listed, otherwise leaves
+it listed in the current location. The new header string is returned.
+
+<!-- eslint-disable no-undef -->
+
+```js
+// Get header string appending "Origin" to "Accept, User-Agent"
+vary.append('Accept, User-Agent', 'Origin')
+```
+
+## Examples
+
+### Updating the Vary header when content is based on it
+
+```js
+var http = require('http')
+var vary = require('vary')
+
+http.createServer(function onRequest (req, res) {
+ // about to user-agent sniff
+ vary(res, 'User-Agent')
+
+ var ua = req.headers['user-agent'] || ''
+ var isMobile = /mobi|android|touch|mini/i.test(ua)
+
+ // serve site, depending on isMobile
+ res.setHeader('Content-Type', 'text/html')
+ res.end('You are (probably) ' + (isMobile ? '' : 'not ') + 'a mobile user')
+})
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/vary.svg
+[npm-url]: https://npmjs.org/package/vary
+[node-version-image]: https://img.shields.io/node/v/vary.svg
+[node-version-url]: https://nodejs.org/en/download
+[travis-image]: https://img.shields.io/travis/jshttp/vary/master.svg
+[travis-url]: https://travis-ci.org/jshttp/vary
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/vary/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/vary
+[downloads-image]: https://img.shields.io/npm/dm/vary.svg
+[downloads-url]: https://npmjs.org/package/vary
diff --git a/node_modules/vary/index.js b/node_modules/vary/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..5b5e741279d4b800b0c408c5efbac8de6ece450b
--- /dev/null
+++ b/node_modules/vary/index.js
@@ -0,0 +1,149 @@
+/*!
+ * vary
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ */
+
+module.exports = vary
+module.exports.append = append
+
+/**
+ * RegExp to match field-name in RFC 7230 sec 3.2
+ *
+ * field-name = token
+ * token = 1*tchar
+ * tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
+ * / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
+ * / DIGIT / ALPHA
+ * ; any VCHAR, except delimiters
+ */
+
+var FIELD_NAME_REGEXP = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/
+
+/**
+ * Append a field to a vary header.
+ *
+ * @param {String} header
+ * @param {String|Array} field
+ * @return {String}
+ * @public
+ */
+
+function append (header, field) {
+ if (typeof header !== 'string') {
+ throw new TypeError('header argument is required')
+ }
+
+ if (!field) {
+ throw new TypeError('field argument is required')
+ }
+
+ // get fields array
+ var fields = !Array.isArray(field)
+ ? parse(String(field))
+ : field
+
+ // assert on invalid field names
+ for (var j = 0; j < fields.length; j++) {
+ if (!FIELD_NAME_REGEXP.test(fields[j])) {
+ throw new TypeError('field argument contains an invalid header name')
+ }
+ }
+
+ // existing, unspecified vary
+ if (header === '*') {
+ return header
+ }
+
+ // enumerate current values
+ var val = header
+ var vals = parse(header.toLowerCase())
+
+ // unspecified vary
+ if (fields.indexOf('*') !== -1 || vals.indexOf('*') !== -1) {
+ return '*'
+ }
+
+ for (var i = 0; i < fields.length; i++) {
+ var fld = fields[i].toLowerCase()
+
+ // append value (case-preserving)
+ if (vals.indexOf(fld) === -1) {
+ vals.push(fld)
+ val = val
+ ? val + ', ' + fields[i]
+ : fields[i]
+ }
+ }
+
+ return val
+}
+
+/**
+ * Parse a vary header into an array.
+ *
+ * @param {String} header
+ * @return {Array}
+ * @private
+ */
+
+function parse (header) {
+ var end = 0
+ var list = []
+ var start = 0
+
+ // gather tokens
+ for (var i = 0, len = header.length; i < len; i++) {
+ switch (header.charCodeAt(i)) {
+ case 0x20: /* */
+ if (start === end) {
+ start = end = i + 1
+ }
+ break
+ case 0x2c: /* , */
+ list.push(header.substring(start, end))
+ start = end = i + 1
+ break
+ default:
+ end = i + 1
+ break
+ }
+ }
+
+ // final token
+ list.push(header.substring(start, end))
+
+ return list
+}
+
+/**
+ * Mark that a request is varied on a header field.
+ *
+ * @param {Object} res
+ * @param {String|Array} field
+ * @public
+ */
+
+function vary (res, field) {
+ if (!res || !res.getHeader || !res.setHeader) {
+ // quack quack
+ throw new TypeError('res argument is required')
+ }
+
+ // get existing header
+ var val = res.getHeader('Vary') || ''
+ var header = Array.isArray(val)
+ ? val.join(', ')
+ : String(val)
+
+ // set new header
+ if ((val = append(header, field))) {
+ res.setHeader('Vary', val)
+ }
+}
diff --git a/node_modules/vary/package.json b/node_modules/vary/package.json
new file mode 100644
index 0000000000000000000000000000000000000000..028f72a93c5153af4163764face616d0ccb7a7b8
--- /dev/null
+++ b/node_modules/vary/package.json
@@ -0,0 +1,43 @@
+{
+ "name": "vary",
+ "description": "Manipulate the HTTP Vary header",
+ "version": "1.1.2",
+ "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+ "license": "MIT",
+ "keywords": [
+ "http",
+ "res",
+ "vary"
+ ],
+ "repository": "jshttp/vary",
+ "devDependencies": {
+ "beautify-benchmark": "0.2.4",
+ "benchmark": "2.1.4",
+ "eslint": "3.19.0",
+ "eslint-config-standard": "10.2.1",
+ "eslint-plugin-import": "2.7.0",
+ "eslint-plugin-markdown": "1.0.0-beta.6",
+ "eslint-plugin-node": "5.1.1",
+ "eslint-plugin-promise": "3.5.0",
+ "eslint-plugin-standard": "3.0.1",
+ "istanbul": "0.4.5",
+ "mocha": "2.5.3",
+ "supertest": "1.1.0"
+ },
+ "files": [
+ "HISTORY.md",
+ "LICENSE",
+ "README.md",
+ "index.js"
+ ],
+ "engines": {
+ "node": ">= 0.8"
+ },
+ "scripts": {
+ "bench": "node benchmark/index.js",
+ "lint": "eslint --plugin markdown --ext js,md .",
+ "test": "mocha --reporter spec --bail --check-leaks test/",
+ "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+ "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+ }
+}
diff --git a/package-lock.json b/package-lock.json
index 47069af12d90b9eb5dc6ec7a5ee10d7a1492a7a6..0745d85c79129e66d422d58419429083dd98c6c3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
"bcryptjs": "^3.0.2",
"body-parser": "^1.20.3",
"dotenv": "^16.4.7",
+ "express": "^4.21.2",
"express-session": "^1.18.1",
"mysql2": "^3.13.0"
}
@@ -41,6 +42,18 @@
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
"integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
},
+ "node_modules/accepts": {
+ "version": "1.3.8",
+ "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+ "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+ "dependencies": {
+ "mime-types": "~2.1.34",
+ "negotiator": "0.6.3"
+ },
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/agent-base": {
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
@@ -99,6 +112,11 @@
"node": ">=10"
}
},
+ "node_modules/array-flatten": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+ "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+ },
"node_modules/aws-ssl-profiles": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/aws-ssl-profiles/-/aws-ssl-profiles-1.1.2.tgz",
@@ -226,6 +244,17 @@
"resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
"integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ=="
},
+ "node_modules/content-disposition": {
+ "version": "0.5.4",
+ "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+ "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+ "dependencies": {
+ "safe-buffer": "5.2.1"
+ },
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/content-type": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
@@ -327,6 +356,14 @@
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
},
+ "node_modules/encodeurl": {
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+ "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/es-define-property": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
@@ -354,6 +391,64 @@
"node": ">= 0.4"
}
},
+ "node_modules/escape-html": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+ "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+ },
+ "node_modules/etag": {
+ "version": "1.8.1",
+ "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+ "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/express": {
+ "version": "4.21.2",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+ "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+ "dependencies": {
+ "accepts": "~1.3.8",
+ "array-flatten": "1.1.1",
+ "body-parser": "1.20.3",
+ "content-disposition": "0.5.4",
+ "content-type": "~1.0.4",
+ "cookie": "0.7.1",
+ "cookie-signature": "1.0.6",
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "finalhandler": "1.3.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "merge-descriptors": "1.0.3",
+ "methods": "~1.1.2",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "path-to-regexp": "0.1.12",
+ "proxy-addr": "~2.0.7",
+ "qs": "6.13.0",
+ "range-parser": "~1.2.1",
+ "safe-buffer": "5.2.1",
+ "send": "0.19.0",
+ "serve-static": "1.16.2",
+ "setprototypeof": "1.2.0",
+ "statuses": "2.0.1",
+ "type-is": "~1.6.18",
+ "utils-merge": "1.0.1",
+ "vary": "~1.1.2"
+ },
+ "engines": {
+ "node": ">= 0.10.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express"
+ }
+ },
"node_modules/express-session": {
"version": "1.18.1",
"resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.1.tgz",
@@ -372,6 +467,52 @@
"node": ">= 0.8.0"
}
},
+ "node_modules/express/node_modules/cookie": {
+ "version": "0.7.1",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+ "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/express/node_modules/cookie-signature": {
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+ "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
+ },
+ "node_modules/finalhandler": {
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+ "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
+ "dependencies": {
+ "debug": "2.6.9",
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "on-finished": "2.4.1",
+ "parseurl": "~1.3.3",
+ "statuses": "2.0.1",
+ "unpipe": "~1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
+ "node_modules/forwarded": {
+ "version": "0.2.0",
+ "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+ "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/fresh": {
+ "version": "0.5.2",
+ "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+ "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/fs-minipass": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
@@ -602,6 +743,14 @@
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
},
+ "node_modules/ipaddr.js": {
+ "version": "1.9.1",
+ "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+ "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+ "engines": {
+ "node": ">= 0.10"
+ }
+ },
"node_modules/is-fullwidth-code-point": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
@@ -680,6 +829,33 @@
"node": ">= 0.6"
}
},
+ "node_modules/merge-descriptors": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+ "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
+ "node_modules/methods": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+ "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
+ "node_modules/mime": {
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+ "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+ "bin": {
+ "mime": "cli.js"
+ },
+ "engines": {
+ "node": ">=4"
+ }
+ },
"node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -798,6 +974,14 @@
"node": ">=12.0.0"
}
},
+ "node_modules/negotiator": {
+ "version": "0.6.3",
+ "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+ "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/node-addon-api": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.1.0.tgz",
@@ -910,6 +1094,23 @@
"node": ">=0.10.0"
}
},
+ "node_modules/path-to-regexp": {
+ "version": "0.1.12",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+ "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
+ },
+ "node_modules/proxy-addr": {
+ "version": "2.0.7",
+ "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+ "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+ "dependencies": {
+ "forwarded": "0.2.0",
+ "ipaddr.js": "1.9.1"
+ },
+ "engines": {
+ "node": ">= 0.10"
+ }
+ },
"node_modules/qs": {
"version": "6.13.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
@@ -932,6 +1133,14 @@
"node": ">= 0.8"
}
},
+ "node_modules/range-parser": {
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+ "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+ "engines": {
+ "node": ">= 0.6"
+ }
+ },
"node_modules/raw-body": {
"version": "2.5.2",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
@@ -1009,11 +1218,61 @@
"node": ">=10"
}
},
+ "node_modules/send": {
+ "version": "0.19.0",
+ "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+ "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
+ "dependencies": {
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "destroy": "1.2.0",
+ "encodeurl": "~1.0.2",
+ "escape-html": "~1.0.3",
+ "etag": "~1.8.1",
+ "fresh": "0.5.2",
+ "http-errors": "2.0.0",
+ "mime": "1.6.0",
+ "ms": "2.1.3",
+ "on-finished": "2.4.1",
+ "range-parser": "~1.2.1",
+ "statuses": "2.0.1"
+ },
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
+ "node_modules/send/node_modules/encodeurl": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
+ "node_modules/send/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+ },
"node_modules/seq-queue": {
"version": "0.0.5",
"resolved": "https://registry.npmjs.org/seq-queue/-/seq-queue-0.0.5.tgz",
"integrity": "sha512-hr3Wtp/GZIc/6DAGPDcV4/9WoZhjrkXsi5B/07QgX8tsdc6ilr7BFM6PM6rbdAX1kFSDYeZGLipIZZKyQP0O5Q=="
},
+ "node_modules/serve-static": {
+ "version": "1.16.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+ "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
+ "dependencies": {
+ "encodeurl": "~2.0.0",
+ "escape-html": "~1.0.3",
+ "parseurl": "~1.3.3",
+ "send": "0.19.0"
+ },
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
"node_modules/set-blocking": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -1210,6 +1469,22 @@
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
},
+ "node_modules/utils-merge": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+ "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+ "engines": {
+ "node": ">= 0.4.0"
+ }
+ },
+ "node_modules/vary": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+ "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/webidl-conversions": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
diff --git a/package.json b/package.json
index 9ccebcc1995e9a482c5c877e66595bb69d67f5fa..87a42b7b39447640705923c418314f7f5088f587 100644
--- a/package.json
+++ b/package.json
@@ -15,6 +15,7 @@
"bcryptjs": "^3.0.2",
"body-parser": "^1.20.3",
"dotenv": "^16.4.7",
+ "express": "^4.21.2",
"express-session": "^1.18.1",
"mysql2": "^3.13.0"
}