chore(deps): lock file maintenance

integration/backend/auth/local.test.ts

@@ -9,7 +9,7 @@ describe('/api/auth/local', () => {
 
     const response = await fetch(`${origin}/api/auth/local`, { method: 'POST' })
     assert.strictEqual(response.status, 404)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     assert.deepStrictEqual(await response.json(), { error: 'Not Found' })
   })
 
@@ -45,7 +45,7 @@ describe('/api/auth/local', () => {
       })
       assert.strictEqual(response.status, 400)
       // TODO respond with JSON instead of plain text
-      assert.strictEqual(response.headers.get('Content-Type'), 'text/plain; charset=utf-8')
+      assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'text/plain; charset=utf-8')
       assert.strictEqual(await response.text(), 'Bad Request')
     }
   })
@@ -82,7 +82,7 @@ describe('/api/auth/local', () => {
       })
       assert.strictEqual(response.status, 401)
       // TODO respond with JSON instead of plain text
-      assert.strictEqual(response.headers.get('Content-Type'), 'text/plain; charset=utf-8')
+      assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'text/plain; charset=utf-8')
       assert.deepStrictEqual(await response.text(), 'Unauthorized')
     }
   })
@@ -110,7 +110,7 @@ describe('/api/auth/local', () => {
       body: '{"username":"test-user","password":"test-password"}'
     })
     assert.strictEqual(response.status, 200)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     // TODO set SameSite=Strict
     const setCookie = response.headers.getSetCookie()
     assert.ok(setCookie.length === 1)

integration/backend/auth/logout.test.ts

@@ -10,7 +10,7 @@ describe('/api/auth/logout', () => {
     // Note: This sets a cookie, but its contents indicate a missing session.
     const response = await fetch(`${origin}/api/auth/logout`, { method: 'POST' })
     assert.strictEqual(response.status, 200)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     // TODO set SameSite=Strict
     const setCookie = response.headers.getSetCookie()
     assert.ok(setCookie.length === 1)
@@ -63,7 +63,7 @@ describe('/api/auth/logout', () => {
       headers: { Cookie: `session=${session}` }
     })
     assert.strictEqual(logoutResponse.status, 200)
-    assert.strictEqual(logoutResponse.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(logoutResponse.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     // TODO set SameSite=Strict
     const setCookie = logoutResponse.headers.getSetCookie()
     assert.ok(setCookie.length === 1)

integration/backend/auth/me.test.ts

@@ -9,7 +9,7 @@ describe('/api/auth/me', () => {
 
     const response = await fetch(`${origin}/api/auth/me`, { method: 'GET' })
     assert.strictEqual(response.status, 403)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     assert.deepStrictEqual(await response.json(), { error: 'Forbidden' })
   })
 })

integration/backend/auth/strategies.test.ts

@@ -9,7 +9,7 @@ describe('/api/auth/strategies', () => {
 
     const response = await fetch(`${origin}/api/auth/strategies`, { method: 'GET' })
     assert.strictEqual(response.status, 200)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
 
     const strategies = await response.json()
     assert.deepStrictEqual(strategies, [])
@@ -34,7 +34,7 @@ describe('/api/auth/strategies', () => {
 
     const response = await fetch(`${origin}/api/auth/strategies`, { method: 'GET' })
     assert.strictEqual(response.status, 200)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
 
     const strategies = await response.json()
     assert.deepStrictEqual(strategies, ['local'])

integration/backend/trigger.test.ts

@@ -9,7 +9,7 @@ describe('/api/trigger', () => {
 
     const response = await fetch(`${origin}/api/trigger`, { method: 'POST' })
     assert.strictEqual(response.status, 403)
-    assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+    assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
     assert.deepStrictEqual(await response.json(), { error: 'Forbidden' })
   })
 })

integration/frontend.test.ts

@@ -16,12 +16,12 @@ describe('frontend', () => {
 
       // should set proper headers
       const { headers } = getResponse
-      assert.strictEqual(headers.get('Content-Security-Policy'), "default-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'")
+      assert.strictEqual(headers.get('Content-Security-Policy'), 'default-src \'self\'; connect-src \'self\'; frame-ancestors \'none\'; base-uri \'self\'; form-action \'self\'')
       assert.strictEqual(headers.get('X-Frame-Options'), 'DENY')
       assert.strictEqual(headers.get('X-Content-Type-Options'), 'nosniff')
       assert.strictEqual(headers.get('Referrer-Policy'), 'no-referrer')
       assert.strictEqual(headers.get('Cache-Control'), 'public, max-age=0')
-      assert.strictEqual(headers.get('Content-Type'), 'text/html; charset=UTF-8')
+      assert.strictEqual(headers.get('Content-Type')?.toLowerCase(), 'text/html; charset=utf-8')
 
       // should also respond to HEAD requests
       const headResponse = await fetch(`${origin}${path}`, { method: 'HEAD' })
@@ -59,11 +59,11 @@ describe('frontend', () => {
 
     const text = await response.text()
 
-    const stylesheet = text.match(/<link[^>]*\shref="([^"]+)"/i)
+    const stylesheet = /<link[^>]*\shref="([^"]+)"/i.exec(text)
     assert.ok(stylesheet)
     assert.match(stylesheet[1], /^\/assets\/index-.+\.css$/)
 
-    const script = text.match(/<script[^>]*\ssrc="([^"]+)"/i)
+    const script = /<script[^>]*\ssrc="([^"]+)"/i.exec(text)
     assert.ok(script)
     assert.match(script[1], /^\/assets\/index-.+\.js$/)
   })
@@ -77,7 +77,7 @@ describe('frontend', () => {
 
     const robots = await fetch(`${origin}/robots.txt`)
     assert.strictEqual(robots.status, 200)
-    assert.strictEqual(robots.headers.get('Content-Type'), 'text/plain; charset=UTF-8')
+    assert.strictEqual(robots.headers.get('Content-Type')?.toLowerCase(), 'text/plain; charset=utf-8')
     assert.strictEqual(await robots.text(), 'User-agent: *\nDisallow: /\n')
 
     const webmanifest = await fetch(`${origin}/assets/manifest.webmanifest`)
@@ -92,7 +92,7 @@ describe('frontend', () => {
       for (const path of ['/', '/index.html', '/foo', '/foo/bar', '/assets/favicon.ico']) {
         const response = await fetch(`${origin}${path}`, { method })
         assert.strictEqual(response.status, 404)
-        assert.strictEqual(response.headers.get('Content-Type'), 'application/json; charset=utf-8')
+        assert.strictEqual(response.headers.get('Content-Type')?.toLowerCase(), 'application/json; charset=utf-8')
         assert.deepStrictEqual(await response.json(), { error: 'Not Found' })
       }
     }