Bump qs from 6.14.1 to 6.15.2

Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.15.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

apps/yaak-client/components/core/Input.tsx

@@ -290,7 +290,7 @@ function BaseInput({
         <HStack
           className={classNames(
             inputWrapperClassName,
-            "w-full min-w-0 px-2",
+            "flex-1 min-w-0 px-2",
             fullHeight && "h-full",
             leftSlot ? "pl-0.5 -ml-2" : null,
             rightSlot ? "pr-0.5 -mr-2" : null,

apps/yaak-client/package.json

@@ -98,7 +98,7 @@
     "babel-plugin-react-compiler": "^1.0.0",
     "decompress": "^4.2.1",
     "internal-ip": "^8.0.0",
-    "postcss": "^8.5.6",
+    "postcss": "^8.5.14",
     "postcss-nesting": "^13.0.2",
     "rollup": "^4.60.3",
     "tailwindcss": "^3.4.17",

package-lock.json

@@ -186,7 +186,7 @@
         "babel-plugin-react-compiler": "^1.0.0",
         "decompress": "^4.2.1",
         "internal-ip": "^8.0.0",
-        "postcss": "^8.5.6",
+        "postcss": "^8.5.14",
         "postcss-nesting": "^13.0.2",
         "rollup": "^4.60.3",
         "tailwindcss": "^3.4.17",
@@ -223,6 +223,54 @@
         "node": "^18 || >=20"
       }
     },
+    "apps/yaak-client/node_modules/postcss": {
+      "version": "8.5.14",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.14.tgz",
+      "integrity": "sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "apps/yaak-client/node_modules/postcss/node_modules/nanoid": {
+      "version": "3.3.12",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+      "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
     "apps/yaak-client/node_modules/uuid": {
       "version": "14.0.0",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz",
@@ -13432,9 +13480,9 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.14.1",
+      "version": "6.15.2",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
-      "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+      "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "side-channel": "^1.1.0"
@@ -16805,9 +16853,9 @@
       "license": "ISC"
     },
     "node_modules/ws": {
-      "version": "8.19.0",
+      "version": "8.20.1",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
-      "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
       "license": "MIT",
       "engines": {
         "node": ">=10.0.0"
@@ -16919,7 +16967,7 @@
     "packages/plugin-runtime": {
       "name": "@yaakapp-internal/plugin-runtime",
       "dependencies": {
-        "ws": "^8.18.0"
+        "ws": "^8.20.1"
       },
       "devDependencies": {
         "@types/ws": "^8.5.13"

packages/plugin-runtime/package.json

@@ -6,7 +6,7 @@
     "build:main": "esbuild src/index.ts --bundle --platform=node --outfile=../../crates-tauri/yaak-app-client/vendored/plugin-runtime/index.cjs"
   },
   "dependencies": {
-    "ws": "^8.18.0"
+    "ws": "^8.20.1"
   },
   "devDependencies": {
     "@types/ws": "^8.5.13"

plugins/importer-curl/src/index.ts

@@ -181,6 +181,78 @@ export function convertCurl(rawData: string) {
   };
 }
 
+interface ExtractedAuthentication {
+  authenticationType: string | null;
+  authentication: Record<string, string>;
+  filteredHeaders: HttpUrlParameter[]; // headers without authorization
+}
+
+function extractAuthenticationFromHeaders(headers: HttpUrlParameter[]): ExtractedAuthentication {
+  const authorizationHeaderIndex = headers.findIndex(
+    (h) => h.name.toLowerCase() === "authorization",
+  );
+
+  const authorizationHeader = headers[authorizationHeaderIndex];
+  if (authorizationHeader == null) {
+    return {
+      authenticationType: null,
+      authentication: {},
+      filteredHeaders: headers,
+    };
+  }
+
+  const value = authorizationHeader.value.trim();
+  const spaceIndex = value.indexOf(" ");
+
+  if (spaceIndex <= 0) {
+    return {
+      authenticationType: null,
+      authentication: {},
+      filteredHeaders: headers,
+    };
+  }
+
+  const scheme = value.slice(0, spaceIndex).toLowerCase();
+  const credentials = value.slice(spaceIndex + 1).trim();
+
+  // Bearer authentication (RFC 6750)
+  if (scheme === "bearer") {
+    const filteredHeaders = headers.filter((_, i) => i !== authorizationHeaderIndex);
+    return {
+      authenticationType: "bearer",
+      authentication: { token: credentials, prefix: "Bearer" },
+      filteredHeaders,
+    };
+  }
+
+  // Basic authentication (RFC 7617)
+  if (scheme === "basic") {
+    try {
+      const decoded = Buffer.from(credentials, "base64").toString();
+      const colonIndex = decoded.indexOf(":");
+      if (colonIndex > 0) {
+        const filteredHeaders = headers.filter((_, i) => i !== authorizationHeaderIndex);
+        return {
+          authenticationType: "basic",
+          authentication: {
+            username: decoded.slice(0, colonIndex),
+            password: decoded.slice(colonIndex + 1),
+          },
+          filteredHeaders,
+        };
+      }
+    } catch {
+      // Invalid base64, keep header as-is
+    }
+  }
+
+  return {
+    authenticationType: null,
+    authentication: {},
+    filteredHeaders: headers,
+  };
+}
+
 function importCommand(parseEntries: string[], workspaceId: string) {
   // ~~~~~~~~~~~~~~~~~~~~~ //
   // Collect all the flags //
@@ -323,8 +395,23 @@ function importCommand(parseEntries: string[], workspaceId: string) {
     });
   }
 
+  // Extract authentication from Authorization headers (Bearer/Basic)
+  const {
+    authenticationType: extractedAuthenticationType,
+    authentication: extractedAuthentication,
+    filteredHeaders,
+  } = extractAuthenticationFromHeaders(headers);
+
+  // Use extracted authentication from header if found, otherwise fall back to -u/--user parsing
+  const finalAuthenticationType = extractedAuthenticationType || authenticationType;
+  const finalAuthentication = extractedAuthenticationType
+    ? extractedAuthentication
+    : authentication;
+
   // Body (Text or Blob)
-  const contentTypeHeader = headers.find((header) => header.name.toLowerCase() === "content-type");
+  const contentTypeHeader = filteredHeaders.find(
+    (header) => header.name.toLowerCase() === "content-type",
+  );
   const mimeType = contentTypeHeader ? contentTypeHeader.value.split(";")[0]?.trim() : null;
 
   // Extract boundary from Content-Type header for multipart parsing
@@ -398,7 +485,7 @@ function importCommand(parseEntries: string[], workspaceId: string) {
         value: decodeURIComponent(parameter.value || ""),
       })),
     };
-    headers.push({
+    filteredHeaders.push({
       name: "Content-Type",
       value: "application/x-www-form-urlencoded",
       enabled: true,
@@ -419,7 +506,7 @@ function importCommand(parseEntries: string[], workspaceId: string) {
       form: formDataParams,
     };
     if (mimeType == null) {
-      headers.push({
+      filteredHeaders.push({
         name: "Content-Type",
         value: "multipart/form-data",
         enabled: true,
@@ -442,9 +529,9 @@ function importCommand(parseEntries: string[], workspaceId: string) {
     urlParameters,
     url,
     method,
-    headers,
+    headers: filteredHeaders,
-    authentication,
+    authentication: finalAuthentication,
-    authenticationType,
+    authenticationType: finalAuthenticationType,
     body,
     bodyType,
     folderId: null,

plugins/importer-curl/tests/index.test.ts

@@ -332,6 +332,142 @@ describe("importer-curl", () => {
     });
   });
 
+  test("Imports Bearer token from Authorization header", () => {
+    expect(convertCurl('curl -H "Authorization: Bearer token123" https://yaak.app')).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "bearer",
+            authentication: {
+              token: "token123",
+              prefix: "Bearer",
+            },
+            headers: [],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Trims whitespace before Bearer token from Authorization header", () => {
+    expect(convertCurl('curl -H "Authorization: Bearer    token123" https://yaak.app')).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "bearer",
+            authentication: {
+              token: "token123",
+              prefix: "Bearer",
+            },
+            headers: [],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Imports Basic auth from Authorization header (base64 decoded)", () => {
+    expect(
+      convertCurl('curl -H "Authorization: Basic dXNlcjpwYXNzd29yZA==" https://yaak.app'),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "basic",
+            authentication: {
+              username: "user",
+              password: "password",
+            },
+            headers: [],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Authorization header takes precedence over -u flag", () => {
+    expect(
+      convertCurl('curl -u admin:secret -H "Authorization: Bearer token123" https://yaak.app'),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "bearer",
+            authentication: {
+              token: "token123",
+              prefix: "Bearer",
+            },
+            headers: [],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Authorization header extraction is case-insensitive", () => {
+    expect(convertCurl('curl -H "authorization: bearer lowercaseToken" https://yaak.app')).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "bearer",
+            authentication: {
+              token: "lowercaseToken",
+              prefix: "Bearer",
+            },
+            headers: [],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Preserves other headers when extracting Authorization", () => {
+    expect(
+      convertCurl('curl -H "Authorization: Bearer token123" -H "X-Custom: value" https://yaak.app'),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            authenticationType: "bearer",
+            authentication: {
+              token: "token123",
+              prefix: "Bearer",
+            },
+            headers: [{ name: "X-Custom", value: "value", enabled: true }],
+          }),
+        ],
+      },
+    });
+  });
+
+  test("Invalid base64 in Basic auth keeps header in headers", () => {
+    expect(
+      convertCurl('curl -H "Authorization: Basic not-valid-base64!!!" https://yaak.app'),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: "https://yaak.app",
+            headers: [{ name: "Authorization", value: "Basic not-valid-base64!!!", enabled: true }],
+          }),
+        ],
+      },
+    });
+  });
+
   test("Imports cookie as header", () => {
     expect(convertCurl('curl --cookie "foo=bar" https://yaak.app')).toEqual({
       resources: {