profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/cyu/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Calvin Yu cyu @RYLabs Atlanta, GA https://rylabs.io Rails, JavaScript, Serverless Partner @ R&Y Labs

cyu/beast_iphone_plugin 12

iPhone Plugin for Beast

cyu/ar_mailer 6

fork of ar_mailer gem by Eric Hodel that allows deferred batch sending of emails for Rails apps

cyu/beast_multi_site_plugin 4

Multi-Site Plugin for Beast

cyu/beast_private_message_plugin 4

A Private Message Plugin for Beast

cyu/acts_as_redeemable 3

Adds redemption capability to a model for items like coupons, invitation codes, etc.

cyu/beast_style_editor_plugin 3

Style Editor Plugin for Beast

cyu/ant-growlnotify 2

Listens to Ant build events and send them to Growl. A modified version of the ant-growlnotify listener found here: http://code.google.com/p/ant-growlnotify/

cyu/att-mobile-jam-2011 2

AT&T Mobile Hackathon 2011 app.

cyu/connect-emma 2

Super simple image processing proxy written in Node

cyu/cyu.github.com 2

The Repo for My Blog

startedfirebase/firebase-ios-sdk

started time in 8 hours

push eventsideqik/pdf-mage

Daniel Powell

commit sha a495ae6c938c6bf1b27b54ea331cce80ffa99d89

Backend for PPT export

view details

Daniel Powell

commit sha 8f6960f8b90e694a6e5873e398d68de626ee39df

combine UploadPdf and UploadPptx

view details

Daniel Powell

commit sha f109a48053d3e1fd046dedfc0a9635d061602a6f

don't revalidate aws config every time a job starts

view details

Daniel Powell

commit sha 1043f13190f50e70d06df6939268ad9f807ef4d5

remove non-s3 execution path

view details

Daniel Powell

commit sha 671fa042d593f79468213ae89822fa0441cff0ad

remove hardcoded api secret

view details

Daniel Powell

commit sha 51513b010020aa3147f5858030cfb504382ddad6

rename spec

view details

Daniel Powell

commit sha 4a52904fdb933d2dd23f257c839e5a7b1861285d

set content disposition when uploading

view details

Daniel Powell

commit sha 4f9015f012b3a6c2355e638a4bf3cedee939d51b

validate aws config at startup

view details

Daniel Powell

commit sha 72ac673c3845971c7d3124a22b33be9938f31c38

Merge branch 'pdf-mage-landscape' of https://github.com/sideqik/pdf-mage into dtp--pdf-to-ppt

view details

Daniel Powell

commit sha 94b7a956d15b01b110444e78d8b2029c1465e7c6

Merge pull request #17 from sideqik/dtp--pdf-to-ppt PPT export

view details

Daniel Powell

commit sha 3f99f094fa65aa9f9bee66d3d057e70d503f6344

Revert "pdf-landscape "

view details

Daniel Powell

commit sha 945c066c700ecbbaa9e340c942f867a6cea733d5

Merge pull request #19 from sideqik/revert-18-pdf-mage-landscape Revert "pdf-landscape "

view details

Ubuntu

commit sha 715e7c05f231eccad70909856bd8a025dae7cae0

Updates to pdf-mage to get it working with monit

view details

push time in 11 hours

startedcyu/rack-cors

started time in a day

issue closedcyu/rack-cors

How do I use Rails.application.config.hosts << "product.com" in development

My problem arises when my rails app running in development makes a request to a socket.io server on localhost:8000 I get the error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at" in the console I'm using the rack-cors gem

closed time in a day

mices

push eventsideqik/pdf-mage

dependabot[bot]

commit sha 35d538c6745ce3146e2ed7fb174baf2c4c0f3cad

Bump ws from 6.2.1 to 6.2.2 in /print-to-pdf Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/commits) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 days

delete branch sideqik/pdf-mage

delete branch : dependabot/npm_and_yarn/print-to-pdf/y18n-4.0.1

delete time in 2 days

pull request commentsideqik/pdf-mage

Bump y18n from 4.0.0 to 4.0.1 in /print-to-pdf

Superseded by #21.

dependabot[bot]

comment created time in 2 days

PR closed sideqik/pdf-mage

Bump y18n from 4.0.0 to 4.0.1 in /print-to-pdf dependencies javascript

Bumps y18n from 4.0.0 to 4.0.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yargs/y18n/blob/master/CHANGELOG.md">y18n's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.4...v5.0.5">5.0.5</a> (2020-10-25)</h3> <h3>Bug Fixes</h3> <ul> <li>address prototype pollution issue (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/108">#108</a>) (<a href="https://www.github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25">a9ac604</a>)</li> </ul> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.3...v5.0.4">5.0.4</a> (2020-10-16)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>exports:</strong> node 13.0 and 13.1 require the dotted object form <em>with</em> a string fallback (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/105">#105</a>) (<a href="https://www.github.com/yargs/y18n/commit/4f85d80dbaae6d2c7899ae394f7ad97805df4886">4f85d80</a>)</li> </ul> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.2...v5.0.3">5.0.3</a> (2020-10-16)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>exports:</strong> node 13.0-13.6 require a string fallback (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/103">#103</a>) (<a href="https://www.github.com/yargs/y18n/commit/e39921e1017f88f5d8ea97ddea854ffe92d68e74">e39921e</a>)</li> </ul> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.1...v5.0.2">5.0.2</a> (2020-10-01)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>deno:</strong> update types for deno ^1.4.0 (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/100">#100</a>) (<a href="https://www.github.com/yargs/y18n/commit/3834d9ab1332f2937c935ada5e76623290efae81">3834d9a</a>)</li> </ul> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.0...v5.0.1">5.0.1</a> (2020-09-05)</h3> <h3>Bug Fixes</h3> <ul> <li>main had old index path (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/98">#98</a>) (<a href="https://www.github.com/yargs/y18n/commit/124f7b047ba9596bdbdf64459988304e77f3de1b">124f7b0</a>)</li> </ul> <h2><a href="https://www.github.com/yargs/y18n/compare/v4.0.0...v5.0.0">5.0.0</a> (2020-09-05)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>exports maps are now used, which modifies import behavior.</li> <li>drops Node 6 and 4. begin following Node.js LTS schedule (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/89">#89</a>)</li> </ul> <h3>Features</h3> <ul> <li>add support for ESM and Deno <a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/95">#95</a>) (<a href="https://www.github.com/yargs/y18n/commit/4d7ae94bcb42e84164e2180366474b1cd321ed94">4d7ae94</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/yargs/y18n/commits">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~oss-bot">oss-bot</a>, a new releaser for y18n since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

3 comments

1 changed file

dependabot[bot]

pr closed time in 2 days

PR opened sideqik/pdf-mage

Bump y18n from 4.0.0 to 4.0.3 in /print-to-pdf

Bumps y18n from 4.0.0 to 4.0.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md">y18n's changelog</a>.</em></p> <blockquote> <h3><a href="https://www.github.com/yargs/y18n/compare/y18n-v4.0.2...y18n-v4.0.3">4.0.3</a> (2021-04-07)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>release:</strong> 4.x.x should not enforce Node 10 (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/126">#126</a>) (<a href="https://www.github.com/yargs/y18n/commit/1e21a536e9135d8403a47be88922157a706b7cde">1e21a53</a>)</li> </ul> <h3>4.0.1 (2020-11-30)</h3> <h3>Bug Fixes</h3> <ul> <li>address prototype pollution issue (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/108">#108</a>) (<a href="https://www.github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25">a9ac604</a>)</li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yargs/y18n/commit/0aa97c508ea31efadd2a27f98fed6873eefc963e"><code>0aa97c5</code></a> chore: release 4.x.x (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/128">#128</a>)</li> <li><a href="https://github.com/yargs/y18n/commit/a8e7f04f8011423ce526e9b9f7ceea190c032733"><code>a8e7f04</code></a> build(release-please): configure branch properly (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/127">#127</a>)</li> <li><a href="https://github.com/yargs/y18n/commit/1e21a536e9135d8403a47be88922157a706b7cde"><code>1e21a53</code></a> fix(release): 4.x.x should not enforce Node 10 (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/126">#126</a>)</li> <li><a href="https://github.com/yargs/y18n/commit/8dc75802f3aa944bf9a827213969d64834621215"><code>8dc7580</code></a> docs: update CHANGELOG</li> <li><a href="https://github.com/yargs/y18n/commit/7de58ca0d315990cdb38234e97fc66254cdbcd71"><code>7de58ca</code></a> fix: address prototype pollution issue</li> <li>See full diff in <a href="https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~oss-bot">oss-bot</a>, a new releaser for y18n since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 days

push eventsideqik/pdf-mage

Daniel Powell

commit sha d544b51c1c50ceb93c3bcd0cc2b8d1ca00b8edd9

configurable concurrency

view details

Ben Hirsch

commit sha a84e26588b4031893b0b1268148f67abc9cdf197

support 'scale' param

view details

Ben Hirsch

commit sha a5ca5c585b6a6bea5a04f8edd7fa134fc29bfdde

change how we compress pdfs

view details

Ben Hirsch

commit sha b6c07f104fe74da0f429242864a0cf99f075a5e3

fix ghostscript command?

view details

Ben Hirsch

commit sha 080c55af9fd417c3fb3f297479e891a1d13fb36f

Add 15s max render timeout

view details

Ben Hirsch

commit sha bc0362860672a63ac7896635f9a7eabfc8f51b47

Added comment

view details

Ben Hirsch

commit sha a31069475757654e00c065abfe5c3a482088950a

Merge pull request #16 from sideqik/bh--max-timeout Add 15s max render timeout

view details

Ben Hirsch

commit sha 09a26782940dbd4ba859fd064e5c72108d6f0d64

exit process on pdf failure

view details

Ben Hirsch

commit sha da91c8701ce08cf200ce467f0b783b583ecb4a6e

Merge branch 'bh--max-timeout'

view details

Daniel Powell

commit sha a495ae6c938c6bf1b27b54ea331cce80ffa99d89

Backend for PPT export

view details

Daniel Powell

commit sha 8f6960f8b90e694a6e5873e398d68de626ee39df

combine UploadPdf and UploadPptx

view details

Daniel Powell

commit sha f109a48053d3e1fd046dedfc0a9635d061602a6f

don't revalidate aws config every time a job starts

view details

Daniel Powell

commit sha 1043f13190f50e70d06df6939268ad9f807ef4d5

remove non-s3 execution path

view details

Daniel Powell

commit sha 671fa042d593f79468213ae89822fa0441cff0ad

remove hardcoded api secret

view details

Daniel Powell

commit sha 51513b010020aa3147f5858030cfb504382ddad6

rename spec

view details

Daniel Powell

commit sha 4a52904fdb933d2dd23f257c839e5a7b1861285d

set content disposition when uploading

view details

Michael Farrell

commit sha de66251053c9e9d7b150ef3e904ee60480bfb402

Modified to display in landscape by default. Gave ability to override height and width via args

view details

Daniel Powell

commit sha 4f9015f012b3a6c2355e638a4bf3cedee939d51b

validate aws config at startup

view details

Daniel Powell

commit sha 72ac673c3845971c7d3124a22b33be9938f31c38

Merge branch 'pdf-mage-landscape' of https://github.com/sideqik/pdf-mage into dtp--pdf-to-ppt

view details

Daniel Powell

commit sha 94b7a956d15b01b110444e78d8b2029c1465e7c6

Merge pull request #17 from sideqik/dtp--pdf-to-ppt PPT export

view details

push time in 2 days

push eventsideqik/pdf-mage

Ben Hirsch

commit sha 080c55af9fd417c3fb3f297479e891a1d13fb36f

Add 15s max render timeout

view details

Ben Hirsch

commit sha bc0362860672a63ac7896635f9a7eabfc8f51b47

Added comment

view details

Ben Hirsch

commit sha a31069475757654e00c065abfe5c3a482088950a

Merge pull request #16 from sideqik/bh--max-timeout Add 15s max render timeout

view details

Ben Hirsch

commit sha 09a26782940dbd4ba859fd064e5c72108d6f0d64

exit process on pdf failure

view details

Ben Hirsch

commit sha da91c8701ce08cf200ce467f0b783b583ecb4a6e

Merge branch 'bh--max-timeout'

view details

Daniel Powell

commit sha a495ae6c938c6bf1b27b54ea331cce80ffa99d89

Backend for PPT export

view details

Daniel Powell

commit sha 8f6960f8b90e694a6e5873e398d68de626ee39df

combine UploadPdf and UploadPptx

view details

Daniel Powell

commit sha f109a48053d3e1fd046dedfc0a9635d061602a6f

don't revalidate aws config every time a job starts

view details

Daniel Powell

commit sha 1043f13190f50e70d06df6939268ad9f807ef4d5

remove non-s3 execution path

view details

Daniel Powell

commit sha 671fa042d593f79468213ae89822fa0441cff0ad

remove hardcoded api secret

view details

Daniel Powell

commit sha 51513b010020aa3147f5858030cfb504382ddad6

rename spec

view details

Daniel Powell

commit sha 4a52904fdb933d2dd23f257c839e5a7b1861285d

set content disposition when uploading

view details

Michael Farrell

commit sha de66251053c9e9d7b150ef3e904ee60480bfb402

Modified to display in landscape by default. Gave ability to override height and width via args

view details

Daniel Powell

commit sha 4f9015f012b3a6c2355e638a4bf3cedee939d51b

validate aws config at startup

view details

Daniel Powell

commit sha 72ac673c3845971c7d3124a22b33be9938f31c38

Merge branch 'pdf-mage-landscape' of https://github.com/sideqik/pdf-mage into dtp--pdf-to-ppt

view details

Daniel Powell

commit sha 94b7a956d15b01b110444e78d8b2029c1465e7c6

Merge pull request #17 from sideqik/dtp--pdf-to-ppt PPT export

view details

Daniel Powell

commit sha 3f99f094fa65aa9f9bee66d3d057e70d503f6344

Revert "pdf-landscape "

view details

Daniel Powell

commit sha 945c066c700ecbbaa9e340c942f867a6cea733d5

Merge pull request #19 from sideqik/revert-18-pdf-mage-landscape Revert "pdf-landscape "

view details

Ubuntu

commit sha 715e7c05f231eccad70909856bd8a025dae7cae0

Updates to pdf-mage to get it working with monit

view details

dependabot[bot]

commit sha 32181466607fb2074dbb2a1be1893d94298e3b54

Bump yargs-parser from 13.1.1 to 13.1.2 in /print-to-pdf Bumps [yargs-parser](https://github.com/yargs/yargs-parser) from 13.1.1 to 13.1.2. - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/master/docs/CHANGELOG-full.md) - [Commits](https://github.com/yargs/yargs-parser/commits) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 days

push eventsideqik/pdf-mage

Ubuntu

commit sha 715e7c05f231eccad70909856bd8a025dae7cae0

Updates to pdf-mage to get it working with monit

view details

dependabot[bot]

commit sha 1e46ba89fa54250a80529edc4cdb377c1e65d761

Bump ws from 6.2.1 to 6.2.2 in /print-to-pdf Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/commits) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 days

push eventsideqik/pdf-mage

Ubuntu

commit sha 715e7c05f231eccad70909856bd8a025dae7cae0

Updates to pdf-mage to get it working with monit

view details

push time in 2 days

issue openedcyu/rack-cors

How do I use Rails.application.config.hosts << "product.com" in development

My problem arises when my rails app running in development makes a request to a socket.io server on localhost:8000 I get the error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at" in the console I'm using the rack-cors gem

created time in 3 days

startedcyu/rack-cors

started time in 3 days

delete branch RYLabs/ry-cdk-tools

delete branch : dependabot/npm_and_yarn/ws-7.4.6

delete time in 7 days

PR closed RYLabs/ry-cdk-tools

Bump ws from 7.2.5 to 7.4.6 dependencies

Bumps ws from 7.2.5 to 7.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.4.6</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a ReDoS vulnerability (00c425ec).</li> </ul> <p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used to significantly slow down a ws server.</p> <pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) { const value = 'b' + ' '.repeat(length) + 'x'; const start = process.hrtime.bigint(); <p>value.trim().split(/ *, */);</p> <p>const end = process.hrtime.bigint();</p> <p>console.log('length = %d, time = %f ns', length, end - start); } </code></pre></p> <p>The vulnerability was responsibly disclosed along with a fix in private by <a href="https://github.com/robmcl4">Robert McLaughlin</a> from University of California, Santa Barbara.</p> <p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a> and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p> <h2>7.4.5</h2> <h1>Bug fixes</h1> <ul> <li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed (23ba6b29).</li> <li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did not close the connection (67e25ff5).</li> </ul> <h2>7.4.4</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).</li> </ul> <h2>7.4.3</h2> <h1>Bug fixes</h1> <ul> <li>The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">#1840</a>).</li> </ul> <h2>7.4.2</h2> <h1>Bug fixes</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/f5297f7090f6a628832a730187c5b3a06a247f00"><code>f5297f7</code></a> [dist] 7.4.6</li> <li><a href="https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li> <li><a href="https://github.com/websockets/ws/commit/990306d1446faf346c76452409a4c11455690514"><code>990306d</code></a> [lint] Fix prettier error</li> <li><a href="https://github.com/websockets/ws/commit/32e3a8439b7c8273b44fe1adb5682f529e34d0ba"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li> <li><a href="https://github.com/websockets/ws/commit/8c914d18b86a7d1408884d18eeadae0fa41b0bb5"><code>8c914d1</code></a> [minor] Fix nits</li> <li><a href="https://github.com/websockets/ws/commit/fc7e27d12ad0af90ce05302afc85c292024000b4"><code>fc7e27d</code></a> [ci] Test on node 16</li> <li><a href="https://github.com/websockets/ws/commit/587c201bfc22c460658ca304d23477fc7ebd2a60"><code>587c201</code></a> [ci] Do not test on node 15</li> <li><a href="https://github.com/websockets/ws/commit/f67271079755e79a1ac2b40f3f4efb94ca024539"><code>f672710</code></a> [dist] 7.4.5</li> <li><a href="https://github.com/websockets/ws/commit/67e25ff50230d131d76b1061ca0be5c991df161f"><code>67e25ff</code></a> [fix] Fix case where <code>abortHandshake()</code> does not close the connection</li> <li><a href="https://github.com/websockets/ws/commit/23ba6b2922f521f2b656891a997ab562b7139dd4"><code>23ba6b2</code></a> [fix] Make UTF-8 validation work even if utf-8-validate is not installed</li> <li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.2.5...7.4.6">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in 7 days

pull request commentRYLabs/ry-cdk-tools

Bump ws from 7.2.5 to 7.4.6

Superseded by #13.

dependabot[bot]

comment created time in 7 days

PR opened RYLabs/ry-cdk-tools

Bump ws from 7.2.5 to 7.5.0

Bumps ws from 7.2.5 to 7.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.5.0</h2> <h1>Features</h1> <ul> <li>Some errors now have a <code>code</code> property describing the specific type of error that has occurred (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1901">#1901</a>).</li> </ul> <h1>Bug fixes</h1> <ul> <li>A close frame is now sent to the remote peer if an error (such as a data framing error) occurs (8806aa9a).</li> <li>The close code is now always 1006 if no close frame is received, even if the connection is closed due to an error (8806aa9a).</li> </ul> <h2>7.4.6</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a ReDoS vulnerability (00c425ec).</li> </ul> <p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used to significantly slow down a ws server.</p> <pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) { const value = 'b' + ' '.repeat(length) + 'x'; const start = process.hrtime.bigint(); <p>value.trim().split(/ *, */);</p> <p>const end = process.hrtime.bigint();</p> <p>console.log('length = %d, time = %f ns', length, end - start); } </code></pre></p> <p>The vulnerability was responsibly disclosed along with a fix in private by <a href="https://github.com/robmcl4">Robert McLaughlin</a> from University of California, Santa Barbara.</p> <p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a> and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p> <h2>7.4.5</h2> <h1>Bug fixes</h1> <ul> <li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed (23ba6b29).</li> <li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did not close the connection (67e25ff5).</li> </ul> <h2>7.4.4</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/e3f0c1720aab640fe78dc578907046fb84422ccd"><code>e3f0c17</code></a> [dist] 7.5.0</li> <li><a href="https://github.com/websockets/ws/commit/1d3f4cbb0ebb2519f6cc707e9f4344006d74ce03"><code>1d3f4cb</code></a> [doc] Fix anchor tags for error codes</li> <li><a href="https://github.com/websockets/ws/commit/6eea0d466b08a278c048092ee1cb06aee9f48cc9"><code>6eea0d4</code></a> [doc] Fix typo</li> <li><a href="https://github.com/websockets/ws/commit/bb5d44b11880861f9fb0429e2c132f435a78198b"><code>bb5d44b</code></a> [doc] Sort error codes alphabetically</li> <li><a href="https://github.com/websockets/ws/commit/c6e30806704cd1ff35282b85132bd29fca8acec8"><code>c6e3080</code></a> [minor] Attach error codes to all receiver errors (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1901">#1901</a>)</li> <li><a href="https://github.com/websockets/ws/commit/074e6a8be7275a69a407f6c1fa2270c754d2834b"><code>074e6a8</code></a> [fix] Don't call <code>ws.terminate()</code> unconditionally in <code>duplex._destroy()</code></li> <li><a href="https://github.com/websockets/ws/commit/8806aa9a836c3a616c9511adad159c65eeb153b0"><code>8806aa9</code></a> [fix] Close the connection cleanly when an error occurs</li> <li><a href="https://github.com/websockets/ws/commit/05b8ccd639a91428d7440ad350b8d4301636b2e2"><code>05b8ccd</code></a> [doc] Fix broken link (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1897">#1897</a>)</li> <li><a href="https://github.com/websockets/ws/commit/03a707884c591d56ad69c4c1ddd34cab0449b1fe"><code>03a7078</code></a> [doc] Remove unsafe regex from code snippet</li> <li><a href="https://github.com/websockets/ws/commit/7ee31157d7b14bb94e0d0fd223a4a5508f4c39b9"><code>7ee3115</code></a> [doc] Add logo to coverage badge</li> <li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.2.5...7.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 7 days

create barnchRYLabs/ry-cdk-tools

branch : dependabot/npm_and_yarn/ws-7.5.0

created branch time in 7 days

startedcyu/rack-cors

started time in 7 days

startedfirebase/extensions

started time in 7 days

PR opened RYLabs/ry-cdk-tools

Reviewers
updated AWS ElasticBeanstalk policy
+1 -1

0 comment

1 changed file

pr created time in 7 days

create barnchRYLabs/ry-cdk-tools

branch : update_elasticbeanstalk_policy

created branch time in 7 days

startedcyu/rack-cors

started time in 7 days

startedcyu/rack-cors

started time in 8 days

startedplaid/plaid-link-ios

started time in 11 days

PR opened RYLabs/redir-cli

Bump glob-parent from 5.0.0 to 5.1.2

Bumps glob-parent from 5.0.0 to 5.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gulpjs/glob-parent/releases">glob-parent's releases</a>.</em></p> <blockquote> <h2>v5.1.2</h2> <h3>Bug Fixes</h3> <ul> <li>eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366">f923116</a>)</li> </ul> <h2>v5.1.1</h2> <h3>Bug Fixes</h3> <ul> <li>unescape exclamation mark (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/26">#26</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/a98874f1a59e407f4fb1beb0db4efa8392da60bb">a98874f</a>)</li> </ul> <h2>v5.1.0</h2> <h3>Features</h3> <ul> <li>add <code>flipBackslashes</code> option to disable auto conversion of slashes (closes <a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/24">#24</a>) (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/25">#25</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/eecf91d5e3834ed78aee39c4eaaae654d76b87b3">eecf91d</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md">glob-parent's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2">5.1.2</a> (2021-03-06)</h3> <h3>Bug Fixes</h3> <ul> <li>eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366">f923116</a>)</li> </ul> <h2><a href="https://www.github.com/gulpjs/glob-parent/compare/v5.1.2...v6.0.0">6.0.0</a> (2021-05-03)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Correct mishandled escaped path separators (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/34">#34</a>)</li> <li>upgrade scaffold, dropping node <10 support</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Correct mishandled escaped path separators (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/34">#34</a>) (<a href="https://www.github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47">32f6d52</a>), closes <a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/32">#32</a></li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>upgrade scaffold, dropping node <10 support (<a href="https://www.github.com/gulpjs/glob-parent/commit/e83d0c5a411947cf69eb58f36349db80439c606f">e83d0c5</a>)</li> </ul> <h3><a href="https://github.com/gulpjs/glob-parent/compare/v5.1.0...v5.1.1">5.1.1</a> (2021-01-27)</h3> <h3>Bug Fixes</h3> <ul> <li>unescape exclamation mark (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/26">#26</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/a98874f1a59e407f4fb1beb0db4efa8392da60bb">a98874f</a>)</li> </ul> <h2><a href="https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.0">5.1.0</a> (2021-01-27)</h2> <h3>Features</h3> <ul> <li>add <code>flipBackslashes</code> option to disable auto conversion of slashes (closes <a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/24">#24</a>) (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/25">#25</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/eecf91d5e3834ed78aee39c4eaaae654d76b87b3">eecf91d</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gulpjs/glob-parent/commit/eb2c439de448c779b450472e591a2bc9e37e9668"><code>eb2c439</code></a> chore: update changelog</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/12bcb6c45c942e2d05fc1e6ff5402e72555b54b6"><code>12bcb6c</code></a> chore: release 5.1.2</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366"><code>f923116</code></a> fix: eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>)</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/0b014a7962789b2d8f2cf0b6311f40667aecd62c"><code>0b014a7</code></a> chore: add JSDoc returns information (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/33">#33</a>)</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/2b24ebd64b2a045aa167c825376335555da139fd"><code>2b24ebd</code></a> chore: generate initial changelog</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/9b6e8747ddf664c9b1a36fbd2a23e43a35b8a52f"><code>9b6e874</code></a> chore: release 5.1.1</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/749c35ee084498ebb1ce8cc9cf655f6aa4d623c5"><code>749c35e</code></a> ci: try wrapping the JOB_ID in a string</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/5d39def48c9e9eaee0ca36dafdf7b6cdcd875b85"><code>5d39def</code></a> ci: attempt to switch to published coveralls</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/0b5b37f674a7e207457c99cb2f123299e5ab31c9"><code>0b5b37f</code></a> ci: put the npm step back in for only Windows</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/473f5d87644bf19f32c53de21d2420f03aa02e5a"><code>473f5d8</code></a> ci: update azure build images</li> <li>Additional commits viewable in <a href="https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 13 days

create barnchRYLabs/redir-cli

branch : dependabot/npm_and_yarn/glob-parent-5.1.2

created branch time in 13 days