profile
viewpoint
Fedor Indutny indutny @paypal USA http://darksi.de/ While being kept on ice in a Cryostasis Chamber, Fedor Indutny was held in the HYDRA Siberian Facility alongside other Winter Soldiers...

bcoin-org/bcoin 2209

Javascript bitcoin library for node.js and browsers

heapwolf/EventVat 112

An evented, in-process key/value store for small volatile working sets in Node.js or the Browser

gypkg/gypkg 51

GYP-based package manager

Hackchain/hackchain 50

Continuous bitcoin-inspired capture-the-flag challenge. (Alpha)

bcoin-org/plasma 47

Lightning network for BCoin

hyperbloom/hyperbloom 39

HyperBloom Swarm

derivepass/scrypt 26

Dumb self-contained scrypt implementation

hyperbloom/hyperbloom-protocol 25

Implementation of HyperBloom Protocol

derivepass/derivepass 21

CLI and iOS Password derivation utility

created tagindutny/json-stream-sanitizer

tagv1.1.1

Sanitize strings in JSON stream

created time in 15 hours

push eventindutny/json-stream-sanitizer

Fedor Indutny

commit sha c6af583405978c67e6c68ae0ac21c84732db95fd

lib: decode escaped unicode for consistency

view details

Fedor Indutny

commit sha 6ffd90c12c60daaee1b586e81bfc78586f07f066

1.1.1

view details

push time in 15 hours

push eventindutny/json-stream-sanitizer

Fedor Indutny

commit sha 31c474a7964bd026e52e8dce96b932141f28b51a

readme: moar badges

view details

push time in 15 hours

created tagindutny/json-stream-sanitizer

tagv1.1.0

Sanitize strings in JSON stream

created time in 15 hours

push eventindutny/json-stream-sanitizer

Fedor Indutny

commit sha 7e9e2e2aa9047dee4318da572ed4aba7b27fa172

lib: custom sanitize function

view details

Fedor Indutny

commit sha bfdf66d57d370afbc4d1f9166923ea9b7bb08cfa

1.1.0

view details

push time in 15 hours

issue commentindutny/elliptic

Remove all dependencies

@paulmillr I don't mind adding new maintainer(s) to elliptic. The plan that you suggested does not align with the vision of the project that I had initially. As you pointed out, the landscape of JavaScript has changed significantly in recent years (addition of BigInts and other features) and this library haven't been revised to adapt some of these technologies. However, I don't think that moving this library away from bn.js and/or other dependencies (except forinherits which is indeed is no longer necessary) is the course that maintainers should take.

As glorious as BigInts are - one would have to reimplement good part of bn.js in order to not compromise the performance of elliptic. Just for the starters BigInt does not have efficient modular division for primes like secp256k1 or ed25519 have. There are way more cases that would show up in the benchmarks and might not be trivial to fix.

paulmillr

comment created time in a day

PR closed nodejs/llhttp

Reviewers
http: refactoring `http.ts`

Refactoring invokePausable function inside http.ts file to use switch case instead of if-else-if.

+40 -30

2 comments

1 changed file

nemanjapetrovic

pr closed time in a day

pull request commentnodejs/llhttp

http: refactoring `http.ts`

Thank you so much for your contribution!

Unfortunately, I don't think that this Pull Request is going to be merged. The commit says refactor, but the changes apply mostly to code style (with an exception of switch statement that you mentioned in the PR description). Style is subjective and I'd rather not make changes unless they:

  • Fix an issue
  • Improve performance
  • Introduce new features
  • Make code more consistent

It might be very well possible that the code as it in http.ts is is not consistent with the rest of the code in this repo. If you find it to be the case - could you consider modifying tslint configuration so that it would catch such inconsistencies?

Thanks!

nemanjapetrovic

comment created time in a day

created tagindutny/json-stream-sanitizer

tagv1.0.2

Sanitize strings in JSON stream

created time in 2 days

push eventindutny/json-stream-sanitizer

Fedor Indutny

commit sha 3c4845a75d24511a3638d6325b064f28fccbacd0

lib: optimize, benchmark

view details

Fedor Indutny

commit sha ecbe42a4973f3baba363e876c673bb228d5d52a9

1.0.2

view details

push time in 2 days

created tagindutny/json-stream-sanitizer

tagv1.0.1

Sanitize strings in JSON stream

created time in 2 days

push eventindutny/json-stream-sanitizer

Fedor Indutny

commit sha 7e51011817c46ece9a89a9a2930d9de38300b76c

lib: small improvements

view details

Fedor Indutny

commit sha 5d080954577a2ea986b7195decd17788a6253599

1.0.1

view details

push time in 2 days

created tagindutny/json-stream-sanitizer

tagv1.0.0

Sanitize strings in JSON stream

created time in 2 days

create barnchindutny/json-stream-sanitizer

branch : master

created branch time in 2 days

created repositoryindutny/json-stream-sanitizer

Sanitize strings in JSON stream

created time in 2 days

created tagindutny/json-depth-stream

tagv2.4.1

Streaming JSON parser with depth-limited auxiliary data

created time in 2 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha f3887334514dea999414dd5704941ef6c7872557

Revert "lib: emit `chunk` along with offsets" This reverts commit 62ca591d3470e6b5b28c5a85ce27848ef5a20b0d.

view details

Fedor Indutny

commit sha 7f529bdd175ff233ec1278d68941477902598048

2.4.1

view details

push time in 2 days

created tagindutny/json-depth-stream

tagv2.4.0

Streaming JSON parser with depth-limited auxiliary data

created time in 2 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 62ca591d3470e6b5b28c5a85ce27848ef5a20b0d

lib: emit `chunk` along with offsets

view details

Fedor Indutny

commit sha 8dfcff55c12fa478ea7d7427e9fa26ce9dfd4da9

2.4.0

view details

push time in 2 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 0065494c90c763dc66e42406e50ca441e81160ce

readme: fix typo

view details

push time in 2 days

issue closedindutny/json-depth-stream

Is there an any key?

I'd like to query @ 3-levels deep, returning every key with a path like users/${uid}/firstName

I've tried true and '*', but no dice

closed time in 2 days

brandonmp

created tagindutny/json-depth-stream

tagv2.3.0

Streaming JSON parser with depth-limited auxiliary data

created time in 2 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 15df8c94167b5df923f6ecf9697810e12d088ff1

2.3.0

view details

push time in 2 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha a4a27afa18358e7bfb0394eeaab05a6b20fe8cb0

query: use `class` declaration

view details

Fedor Indutny

commit sha 5648601c1ac0fafee66a300eb64be186bbf8f0c7

stream-indexer: use `class`

view details

push time in 2 days

pull request commentnodejs/http-parser

Correct test name and numbering

I don't think we need further review on this PR. Feel free to land it!

sam-github

comment created time in 5 days

CommitCommentEvent

issue closedindutny/elliptic

Remove all dependencies

Every dependency is a potential security vulnerability. Consider three cases:

  • Reputable developer giving project rights to a rogue developer in a good faith (happened before). https://medium.com/intrinsic/compromised-npm-package-event-stream-d47d08605502
  • Reputable developer getting hacked and having a bad package published.
  • Rogue developer creating new project, waiting for it to become popular and pushing a bad version after that (happened before). https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm

I think it's very bad for such an important library to rely on tons of dependencies. Auditing bn.js, for example, is terrible.

I suggest:

  • Bumping elliptic to v7 to identify breaking change
  • Bumping minimum node.js requirement to v10 because v10 supports bigints
  • Replacing bn.js with native bigints
  • Integrating all other dependencies. Maybe make an exception for hash.js etc, keeping a few up.

I can open a pull request if you want to improve security.

closed time in 6 days

paulmillr

issue commentindutny/elliptic

Remove all dependencies

Thank you for feedback. I'm not sure if there are any plans of active development of this library at the moment.

I wouldn't mind if someone would fork and experiment with elliptic. Surely it would be interesting to see it ported from bn.js to BigInts and to compare the resulting performance!

Since it is unlikely that maintainers of this library will partake in such activity - I'm closing this issue.

paulmillr

comment created time in 6 days

issue commentnodejs/llhttp

running tests causing clang to abort on double free

I'm using:

Apple clang version 11.0.0 (clang-1100.0.33.17)

and it appears to be compiling alright for me...

sam-github

comment created time in 7 days

issue commentnodejs/llhttp

running tests causing clang to abort on double free

I think I should just botch bitcode output. It is causing more problems than it solves (it solves none).

This, for example, looks like a plain clang bug.

sam-github

comment created time in 7 days

issue commentnodejs/node

HPE_INVALID_HEADER_TOKEN on http requests

Not sure if the second option has been mentioned here yet, but it is to use insecureHTTPParser: true for particular server or client request: https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener

faberyx

comment created time in 8 days

issue commentnodejs/node

HPE_INVALID_HEADER_TOKEN on http requests

@jamiechong have you tried either of options suggested above?

faberyx

comment created time in 8 days

fork indutny/deno

A secure JavaScript and TypeScript runtime

https://deno.land/

fork in 10 days

created tagnodejs/llhttp

tagv2.0.4

Port of http_parser to llparse

created time in 13 days

created tagnodejs/llhttp

tagrelease/v2.0.4

Port of http_parser to llparse

created time in 13 days

push eventnodejs/llhttp

Fedor Indutny

commit sha fc774908f5ae0200bb835464664ec816af1d2875

release: 2.0.4

view details

push time in 13 days

push eventnodejs/llhttp

Fedor Indutny

commit sha 0c9d80327e40cb8eb142ac5259428be594187df8

2.0.4

view details

push time in 13 days

push eventnodejs/llhttp

Fedor Indutny

commit sha bfd528c3e3de19df62499e16bb84d5f4c5a13fb3

src: new error code INVALID_TRANSFER_ENCODING PR-URL: https://github.com/nodejs-private/llhttp-private/pull/1 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

view details

Fedor Indutny

commit sha ea9402ced65c52d1fc895ec60810bd718286a06d

test: extra tests for lenient mode PR-URL: https://github.com/nodejs-private/llhttp-private/pull/1 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

view details

push time in 13 days

delete tag nodejs/llhttp

delete tag : v2.0.4

delete time in 13 days

delete tag nodejs/llhttp

delete tag : release/v2.0.4

delete time in 13 days

push eventnodejs/llhttp

push time in 13 days

created tagnodejs/http-parser

tagv2.9.3

http request/response parser for c

created time in 13 days

push eventnodejs/http-parser

Fedor Indutny

commit sha a0c034c0c7698c08f8dc8c8d0257305f6280c27b

v2.9.3

view details

push time in 13 days

push eventnodejs/http-parser

Fedor Indutny

commit sha 7d5c99d09f6743b055d53fc3f642746d9801479b

Support multi-coding Transfer-Encoding `Transfer-Encoding` header might have multiple codings in it. Even though llhttp cares only about `chunked`, it must check that `chunked` is the last coding (if present). ABNF from RFC 7230: ``` Transfer-Encoding = *( "," OWS ) transfer-coding *( OWS "," [ OWS transfer-coding ] ) transfer-coding = "chunked" / "compress" / "deflate" / "gzip" / transfer-extension transfer-extension = token *( OWS ";" OWS transfer-parameter ) transfer-parameter = token BWS "=" BWS ( token / quoted-string ) ``` However, if `chunked` is not last - llhttp must assume that the encoding and size of the body is unknown (according to 3.3.3 of RFC 7230) and read the response until EOF. For request - the error must be raised for an unknown `Transfer-Encoding`. Furthermore, 3.3.3 of RFC 7230 explicitly states that presence of both `Transfer-Encoding` and `Content-Length` indicates the smuggling attack and "ought to be handled as an error". For the lenient mode: * Unknown `Transfer-Encoding` in requests is not an error and request body is simply read until EOF (end of connection) * Only `Transfer-Encoding: chunked` together with `Content-Length` would result an error (just like before the patch) PR-URL: https://github.com/nodejs-private/http-parser-private/pull/4 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

view details

push time in 13 days

created tagnodejs/llhttp

tagv2.0.4

Port of http_parser to llparse

created time in 13 days

created tagnodejs/llhttp

tagrelease/v2.0.4

Port of http_parser to llparse

created time in 13 days

push eventnodejs/llhttp

Fedor Indutny

commit sha ed117a4a674b2e87aab0b8edc8c631f3b4323ea7

release: 2.0.4

view details

push time in 13 days

push eventnodejs/llhttp

Fedor Indutny

commit sha e19af786a172a8ba71a3d13fccc0fd4dfe4b1b94

http: support multi-coding Transfer-Encoding `Transfer-Encoding` header might have multiple codings in it. Even though llhttp cares only about `chunked`, it must check that `chunked` is the last coding (if present). ABNF from RFC 7230: ``` Transfer-Encoding = *( "," OWS ) transfer-coding *( OWS "," [ OWS transfer-coding ] ) transfer-coding = "chunked" / "compress" / "deflate" / "gzip" / transfer-extension transfer-extension = token *( OWS ";" OWS transfer-parameter ) transfer-parameter = token BWS "=" BWS ( token / quoted-string ) ``` However, if `chunked` is not last - llhttp must assume that the encoding and size of the body is unknown (according to 3.3.3 of RFC 7230) and read the response until EOF. For request - the error must be raised for an unknown `Transfer-Encoding`. Furthermore, 3.3.3 of RFC 7230 explicitly states that presence of both `Transfer-Encoding` and `Content-Length` indicates the smuggling attack and "ought to be handled as an error". For the lenient mode: * Unknown `Transfer-Encoding` in requests is not an error and request body is simply read until EOF (end of connection) * Only `Transfer-Encoding: chunked` together with `Content-Length` would result an error (just like before the patch) PR-URL: https://github.com/nodejs-private/llhttp-private/pull/1 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

view details

Fedor Indutny

commit sha db7a74177f4ee7c285fe1bf6ce6159a9efb12264

2.0.4

view details

push time in 13 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

Np at all. Glad it worked! You have a good evening as well!

Mickael-van-der-Beek

comment created time in 13 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

Could you try calling .initialize() on the parser?

Mickael-van-der-Beek

comment created time in 13 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

Ah, you haven't initialized the parser:

  parser.initialize(
    HTTPParser.REQUEST,
    new HTTPServerAsyncResource('HTTPINCOMINGMESSAGE', socket)
  );

As I said before, it is not easy to use this outside of Node.js core...

Mickael-van-der-Beek

comment created time in 14 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

It is likely that there is some mandatory callback missing. Let me see.

As for your case, wouldn't it be easier (and less dependent on the internals) to just create a server and do server.emit('connection', yourInputStream) and then send request events to the output stream?

Mickael-van-der-Beek

comment created time in 14 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

The process.binding(...) should work without any changes on your end since llhttp and http-parser are interoperable (at least when it comes to their JS APIs).

Mickael-van-der-Beek

comment created time in 14 days

issue commentnodejs/llhttp

Q: How to import the bindings in Node.js?

Hello!

That stackoverflow page is referring to http-parser-js which is a JavaScript port of http-parser. I believe it is still possible to use this module, because it doesn't use any C/C++ bindings at all.

It is not clear what you'd like to do, however. Do you want to run old HTTP parser or new HTTP parser? Do you want to run it manually (i.e. outside of http.createServer()/http.request)?

Mickael-van-der-Beek

comment created time in 14 days

issue commentnodejs/node

discussion: can http-parser be replaced with llhttp in LTS (10.x and 12.x)?

@sam-github FWIW, with the exception of few outliers, most of http-parser tests were ported to llhttp.

sam-github

comment created time in 14 days

created tagpeerlinks/peerlinks-desktop

tagv3.9.8

Distributed Secure IRC | Desktop client for PeerLinks protocol

created time in 18 days

push eventpeerlinks/peerlinks-desktop

Fedor Indutny

commit sha 6abfe94819bbf8b3e3070f27f582ccafe52e53ff

package: bump protocol

view details

Fedor Indutny

commit sha f95ce33962efb9ff04e945e13962849526d49a9a

3.9.8

view details

push time in 18 days

push eventpeerlinks/peerlinks-server

Fedor Indutny

commit sha d61e861a1264e210ee2be5d3277c2fb514b2820b

package: bump protocol

view details

push time in 18 days

created tagpeerlinks/peerlinks

tagv7.4.3

Distributed Secure IRC | Protocol Implementation

created time in 18 days

push eventpeerlinks/peerlinks

Fedor Indutny

commit sha d4f6f622d8d7a592d94885422cd78c271be8f6ba

message: pass message timestamp to `getLeafKey`

view details

Fedor Indutny

commit sha 8f5f65e6b4908a5e315b48997d874e295972443d

7.4.3

view details

push time in 18 days

created tagpeerlinks/peerlinks-desktop

tagv3.9.7

Distributed Secure IRC | Desktop client for PeerLinks protocol

created time in 18 days

push eventpeerlinks/peerlinks-desktop

Fedor Indutny

commit sha be5f54fc1ee86a2c128484d90f595868b27c926e

package: bump deps

view details

Fedor Indutny

commit sha 8031cb1e7fe245835d14bef6c11aac777d36b9e2

3.9.7

view details

push time in 18 days

push eventpeerlinks/peerlinks-server

Fedor Indutny

commit sha 0cf5b976d06843f8033699c26e5ec36af25fe3f8

package: bump deps

view details

push time in 18 days

created tagpeerlinks/peerlinks-swarm

tagv3.0.6

Distributed Secure IRC | Integration of PeerLinks with hyperswarm

created time in 18 days

push eventpeerlinks/peerlinks-swarm

Fedor Indutny

commit sha f23a29eddaa68e5e5e62f95219fb37f3984052e5

package: bump deps

view details

Fedor Indutny

commit sha 886f9c8e97fa363d3b69b844a391fbf1a6f1e66d

3.0.6

view details

push time in 18 days

pull request commentderivepass/derivepass-vue

pages: home page english editorial update

Updated! Sorry for delay!

Fishrock123

comment created time in 20 days

push eventderivepass/derivepass-vue

Fedor Indutny

commit sha deb4fb38332f9df8bcc81d9662ad0141474e4149

package: specify `engines` for now.sh

view details

push time in 20 days

pull request commentderivepass/derivepass-vue

pages: home page english editorial update

Looks like there's been a problem with now.sh deploys. Attempting fixing it...

Fishrock123

comment created time in 20 days

created tagindutny/json-depth-stream

tagv2.2.3

Streaming JSON parser with depth-limited auxiliary data

created time in 20 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha c589175771e2d6cc9c6cccb03e27aba43484777b

2.2.3

view details

push time in 20 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 7cf486babc7f6e50dc03058669ff558f529cd1b1

travis: bump

view details

push time in 20 days

PR closed indutny/json-depth-stream

build(deps-dev): bump eslint from 3.19.0 to 4.18.2 dependencies

Bumps eslint from 3.19.0 to 4.18.2. <details> <summary>Release notes</summary>

Sourced from eslint's releases.

v4.18.2

  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
  • 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
  • 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
  • a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
  • aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)

v4.18.1

  • f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
  • 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
  • 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)

v4.18.0

  • 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
  • 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
  • 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
  • e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
  • f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
  • 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
  • 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
  • 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
  • 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
  • bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
  • d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
  • f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo)

v4.17.0

  • 1da1ada Update: Add "multiline" type to padding-line-between-statements (#8668) (Matthew Bennett)
  • bb213dc Chore: Use messageIds in some of the core rules (#9648) (Jed Fox)
  • 1aa1970 Docs: remove outdated rule naming convention (#9925) (Teddy Katz)
  • 3afaff6 Docs: Add prefer-destructuring variable reassignment example (#9873) (LePirlouit)
  • d20f6b4 Fix: Typo in error message when running npm (#9866) (Maciej Kasprzyk)
  • 51ec6a7 Docs: Use GitHub Multiple PR/Issue templates (#9911) (Kai Cataldo)
  • dc80487 Update: space-unary-ops uses astUtils.canTokensBeAdjacent (fixes #9907) (#9906) (Kevin Partington)
  • 084351b Docs: Fix the messageId example (fixes #9889) (#9892) (Jed Fox)
  • 9cbb487 Docs: Mention the globals key in the no-undef docs (#9867) (Dan Dascalescu)

v4.16.0

  • e26a25f Update: allow continue instead of if wrap in guard-for-in (fixes #7567) (#9796) (Michael Ficarra)
  • af043eb Update: Add NewExpression support to comma-style (#9591) (Frazer McLean)
  • 4f898c7 Build: Fix JSDoc syntax errors (#9813) (Matija Marohnić)
  • 13bcf3c Fix: Removing curly quotes in no-eq-null report message (#9852) (Kevin Partington)
  • b96fb31 Docs: configuration hierarchy for CLIEngine options (fixes #9526) (#9855) (PiIsFour)
  • 8ccbdda Docs: Clarify that -c configs merge with .eslintrc.* (fixes #9535) (#9847) (Kevin Partington)
  • 978574f Docs: Fix examples for no-useless-escape (#9853) (Toru Kobayashi) </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from eslint's changelog.

v4.18.2 - March 2, 2018

  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
  • 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
  • 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
  • a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
  • aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)

v4.18.1 - February 20, 2018

  • f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
  • 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
  • 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)

v4.18.0 - February 16, 2018

  • 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
  • 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
  • 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
  • e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
  • f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
  • 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
  • 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
  • 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
  • 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
  • bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
  • d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
  • f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo)

v4.17.0 - February 2, 2018

  • 1da1ada Update: Add "multiline" type to padding-line-between-statements (#8668) (Matthew Bennett)
  • bb213dc Chore: Use messageIds in some of the core rules (#9648) (Jed Fox)
  • 1aa1970 Docs: remove outdated rule naming convention (#9925) (Teddy Katz)
  • 3afaff6 Docs: Add prefer-destructuring variable reassignment example (#9873) (LePirlouit)
  • d20f6b4 Fix: Typo in error message when running npm (#9866) (Maciej Kasprzyk)
  • 51ec6a7 Docs: Use GitHub Multiple PR/Issue templates (#9911) (Kai Cataldo)
  • dc80487 Update: space-unary-ops uses astUtils.canTokensBeAdjacent (fixes #9907) (#9906) (Kevin Partington)
  • 084351b Docs: Fix the messageId example (fixes #9889) (#9892) (Jed Fox)
  • 9cbb487 Docs: Mention the globals key in the no-undef docs (#9867) (Dan Dascalescu)

v4.16.0 - January 19, 2018

  • e26a25f Update: allow continue instead of if wrap in guard-for-in (fixes #7567) (#9796) (Michael Ficarra)
  • af043eb Update: Add NewExpression support to comma-style (#9591) (Frazer McLean) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 22ff6f3 4.18.2
  • 817b84b Build: changelog update for 4.18.2
  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020)
  • 33177cd Chore: make library files non-executable (#10021)
  • 558ccba Chore: refactor directive comment processing (#10007)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010)
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+364 -388

0 comment

2 changed files

dependabot[bot]

pr closed time in 20 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha f31ffb2400286704d5085b39e7b09eb377725b0f

src: re-format with new eslint

view details

push time in 20 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 5e0cc4f13b797dbd66fd280a6160b8735b2ee214

readme: update benchmark

view details

push time in 21 days

created tagindutny/json-depth-stream

tagv2.2.2

Streaming JSON parser with depth-limited auxiliary data

created time in 21 days

push eventindutny/json-depth-stream

Fedor Indutny

commit sha 79be8b12c1abcb0a3aedb42b75b36f9fa5742f42

package: bump deps

view details

Fedor Indutny

commit sha c4dca82bdd0b7b17a8c689b16fa2f9da4f21a208

2.2.2

view details

push time in 21 days

pull request commentnodejs/llparse

table-lookup: always pad SSE blobs to prevent OOB

@jsteemann published rebuilt llhttp@2.0.3 .

indutny

comment created time in 22 days

created tagnodejs/llhttp

tagrelease/v2.0.3

Port of http_parser to llparse

created time in 22 days

created tagnodejs/llhttp

tagv2.0.3

Port of http_parser to llparse

created time in 22 days

push eventnodejs/llhttp

Fedor Indutny

commit sha 3ea75a4af898918dc667e1255d0be87fa580b3f3

release: 2.0.3

view details

push time in 22 days

push eventnodejs/llhttp

Fedor Indutny

commit sha 36a7cc65298bdd6d89a210caf5062b9eb9449dc0

package: bump deps

view details

Fedor Indutny

commit sha 89e7ebf3ac52045d2a27aba15d42b6ae26a66e4a

2.0.3

view details

push time in 22 days

pull request commentnodejs/llparse

table-lookup: always pad SSE blobs to prevent OOB

Thank you!

indutny

comment created time in 22 days

created tagnodejs/llparse

tagv6.2.2

Generating parsers in LLVM IR

created time in 22 days

push eventnodejs/llparse

Fedor Indutny

commit sha fb385803af18ce71132e0164de7cb04d84196581

6.2.2

view details

push time in 22 days

delete branch nodejs/llparse

delete branch : fix/oob-sse-loads

delete time in 22 days

push eventnodejs/llparse

Fedor Indutny

commit sha c1775a4aa8e1c5bea1f55e5bd44e971bec27a5a8

table-lookup: always pad SSE blobs to prevent OOB (#38) The compiler may allocate the arrays at the end of the readable page, which could lead to page fault and termination of the program. Always append enough padding bytes to the SSE blobs to make sure that out-of-band read cannot happen. Original-PR: https://github.com/nodejs/llparse/pull/37 Credit: jsteemann <jan@arangodb.com> PR-URL: https://github.com/nodejs/llparse/pull/38 Reviewed-By: jsteemann <jan@arangodb.com>

view details

push time in 22 days

PR merged nodejs/llparse

table-lookup: always pad SSE blobs to prevent OOB

The compiler may allocate the arrays at the end of the readable page, which could lead to page fault and termination of the program. Always append enough padding bytes to the SSE blobs to make sure that out-of-band read cannot happen.

Original-PR: https://github.com/nodejs/llparse/pull/37 Credit: jsteemann jan@arangodb.com

cc @jsteemann

+8 -1

0 comment

1 changed file

indutny

pr closed time in 22 days

pull request commentnodejs/llparse

prevent out-of-bounds reads when using SSE 4.2.

Ohhh, I didn't think of it. Thank you for taking even more time to explain it to me!

I have opened a PR with a suggested alternative fix: https://github.com/nodejs/llparse/pull/38/files . Would really appreciate if you could take a look at it!

Thanks again!

jsteemann

comment created time in 22 days

PR opened nodejs/llparse

table-lookup: always pad SSE blobs to prevent OOB

The compiler may allocate the arrays at the end of the readable page, which could lead to page fault and termination of the program. Always append enough padding bytes to the SSE blobs to make sure that out-of-band read cannot happen.

Original-PR: https://github.com/nodejs/llparse/pull/37 Credit: jsteemann jan@arangodb.com

cc @jsteemann

+8 -1

0 comment

1 changed file

pr created time in 22 days

create barnchnodejs/llparse

branch : fix/oob-sse-loads

created branch time in 22 days

pull request commentnodejs/llparse

prevent out-of-bounds reads when using SSE 4.2.

Oh, good catch! I hadn't considered that it could be a UB. My initial thoughts were that it could be a side-channel timing issue, but all tests that I did on my CPU did not reveal any timing differences.

Do you think it would make more sense to patch it at the place of creation of the blob: https://github.com/nodejs/llparse/blob/master/src/implementation/c/node/table-lookup.ts#L126 and pad subRanges to make sure that it is at least 128 bits long.

Thanks for the patch!

jsteemann

comment created time in 22 days

push eventpeerlinks/peerlinks-desktop

Fedor Indutny

commit sha f06f6c85081dfc6feff418b58d8f5a8942018014

package: bump deps

view details

push time in 25 days

issue commentnodejs/node

discussion: can http-parser be replaced with llhttp in LTS (10.x and 12.x)?

It's been several months since initial release of llhttp as a default parser in v13. To the best of my knowledge, there are no significant behavior deviations when compared to http_parser.

I agree with @mcollina's compromise proposal. Moving v12 to llhttp while keeping v10 on http_parser is reasonable.

sam-github

comment created time in a month

issue closedindutny/tlsnappy

death listener registration error

Hi all, I've been working on a tool to identify instances of events registered to the wrong object in uses of some JavaScript event-driven APIs, as part of a research project. The tool flagged line 49 in example/server.js, on the registration of the listener for death.

The reason I believe this is an error is as follows (from looking at the nodejs cluster API documentation): the listener for death is registered on the return from the call to cluster.fork(). However, death is not an event on cluster.Worker.

Thanks!

closed time in a month

emarteca

issue commentindutny/tlsnappy

death listener registration error

Hey!

This is a very very old module and it uses outdated event names. I don't think that anyone uses it nor that it compiles for the recent Node.js versions.

Thank you for reaching out and good luck with your research!

emarteca

comment created time in a month

pull request commentnodejs/llparse-test-fixture

Fixture build async

Released as a major version bump.

fanatid

comment created time in a month

created tagnodejs/llparse-test-fixture

tagv4.0.0

A test fixture for LLParse (and similar modules)

created time in a month

push eventnodejs/llparse-test-fixture

Fedor Indutny

commit sha ace3c24b7cdb362a868d0dfe1beda845d5d28424

4.0.0

view details

push time in a month

more