04e16463d1
http: do not allow OBS fold in headers by default
...
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Fixes: https://hackerone.com/reports/2237099
PR-URL: https://github.com/nodejs-private/node-private/pull/556
CVE-ID: CVE-2024-27982
2024-04-03 11:38:30 -03:00
e9ff81016d
deps: update llhttp to 9.1.2
...
PR-URL: https://github.com/nodejs/node/pull/48981
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-09-16 11:08:18 +00:00
fd36a8dadb
deps: update llhttp to 8.1.0
...
PR-URL: https://github.com/nodejs/node/pull/44967
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
2022-10-12 15:36:23 +02:00
ec0d8da838
deps: upgrade llhttp to 6.0.9
...
PR-URL: https://github.com/nodejs/node/pull/44344
Fixes: https://github.com/nodejs/node/issues/43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2022-08-25 01:28:49 +00:00
d9b71f4c24
http: stricter Transfer-Encoding and header separator parsing
...
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/315
CVE-ID: CVE-2022-32215,CVE-2022-32214,CVE-2022-32212
2022-07-07 13:20:40 -03:00
c2e3f85dde
deps: update llhttp to 6.0.4
...
Refs: https://hackerone.com/reports/1238099
Refs: https://hackerone.com/reports/1238709
Refs: https://github.com/nodejs-private/llhttp-private/pull/6
Refs: https://github.com/nodejs-private/llhttp-private/pull/5
CVE-ID: CVE-2021-22959
CVE-ID: CVE-2021-22960
PR-URL: https://github.com/nodejs-private/node-private/pull/284
Reviewed-By: Akshay K <iit.akshay@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
2021-10-12 15:40:02 +01:00
bfee9daaa5
deps: update llhttp to 6.0.0
...
See: https://github.com/nodejs/node/pull/37678#issuecomment-821156758
PR-URL: https://github.com/nodejs/node/pull/38277
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
2021-04-19 01:37:27 +00:00
6a1986d50a
deps: update llhttp to 5.1.0
...
PR-URL: https://github.com/nodejs/node/pull/38146
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniele Belardi <dwon.dnl@gmail.com>
2021-04-10 14:31:34 -07:00
a694dd25d1
deps: update llhttp to 2.1.3
...
PR-URL: https://github.com/nodejs/node/pull/35435
Refs: https://github.com/nodejs/llhttp/pull/65
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
2020-10-04 08:17:10 +02:00
cb90248c14
deps: update llhttp to 2.1.2
...
- update llhttp to 2.1.2
- modify test to support the latest llhttp
PR-URL: https://github.com/nodejs-private/node-private/pull/215
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2020-09-15 15:39:45 -04:00
a7d031bf5a
deps: update llhttp to 2.0.1
...
Changelog:
* Optional SSE4.2 support (at compile time)
* Lenient mode of operation
PR-URL: https://github.com/nodejs/node/pull/30553
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
2019-11-29 16:16:30 +01:00
c476daf6d9
deps: update llhttp to 1.1.3
...
Fixes: https://github.com/nodejs/node/issues/27584
PR-URL: https://github.com/nodejs/node/pull/27595
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2019-05-07 16:04:02 +02:00
7467a5d439
deps: update llhttp to 1.1.2
...
PR-URL: https://github.com/nodejs/node/pull/27513
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-05-05 13:31:38 +02:00
d4654d89be
deps: introduce `llhttp`
...
llhttp is modern, written in human-readable TypeScript, verifiable, and
is very easy to maintain.
See: https://github.com/indutny/llhttp
PR-URL: https://github.com/nodejs/node/pull/24059
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2018-11-10 17:54:21 -05:00
Paolo Insogna
Matteo Collina
Fedor Indutny