1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-25 16:49:18 -05:00
Commit graph

15 commits

Author SHA1 Message Date
tokiedokie
c4ed3fb7e7
chore: add copyright (#7593) 2020-09-21 08:26:41 -04:00
David Sherret
cde4dbb351
Use dprint for internal formatting (#6682) 2020-07-14 15:24:17 -04:00
Kitson Kelly
82aabb657a
feat: add --no-check option (#6456)
This commit adds a "--no-check" option to following subcommands:
- "deno cache"
- "deno info"
- "deno run"
- "deno test"

The "--no-check" options allows to skip type checking step and instead 
directly transpiles TS sources to JS sources. 

This solution uses `ts.transpileModule()` API and is just an interim
solution before implementing it fully in Rust.
2020-07-08 11:26:39 +02:00
Chris Knight
d9896d64ce
refactor: shift copyBytes and tweak deps to reduce dependencies (#6469) 2020-06-25 06:40:51 -04:00
Ryan Dahl
d0970daacd
make std deno-lint clean (#6240)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2020-06-12 09:19:29 -04:00
zfx
7589d4d7c4
fix(multipart): fix error when parsing file name in utf8 format (#5428) 2020-05-19 14:22:26 -04:00
Claudio Cicali
f37967d229
fix link (#5333)
Replaced with the current master version
2020-05-15 10:13:33 -04:00
Nayeem Rahman
678313b176
BREAKING: Remove Deno.EOF, use null instead (#4953) 2020-04-28 12:40:43 -04:00
Andrew Stucki
1e478d73e3
Drop headers with trailing whitespace in header name (#4642)
This relates directly to [an
issue](https://github.com/denoland/deno_std/issues/620) that I initially
raised in `deno_std` awhile back, and was reminded about it today when
the `oak` project popped up on my github recommended repos.

As of now Deno's http servers are vulnerable to the same underlying
issue of go CVE-2019-16276 due to the fact that it's based off of ported
go code from their old standard library. [Here's the commit that fixed
the
CVE.](6e6f4aaf70)

Long story short, some off the shelf proxies and caching servers allow
for passing unaltered malformed headers to backends that they're
fronting. When they pass invalid headers that they don't understand this
can cause issues with HTTP request smuggling. I believe that to this
date, this is the default behavior of AWS ALBs--meaning any server that
strips whitespace from the tail end of header field names and then
interprets the header, when placed behind an ALB, is susceptible to
request smuggling.

The current behavior is actually specifically called out in [RFC
7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something
that MUST result in a rejected message, but the change corresponding to
this PR, is more lenient and what both go and nginx currently do, and is
better than the current behavior.
2020-04-06 09:58:46 -04:00
Ryan Dahl
12c6b2395b
Move encode, decode helpers to /std/encoding/utf8.ts, delete /std/strings/ (#4565)
also removes std/encoding/mod.ts and std/archive/mod.ts which are useless.
2020-04-01 15:23:39 -04:00
Yusuke Sakurai
c337d2c434
clean up textproto code in std (#4458)
- moved and renamed append() into bytes from ws and textproto
- renamed textproto/readder_tests.ts -> textproto/test.ts
2020-03-22 14:49:09 -04:00
Oliver Lenehan
0f6acf2753
fix(std): Use Deno.errors where possible. (#4356) 2020-03-13 21:40:13 -04:00
Maximilien Mellen
90125566bb
Enable TS strict mode by default (#3899)
Fixes #3324 

Co-authored-by: Kitson Kelly <me@kitsonkelly.com>
2020-02-19 15:36:18 -05:00
Yusuke Sakurai
c2986891f6
remove non-null assertion operator from std (part1) (#3900) 2020-02-07 02:23:38 -05:00
Ryan Dahl
151ce0266e
Move everything into std subdir 2019-10-09 17:10:09 -04:00
Renamed from textproto/mod.ts (Browse further)