Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: validate encode input and ensure zero-filled Buffer #25

Merged
merged 3 commits into from
May 15, 2018
Merged

fix: validate encode input and ensure zero-filled Buffer #25

merged 3 commits into from
May 15, 2018

Conversation

MeirionHughes
Copy link
Contributor

closes #24
requires: node ^4

@MeirionHughes MeirionHughes changed the title fix: used zero-filled Buffer allocation fix: validate encode input and ensure zero-filled Buffer May 15, 2018
MeirionHughes
MeirionHughes commented May 15, 2018
View reviewed changes
src/pad-string.ts
@@ -10,7 +10,7 @@ export default function padString(input: string): string {
let position = stringLength;
let padLength = segmentLength - diff;
let paddedStringLength = stringLength + padLength;
let buffer = new Buffer(paddedStringLength);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

depreciated since node 4. Warning in Node 10. likely unsupported in Node 11

@MeirionHughes
Copy link
Contributor Author

Alternatively, drop node 4 support and add engine >=6 - new Buffer(1000, encoding) will natively throw an error.

MylesBorins
MylesBorins reviewed May 15, 2018
View reviewed changes
Copy link
Collaborator

@MylesBorins MylesBorins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Closing #26 as a dupe

You are likely going to have to update lines 7 & 46 in test/base64url.test.js

I would also suggest adding 8 / 10 to the travis yaml

@MylesBorins MylesBorins mentioned this pull request May 15, 2018
Closed
@MylesBorins
Copy link
Collaborator

@brianloveswords dropping support for 0.10 and 0.12 is arguably semver-major. Node.js does have a history of landing Semver-Major changes as Semver-Minor for security updates

MylesBorins
MylesBorins approved these changes May 15, 2018
View reviewed changes
Copy link
Collaborator

@MylesBorins MylesBorins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if travis.yml is updated and test is updated as mentioned in above comment

@brianloveswords brianloveswords merged commit 4fbd954 into brianloveswords:master May 15, 2018
@SlyryD SlyryD mentioned this pull request Jun 7, 2018
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Jan 23, 2019
Open
This was referenced Feb 3, 2019
Open
Open
This was referenced Feb 11, 2019
Open
Open
Open
Open
Open
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Mar 17, 2019
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Mar 31, 2019
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Apr 18, 2019
Closed
This was referenced May 23, 2019
Closed
Open
This was referenced May 30, 2019
Open
Open
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Jun 6, 2019
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Mar 18, 2023
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Jul 10, 2023
Closed
@dev-mend-for-github-com dev-mend-for-github-com bot mentioned this pull request Oct 12, 2023
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Oct 17, 2023
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Nov 8, 2023
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Dec 12, 2023
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Dec 30, 2023
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Jan 26, 2024
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request Feb 28, 2024
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Mar 14, 2024
Open
1 task
@mend-for-github-com mend-for-github-com bot mentioned this pull request Apr 30, 2024
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this pull request May 21, 2024
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Jun 14, 2024
Closed
This was referenced Jun 22, 2024
Closed
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Jul 8, 2024
Open
This was referenced Jul 16, 2024
Closed
Open
Open
Open
Open
Open
This was referenced Jul 24, 2024
Open
Open
@dev-mend-for-github-com dev-mend-for-github-com bot mentioned this pull request Jul 28, 2024
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Jul 29, 2024
Open
This was referenced Aug 6, 2024
Open
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Aug 15, 2024
Open
@mend-for-github-com mend-for-github-com bot mentioned this pull request Sep 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MylesBorins MylesBorins MylesBorins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Vulnerability found on base64url
3 participants
@MeirionHughes @MylesBorins @brianloveswords