Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: inline origin resolution, drop original dependency #281

Merged
merged 1 commit into from
Jun 8, 2022
Merged

fix: inline origin resolution, drop original dependency #281

merged 1 commit into from
Jun 8, 2022

Conversation

rexxars
Copy link
Member

@rexxars rexxars commented Jun 7, 2022

Apparently the original dependency depends on url-parse module which recently saw some security issues reported. We are no longer depending on this as of 2.0, but the 1.x range does. In order to minimize noise related to this vulnerability, this PR moves the few lines of logic we depended on from this module into the 1.x branch. This ensures we still support node 12 (and 10?).

If approved, I will update the changelog and release a new patch release on the 1.x range - but I am eager to call this the last fix I will be doing for the 1.x range - ideally I would like to move to node 14 as the lowest supported version, following node LTS.

@rexxars rexxars mentioned this pull request Jun 7, 2022
Merged
DaleGardner
DaleGardner approved these changes Jun 7, 2022
View reviewed changes
Copy link

@DaleGardner DaleGardner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

joeybaker
joeybaker approved these changes Jun 8, 2022
View reviewed changes
Copy link
Contributor

@joeybaker joeybaker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've got a bit of a nit suggestion, but seems good!

lib/eventsource.js
*/
function getOrigin (url) {
if (typeof url === 'string') url = parse(url)
if (!url.protocol || !url.hostname) return 'null'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO 'null' is a little confusing. It could be perceived as a bug? Maybe we should return 'invalid url'?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is confusing, but it is also in accordance with RFC6464, so I think I will leave it like this.

@rexxars rexxars merged commit 9494642 into v1.x Jun 8, 2022
@rexxars rexxars deleted the fix/inline-original branch June 8, 2022 13:57
@shelbyc shelbyc mentioned this pull request Jun 9, 2022
Closed
@DaleGardner DaleGardner mentioned this pull request Jun 9, 2022
Closed
@sync-by-unito sync-by-unito bot mentioned this pull request Jun 20, 2022
Merged
glensc
glensc reviewed Jul 5, 2022
View reviewed changes
lib/eventsource.js
*
* @param {String|Object} url URL to transform to it's origin.
* @returns {String} The origin.
* @api private
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should leave @link https://github.com/unshiftio/original/blob/507b362269c0ad4405d095aedc227c40aecaf68a/index.js as credit to orignal code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glensc glensc glensc left review comments

@DaleGardner DaleGardner DaleGardner approved these changes

@joeybaker joeybaker joeybaker approved these changes

@aslakhellesoy aslakhellesoy Awaiting requested review from aslakhellesoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rexxars @joeybaker @glensc @DaleGardner