4b57f68699
fix: package.json & package-lock.json to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
2024-08-29 10:25:13 +00:00
8357719bab
chore(main): release 8.0.2 ( #594 )
...
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2024-07-22 13:26:06 -04:00
154e913717
chore(main): release 8.0.1 ( #574 )
...
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2024-06-12 11:23:17 -04:00
db60220762
chore(main): release 8.0.0 ( #558 )
...
* chore(main): release 8.0.0
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
---------
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2023-07-24 14:15:23 -04:00
089520a4cc
chore: modify release-please to use Signed-Off-By on commits ( #559 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2023-07-13 21:13:37 -04:00
0d923a4f92
chore(main): release 7.0.2 ( #555 )
...
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
Co-authored-by: Lucas Holmquist <lholmqui@redhat.com>
2023-07-11 11:54:47 -04:00
3d961371da
chore(main): release 7.0.1 ( #548 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-05-31 09:49:04 -04:00
43c3584b98
fix: handle big integers in incoming events ( #495 )
...
* fix: handle big integers in incoming events
An event may have data that contains a BigInt. The builtin `JSON` parser
for JavaScript does not handle the `BigInt` types. The introduced
`json-bigint` dependency (34k) does.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/489
Signed-off-by: Lance Ball <lball@redhat.com>
2023-05-10 12:45:43 -04:00
1995b5778e
chore(main): release 7.0.0 ( #547 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-05-03 12:13:52 -04:00
2cb9364a25
feat!: remove node 12 and node 14 ( #545 )
...
* feat!: remove node 12 and node 14
Node 12 has been EOL since the end of April 2022 and Node 14 just became EOL at the end of April 2023
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2023-05-03 11:10:47 -04:00
4626529d56
fixup: resolve package-lock.json conflict ( #544 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2023-05-03 09:29:55 -04:00
1cf8f8acae
540 fix node version ( #541 )
...
* build(deps-dev): bump webpack from 5.75.0 to 5.76.0
Bumps [webpack](https://github.com/webpack/webpack ) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases )
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 )
---
updated-dependencies:
- dependency-name: webpack
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: include node v20.0.0 in package.json
Signed-off-by: Slavko Skular <slavko.skular@wonderlab-it.co.uk>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Slavko Skular <slavko.skular@wonderlab-it.co.uk>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-02 14:44:02 -04:00
c06ffc1963
chore: add the build script to the pretest script. ( #539 )
...
This small change allows a developer to just run npm install and then npm test without having to run the build step separately, which compiles the schema that is needed to run the tests successfully.
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2023-05-01 17:30:12 -04:00
870d2118cd
6.0.4
2023-02-16 11:28:58 -05:00
e5ee8369ba
fix: This fixes bug #525 where the browser version was breaking becuase of process not being found. ( #526 )
...
fixes #525
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2023-02-12 15:25:38 -05:00
64e527c120
build(deps): bump cookiejar from 2.1.3 to 2.1.4 ( #521 )
...
Bumps [cookiejar](https://github.com/bmeck/node-cookiejar ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/bmeck/node-cookiejar/releases )
- [Commits](https://github.com/bmeck/node-cookiejar/commits )
---
updated-dependencies:
- dependency-name: cookiejar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 12:22:49 -05:00
1b449c4c9a
build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 ( #522 )
...
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases )
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: http-cache-semantics
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 12:22:30 -05:00
eccc00ee67
build(deps): bump json5 from 2.2.0 to 2.2.3 ( #520 )
...
Bumps [json5](https://github.com/json5/json5 ) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases )
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md )
- [Commits](https://github.com/json5/json5/compare/v2.2.0...v2.2.3 )
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-10 16:32:57 -05:00
94f1a3d470
build(deps): bump qs and formidable ( #518 )
...
Bumps [qs](https://github.com/ljharb/qs ) and [formidable](https://github.com/node-formidable/formidable ). These dependencies needed to be updated together.
Updates `qs` from 6.10.2 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases )
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.10.2...v6.11.0 )
Updates `formidable` from 2.0.1 to 2.1.1
- [Release notes](https://github.com/node-formidable/formidable/releases )
- [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md )
- [Commits](https://github.com/node-formidable/formidable/commits )
---
updated-dependencies:
- dependency-name: qs
dependency-type: indirect
- dependency-name: formidable
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 12:50:46 -05:00
3619ef2bbd
chore: release 6.0.3 ( #503 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-11-08 14:33:50 -05:00
c09a9cc20a
chore: bump cucumber to full release version ( #514 )
2022-10-26 20:28:13 -04:00
4831e6a1a5
chore: bump mocha to 10.1.0 ( #512 )
...
Duplicates https://github.com/cloudevents/sdk-javascript/pull/510
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **589/1000** <br/> **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-JS-MOCHA-2863123](https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 ) | Yes | No Known Exploit
Signed-off-by: Lance Ball <lball@redhat.com>
Signed-off-by: Lance Ball <lball@redhat.com>
2022-10-24 16:11:56 -04:00
760a024067
chore: bump webpack to 5.74.0 ( #509 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2022-10-19 13:32:46 -04:00
c282922ef9
build(deps): bump terser from 5.10.0 to 5.14.2 ( #505 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.10.0 to 5.14.2.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-02 17:03:13 -04:00
847f6bfcc7
chore: release 6.0.2 ( #497 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-21 17:12:15 -04:00
ed63f14339
fix: package.json & package-lock.json to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
2022-06-19 23:49:48 +00:00
ce02e0a1f3
chore: bump ajv and remove old dep dependency ( #496 )
...
* chore: bump ajv and remove old dep dependency
This should allow the existing, meaningful PRs to pass CI validation if they get a rebase.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-06-14 17:30:29 -04:00
d9ee0e05d1
build(deps): bump minimist from 1.2.5 to 1.2.6 ( #486 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-10 12:00:21 -04:00
a512aad5d5
chore: release 6.0.1 ( #485 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-03-21 15:40:44 -04:00
c0b1f7705a
chore: update dependencies to inlude ajv-formats ( #484 )
...
In this PR https://github.com/cloudevents/sdk-javascript/pull/471/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R128
it was not noticed that the addition of `ajv-formats` to devDependencies
is insufficient. Unfortunately, users of v6.0.0 will receive an error when
using the module, unless they explicitly install `ajv-formats` in their
project. This commit fixes that, and should result in an immediate release
of version 6.0.1.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-21 15:38:31 -04:00
0164f72eaa
chore: release 6.0.0 ( #482 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-03-21 14:19:43 -04:00
0362a4f11c
feat!: add http transport and remove axios ( #481 )
...
* feat: add builtin HTTP emitter
Adds a builtin HTTP event emitter that can be used with `emitterFor()`
to send events over HTTP without pulling in any additional dependencies.
In the past we chose to keep this in our code base by considering axios a
peer dependency - users were required to include it in their projects
explicitly. In working on the HTTP emitter, it became more and more
apparent that the axios emitter was probably no longer needed, and in fact
I doubt it was really used at all. To use it, users would have been required
to do this, since it isn't exported at the top level.
const { axiosEmitter } = require("cloudevents/transport/http");
Based on this, I think the usage in the wild is probably very minimal,
and I like the idea of eliminating this dependency.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-18 13:36:12 -04:00
6204805bfc
chore: update package.json format and deps ( #479 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-17 23:09:29 -04:00
b13bde9b49
feat: precompile cloudevent schema ( #471 )
...
* feat: precompile cloudevent schema
This commit modifies the build pipleline so that the cloudevent schema is
precompiled for runtime validation. This eliminates the need to compile the
schema at runtime, improving both performance and security.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/423
Signed-off-by: Lance Ball <lball@redhat.com>
2022-02-15 14:06:42 -05:00
4d8f03f7c6
build(deps): bump follow-redirects from 1.14.7 to 1.14.8 ( #473 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 15:26:46 -05:00
9046b369cf
chore: release 5.3.2 ( #470 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-02-11 15:42:37 -08:00
c3d9f39a53
chore: bump typedoc to remove vuln ( #472 )
2022-02-10 22:25:48 -06:00
f36a1f0428
chore: release 5.3.1 ( #466 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-02-03 13:45:21 -05:00
cd4dea954b
fix: improve binary data detection in HTTP transport ( #468 )
2022-02-02 07:18:08 -05:00
ae8fa799af
fix: package.json & package-lock.json to reduce vulnerabilities ( #462 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2022-01-24 18:49:01 -05:00
225836f68f
build(deps): bump follow-redirects from 1.14.6 to 1.14.7 ( #460 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.6...v1.14.7 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-21 17:05:05 -05:00
98009d910d
chore: release 5.3.0 ( #458 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-01-18 14:07:12 -05:00
5d1f744f50
feat: add support for kafka transport ( #455 )
...
This commit extends the `message` package to include Kafka transport.
Additionally, some of the type information has changed across the project
to more accurately reflect the type of `Message` (by including `T`).
Related: https://github.com/cloudevents/sdk-javascript/issues/390
Signed-off-by: Lance Ball <lball@redhat.com>
2022-01-07 16:14:09 -05:00
320354f750
chore: update cucumber dependency and remove prettier ( #453 )
...
The combination of prettier and eslint was causing some conflicting error
messages in formatting between VSCode and using npm in the CLI. For the most
part, there were only a couple of required formatting changes that prettier
was covering, so the change is minor.
The cucumber dependency had a major version bump and was carrying some unsafe
dependencies in the older version. This commit bumps to the new version and
makes appropriate configuration changes.
Signed-off-by: Lance Ball <lball@redhat.com>
2021-12-22 10:45:35 -05:00
d4cb42f94b
chore: release 5.2.0 ( #451 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-12-07 18:05:22 -05:00
9a46e335f5
feat: add batch mode ( #448 )
...
Adds a batched content mode for incoming events.
```js
// It's possible for this to return 1:N events
const ceArray = HTTP.toEvent(req.headers, req.body);
```
Signed-off-by: Lance Ball <lball@redhat.com>
2021-12-07 15:36:10 -05:00
d7e1c4178a
chore: release 5.1.0 ( #449 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-12-02 08:36:34 -05:00
0f5a4c0de2
fix: package.json & package-lock.json to reduce vulnerabilities ( #439 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2021-12-01 09:55:58 -05:00
52ea7de80d
fix: do not assume an empty content-type header is JSON ( #444 )
...
The parser for HTTP binary made the assumption that if there was no `content-type`
header in the incoming message, it should inject `application/json`. Discussion
about the rationale for this is in https://github.com/cloudevents/sdk-javascript/issues/441 .
This commit, removes that injection and adds a test to ensure the bytes are
simply not parsed, but just passed along untouched.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/441
Signed-off-by: Lance Ball <lball@redhat.com>
2021-11-24 11:02:50 -05:00
f7b2840f82
chore: release 5.0.0 ( #430 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-10-05 13:21:01 -04:00
snyk-bot
