It has been nearly two years since 1.0 became final. This change removes
support for 0.3 events in the interest of simplifying the project a little.
Signed-off-by: Lance Ball <lball@redhat.com>
I don't think downloading to `/tmp` for each `npm test` is such a great
idea. This does mean that contributors to this repo will need to run the
following command once on their clone after this commit lands.
```
git submodule init
git submodule update
```
Signed-off-by: Lance Ball <lball@redhat.com>
Even if the specversion is totally invalid, we should not change the value
received in an incoming `Message`. Previously we defaulted to 1.0 if we did
not recognize the version number. This commit changes that, leaving the value
unmodified. We default to parsing this mystery event with the 1.0 spec. When
the event is validated with `event.validate()` we return `false`.
One additional small change to eliminate a prettier warning about `parer`
being previously declared.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/332
Fixes: https://github.com/cloudevents/sdk-javascript/issues/333
Signed-off-by: Lance Ball <lball@redhat.com>
Even if the specversion is totally invalid, we should not change the value
received in an incoming `Message`. Previously we defaulted to 1.0 if we did
not recognize the version number. This commit changes that, leaving the value
unmodified. We default to parsing this mystery event with the 1.0 spec. When
the event is validated with `event.validate()` we return `false`.
One additional small change to eliminate a prettier warning about `parer`
being previously declared.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/332
Fixes: https://github.com/cloudevents/sdk-javascript/issues/333
Signed-off-by: Lance Ball <lball@redhat.com>
Also fixes the case where UPPERCASED extension names were silently changed
to lowercase and then set as undefined. Even though uppercased extension
names are invalid, we should still accept them in incoming messsages and
only throw when validating the event.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/380
Signed-off-by: Lance Ball <lball@redhat.com>
* src: be more forgiving parsing JSON as a string
A simple string is considered valid JSON. However, our parsers do
not accept that unless the string has quotation marks. This commit
modifies the parser to look for strings declared as application/json
which do not begin with '[' '{' or '"' and surrounds them with
quotes.
Signed-off-by: Lance Ball <lball@redhat.com>
This commit removes @types/axios from the devDependencies and replaces
it with straight up axios. The @types package is deprecated and has not
been updated in four years. Plus it was raising a security alert. Plus
axios publishes their own types now.
Signed-off-by: Lance Ball <lball@redhat.com>
Fixes: https://github.com/cloudevents/sdk-javascript/issues/392
This commit also removes the external doc theme, since the new version
generates decent looking docs.
After this lands, docs should be published.
Signed-off-by: Lance Ball <lball@redhat.com>
The `HTTP.isEvent()` and `HTTP.toEvent()` functions both had some validation
code that violated the principle of loose validation when receiving an
event over HTTP. As discussed, the validation should be managed by the
receiver in this case with `event.validate()`
Signed-off-by: Lance Ball <lball@redhat.com>
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKED-1070800
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
This change modifies Emitter so that it does not directly extend the Node.js
EventEmitter class. Instead, it holds a singleton instance of an EventEmitter
but is not an instance of EventEmitter itself.
This commit also updates the typescript example to use a modern version of
@types/node and typescript.
Finally there are a few minor formatting changes picked up by eslint.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/385
Signed-off-by: Lance Ball <lball@redhat.com>
* fix: examples/express-ex/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
* fix(examples): remove the body-parser module.
* When a structured formatted CloudEvent comes in, the body parser module does know how to parse it since the content type is not application/json, which resulted in an empty request body
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
Co-authored-by: Lucas Holmquist <lholmqui@redhat.com>
* fix: examples/typescript-ex/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
* chore: update example to use the 4.0 API
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
Co-authored-by: Lucas Holmquist <lholmqui@redhat.com>
This commit changes the messages produced when validating extension names and
values, including the offending name or value in the message, and including
text from the CloudEvent specification, or a link to the type system.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/364
Signed-off-by: Lance Ball <lball@redhat.com>
Lance Ball
dependabot[bot]
github-actions[bot]
Remi Cattiau
Snyk bot
Ali Ok
Lucas Holmquist