64e527c120
build(deps): bump cookiejar from 2.1.3 to 2.1.4 ( #521 )
...
Bumps [cookiejar](https://github.com/bmeck/node-cookiejar ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/bmeck/node-cookiejar/releases )
- [Commits](https://github.com/bmeck/node-cookiejar/commits )
---
updated-dependencies:
- dependency-name: cookiejar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 12:22:49 -05:00
1b449c4c9a
build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 ( #522 )
...
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases )
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: http-cache-semantics
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-06 12:22:30 -05:00
eccc00ee67
build(deps): bump json5 from 2.2.0 to 2.2.3 ( #520 )
...
Bumps [json5](https://github.com/json5/json5 ) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases )
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md )
- [Commits](https://github.com/json5/json5/compare/v2.2.0...v2.2.3 )
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-10 16:32:57 -05:00
94f1a3d470
build(deps): bump qs and formidable ( #518 )
...
Bumps [qs](https://github.com/ljharb/qs ) and [formidable](https://github.com/node-formidable/formidable ). These dependencies needed to be updated together.
Updates `qs` from 6.10.2 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases )
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.10.2...v6.11.0 )
Updates `formidable` from 2.0.1 to 2.1.1
- [Release notes](https://github.com/node-formidable/formidable/releases )
- [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md )
- [Commits](https://github.com/node-formidable/formidable/commits )
---
updated-dependencies:
- dependency-name: qs
dependency-type: indirect
- dependency-name: formidable
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-14 12:50:46 -05:00
3619ef2bbd
chore: release 6.0.3 ( #503 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-11-08 14:33:50 -05:00
c09a9cc20a
chore: bump cucumber to full release version ( #514 )
2022-10-26 20:28:13 -04:00
4831e6a1a5
chore: bump mocha to 10.1.0 ( #512 )
...
Duplicates https://github.com/cloudevents/sdk-javascript/pull/510
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **589/1000** <br/> **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-JS-MOCHA-2863123](https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 ) | Yes | No Known Exploit
Signed-off-by: Lance Ball <lball@redhat.com>
Signed-off-by: Lance Ball <lball@redhat.com>
2022-10-24 16:11:56 -04:00
760a024067
chore: bump webpack to 5.74.0 ( #509 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2022-10-19 13:32:46 -04:00
c282922ef9
build(deps): bump terser from 5.10.0 to 5.14.2 ( #505 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.10.0 to 5.14.2.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-02 17:03:13 -04:00
847f6bfcc7
chore: release 6.0.2 ( #497 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-21 17:12:15 -04:00
ed63f14339
fix: package.json & package-lock.json to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
2022-06-19 23:49:48 +00:00
ce02e0a1f3
chore: bump ajv and remove old dep dependency ( #496 )
...
* chore: bump ajv and remove old dep dependency
This should allow the existing, meaningful PRs to pass CI validation if they get a rebase.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-06-14 17:30:29 -04:00
d9ee0e05d1
build(deps): bump minimist from 1.2.5 to 1.2.6 ( #486 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-10 12:00:21 -04:00
a512aad5d5
chore: release 6.0.1 ( #485 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-03-21 15:40:44 -04:00
c0b1f7705a
chore: update dependencies to inlude ajv-formats ( #484 )
...
In this PR https://github.com/cloudevents/sdk-javascript/pull/471/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R128
it was not noticed that the addition of `ajv-formats` to devDependencies
is insufficient. Unfortunately, users of v6.0.0 will receive an error when
using the module, unless they explicitly install `ajv-formats` in their
project. This commit fixes that, and should result in an immediate release
of version 6.0.1.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-21 15:38:31 -04:00
0164f72eaa
chore: release 6.0.0 ( #482 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-03-21 14:19:43 -04:00
0362a4f11c
feat!: add http transport and remove axios ( #481 )
...
* feat: add builtin HTTP emitter
Adds a builtin HTTP event emitter that can be used with `emitterFor()`
to send events over HTTP without pulling in any additional dependencies.
In the past we chose to keep this in our code base by considering axios a
peer dependency - users were required to include it in their projects
explicitly. In working on the HTTP emitter, it became more and more
apparent that the axios emitter was probably no longer needed, and in fact
I doubt it was really used at all. To use it, users would have been required
to do this, since it isn't exported at the top level.
const { axiosEmitter } = require("cloudevents/transport/http");
Based on this, I think the usage in the wild is probably very minimal,
and I like the idea of eliminating this dependency.
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-18 13:36:12 -04:00
6204805bfc
chore: update package.json format and deps ( #479 )
...
Signed-off-by: Lance Ball <lball@redhat.com>
2022-03-17 23:09:29 -04:00
b13bde9b49
feat: precompile cloudevent schema ( #471 )
...
* feat: precompile cloudevent schema
This commit modifies the build pipleline so that the cloudevent schema is
precompiled for runtime validation. This eliminates the need to compile the
schema at runtime, improving both performance and security.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/423
Signed-off-by: Lance Ball <lball@redhat.com>
2022-02-15 14:06:42 -05:00
4d8f03f7c6
build(deps): bump follow-redirects from 1.14.7 to 1.14.8 ( #473 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-14 15:26:46 -05:00
9046b369cf
chore: release 5.3.2 ( #470 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-02-11 15:42:37 -08:00
c3d9f39a53
chore: bump typedoc to remove vuln ( #472 )
2022-02-10 22:25:48 -06:00
f36a1f0428
chore: release 5.3.1 ( #466 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-02-03 13:45:21 -05:00
cd4dea954b
fix: improve binary data detection in HTTP transport ( #468 )
2022-02-02 07:18:08 -05:00
ae8fa799af
fix: package.json & package-lock.json to reduce vulnerabilities ( #462 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2022-01-24 18:49:01 -05:00
225836f68f
build(deps): bump follow-redirects from 1.14.6 to 1.14.7 ( #460 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.6...v1.14.7 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-21 17:05:05 -05:00
98009d910d
chore: release 5.3.0 ( #458 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-01-18 14:07:12 -05:00
5d1f744f50
feat: add support for kafka transport ( #455 )
...
This commit extends the `message` package to include Kafka transport.
Additionally, some of the type information has changed across the project
to more accurately reflect the type of `Message` (by including `T`).
Related: https://github.com/cloudevents/sdk-javascript/issues/390
Signed-off-by: Lance Ball <lball@redhat.com>
2022-01-07 16:14:09 -05:00
320354f750
chore: update cucumber dependency and remove prettier ( #453 )
...
The combination of prettier and eslint was causing some conflicting error
messages in formatting between VSCode and using npm in the CLI. For the most
part, there were only a couple of required formatting changes that prettier
was covering, so the change is minor.
The cucumber dependency had a major version bump and was carrying some unsafe
dependencies in the older version. This commit bumps to the new version and
makes appropriate configuration changes.
Signed-off-by: Lance Ball <lball@redhat.com>
2021-12-22 10:45:35 -05:00
d4cb42f94b
chore: release 5.2.0 ( #451 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-12-07 18:05:22 -05:00
9a46e335f5
feat: add batch mode ( #448 )
...
Adds a batched content mode for incoming events.
```js
// It's possible for this to return 1:N events
const ceArray = HTTP.toEvent(req.headers, req.body);
```
Signed-off-by: Lance Ball <lball@redhat.com>
2021-12-07 15:36:10 -05:00
d7e1c4178a
chore: release 5.1.0 ( #449 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-12-02 08:36:34 -05:00
0f5a4c0de2
fix: package.json & package-lock.json to reduce vulnerabilities ( #439 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2021-12-01 09:55:58 -05:00
52ea7de80d
fix: do not assume an empty content-type header is JSON ( #444 )
...
The parser for HTTP binary made the assumption that if there was no `content-type`
header in the incoming message, it should inject `application/json`. Discussion
about the rationale for this is in https://github.com/cloudevents/sdk-javascript/issues/441 .
This commit, removes that injection and adds a test to ensure the bytes are
simply not parsed, but just passed along untouched.
Fixes: https://github.com/cloudevents/sdk-javascript/issues/441
Signed-off-by: Lance Ball <lball@redhat.com>
2021-11-24 11:02:50 -05:00
f7b2840f82
chore: release 5.0.0 ( #430 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-10-05 13:21:01 -04:00
2dc846c659
fix: package.json & package-lock.json to reduce vulnerabilities ( #436 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2021-09-17 12:09:18 -04:00
8814919923
fix: package.json & package-lock.json to reduce vulnerabilities ( #434 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2021-09-17 12:08:59 -04:00
cf47248d25
fix: package.json & package-lock.json to reduce vulnerabilities ( #433 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2021-09-13 11:33:16 -04:00
1ceed024f8
build(deps): bump path-parse from 1.0.6 to 1.0.7 ( #431 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-27 10:37:19 -04:00
2bd9a5a1e4
src!: remove support for 0.3 events ( #425 )
...
It has been nearly two years since 1.0 became final. This change removes
support for 0.3 events in the interest of simplifying the project a little.
Signed-off-by: Lance Ball <lball@redhat.com>
2021-08-27 10:34:32 -04:00
36f5e2b5f8
build(deps): bump path-parse from 1.0.6 to 1.0.7 ( #428 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-26 07:54:43 -04:00
2118488a14
chore: use git submodules for conformance tests ( #427 )
...
I don't think downloading to `/tmp` for each `npm test` is such a great
idea. This does mean that contributors to this repo will need to run the
following command once on their clone after this commit lands.
```
git submodule init
git submodule update
```
Signed-off-by: Lance Ball <lball@redhat.com>
2021-08-05 09:47:43 -04:00
061c122b86
chore: update eslint and prettier dependencies ( #424 )
...
There were some minor changes that resulted in a few code style changes, but not much.
Signed-off-by: Lance Ball <lball@redhat.com>
2021-08-04 15:51:37 -04:00
b5100566c6
chore: release 4.0.3 ( #412 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2021-07-06 14:34:19 -04:00
5cbe1783fe
build(deps): bump set-getter from 0.1.0 to 0.1.1 ( #422 )
...
Bumps [set-getter](https://github.com/doowb/set-getter ) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/doowb/set-getter/releases )
- [Commits](https://github.com/doowb/set-getter/commits/0.1.1 )
---
updated-dependencies:
- dependency-name: set-getter
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-06 11:10:10 -04:00
b3d9cd4585
build(deps): bump browserslist from 4.14.7 to 4.16.6 ( #421 )
...
Bumps [browserslist](https://github.com/browserslist/browserslist ) from 4.14.7 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases )
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md )
- [Commits](https://github.com/browserslist/browserslist/compare/4.14.7...4.16.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-06 11:09:55 -04:00
80d987c1f6
chore: add copyrights header and lint rules ( #418 )
...
Signed-off-by: Remi Cattiau <remi@cattiau.com>
2021-05-14 09:28:49 -04:00
e06147b9de
build(deps): bump handlebars from 4.7.6 to 4.7.7 ( #414 )
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.7.6 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-13 10:08:31 -04:00
6d7fb24636
build(deps): bump underscore from 1.11.0 to 1.13.1 ( #413 )
...
Bumps [underscore](https://github.com/jashkenas/underscore ) from 1.11.0 to 1.13.1.
- [Release notes](https://github.com/jashkenas/underscore/releases )
- [Commits](https://github.com/jashkenas/underscore/compare/1.11.0...1.13.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-13 10:08:13 -04:00
d0ff345ef1
build(deps): bump lodash from 4.17.20 to 4.17.21 ( #415 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-13 10:07:53 -04:00
dependabot[bot]
