jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-06 09:02:40 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
39,789 Commits 67 Branches 878 Tags 2.1 GiB
a20a328a9b
Commit Graph

6 Commits

Author SHA1 Message Date
Moshe Atlow
dccd25e5bb test_runner: fix test runner concurrency 
PR-URL: https://github.com/nodejs/node/pull/47675
Fixes: https://github.com/nodejs/node/issues/47365
Fixes: https://github.com/nodejs/node/issues/47696
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
 2023-04-24 22:32:01 +00:00
Antoine du Hamel
2e2dc99115
esm: protect ESM loader from prototype pollution 
In a previous commit, the loader implementation was modified to be
protected against most prototype pollution, but was kept vulnerable to
`Array.prototype` pollution. This commit fixes that, the tradeoff is
that it modifies the `ESMLoader.prototype.import` return type from an
`Array` to an array-like object.

Refs: https://github.com/nodejs/node/pull/45044
PR-URL: https://github.com/nodejs/node/pull/45175
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2022-10-27 20:09:07 +00:00
Antoine du Hamel
f2aac0b36b
esm: protect ESM loader from prototype pollution 
Fixes: https://github.com/nodejs/node/issues/45035
PR-URL: https://github.com/nodejs/node/pull/45044
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2022-10-19 18:39:16 +00:00
Antoine du Hamel
d7f193434a
lib: add Promise methods to avoid-prototype-pollution lint rule 
PR-URL: https://github.com/nodejs/node/pull/43849
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
 2022-07-26 23:38:24 +01:00
Antoine du Hamel
3fb57843de
lib: implement safe alternatives to Promise static methods 
PR-URL: https://github.com/nodejs/node/pull/43728
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
 2022-07-10 14:17:23 +01:00
Antoine du Hamel
2eeb4e1d94
lib: make primordials Promise methods safe 
`catch` and `finally` methods on %Promise.prototype% looks up the `then`
property of the instance, making it at risk of prototype pollution.

PR-URL: https://github.com/nodejs/node/pull/38650
Refs: https://tc39.es/ecma262/#sec-promise.prototype.catch
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
 2021-05-19 09:21:37 -07:00