| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-02-02 | chore: remove std directory (#9361) | Casper Beyer | |
| This removes the std folder from the tree. Various parts of the tests are pretty tightly dependent on std (47 direct imports and 75 indirect imports, not counting the cli tests that use them as fixtures) so I've added std as a submodule for now. | |||
| 2021-01-10 | update copyright to 2021 (#9081) | Ryan Dahl | |
| 2020-09-21 | chore: add copyright (#7593) | tokiedokie | |
| 2020-07-14 | Use dprint for internal formatting (#6682) | David Sherret | |
| 2020-06-12 | refactor: Don't destructure the Deno namespace (#6268) | Nayeem Rahman | |
| 2020-06-06 | fix(std/io): StringReader implementation (#6148) | Ryan Dahl | |
| 2020-05-20 | fix(std/io): BufReader should not share the internal buffer across reads (#4543) | uki00a | |
| 2020-04-28 | BREAKING: Remove Deno.EOF, use null instead (#4953) | Nayeem Rahman | |
| 2020-04-06 | Drop headers with trailing whitespace in header name (#4642) | Andrew Stucki | |
| This relates directly to [an issue](https://github.com/denoland/deno_std/issues/620) that I initially raised in `deno_std` awhile back, and was reminded about it today when the `oak` project popped up on my github recommended repos. As of now Deno's http servers are vulnerable to the same underlying issue of go CVE-2019-16276 due to the fact that it's based off of ported go code from their old standard library. [Here's the commit that fixed the CVE.](https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8) Long story short, some off the shelf proxies and caching servers allow for passing unaltered malformed headers to backends that they're fronting. When they pass invalid headers that they don't understand this can cause issues with HTTP request smuggling. I believe that to this date, this is the default behavior of AWS ALBs--meaning any server that strips whitespace from the tail end of header field names and then interprets the header, when placed behind an ALB, is susceptible to request smuggling. The current behavior is actually specifically called out in [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something that MUST result in a rejected message, but the change corresponding to this PR, is more lenient and what both go and nginx currently do, and is better than the current behavior. | |||
| 2020-03-28 | Update to Prettier 2 and use ES Private Fields (#4498) | Kitson Kelly | |
| 2020-03-22 | clean up textproto code in std (#4458) | Yusuke Sakurai | |
| - moved and renamed append() into bytes from ws and textproto - renamed textproto/readder_tests.ts -> textproto/test.ts | |||
| 2020-03-20 | Add require-await lint rule (#4401) | Samrith Shankar | |
| 2020-02-11 | refactor: rewrite tests in std/ to use Deno.test (#3930) | Bartek IwaĆczuk | |
| 2019-10-09 | Move everything into std subdir | Ryan Dahl | |
 |
index : deno.git | |
| Unnamed repository; edit this file 'description' to name the repository. | User & |
| summaryrefslogtreecommitdiff |