Got Ssrf Versions Save

Protect untrusted requests from SSRF

v3.0.0

3 months ago

This is a major release, dropping support for anything below nodejs v20, in line with got v14.

  • package for got v14 98600e5
  • Merge pull request #78 from hanover-computing/renovate/codecov-codecov-action-4.x 0b48f87
  • chore(deps): update codecov/codecov-action action to v4 9bd5300
  • Merge pull request #77 from hanover-computing/renovate/actions-checkout-4.x d0a96d2
  • chore(deps): update actions/checkout action to v4 f85a9d8
  • use nvmrc for versioning where possible 555431d
  • remove unnecessary devdependency d054783
  • use typescript eslint config 24d113e
  • collect coverage only once 73e2a4f
  • collect coverage from github actions 648ae05
  • banish circleci to the nethers [skip ci] 0aa9819

https://github.com/hanover-computing/got-ssrf/compare/v2.0.1...v3.0.0

v2.0.1

8 months ago

This release is a typescript rewrite of the package.

However, note that it's done in a fully backwards-compatible way, and there should be ZERO CHANGES from the user's perspective.

Thus, this is a patch release.

  • refactor: move to typescript & vitest 399b56f
  • got should really be a peerdep e07515c
  • yeet bfcafb8
  • Merge pull request #76 from hanover-computing/renovate/lint-staged-14.x d30c99b
  • Update dependency lint-staged to v14 a998124
  • Merge pull request #75 from hanover-computing/dependabot/npm_and_yarn/word-wrap-1.2.4 37646bc
  • Bump word-wrap from 1.2.3 to 1.2.4 0ad0e2d
  • prettier v3 yay 8000d62
  • Update dependency @janejeon/eslint-config to v3.0.0-6 2be09c9
  • Update dependency @janejeon/eslint-config to v3.0.0-4 a77ac5f
  • prettier everything [skip ci] a8e83bf
  • why was this a strict version 21dd8f2
  • Merge pull request #71 from hanover-computing/renovate/lint-staged-13.x 854d09c
  • Update dependency lint-staged to v13.2.2 9ab5f56

https://github.com/hanover-computing/got-ssrf/compare/v2.0.0...v2.0.1

v2.0.0

11 months ago

This is a "major" update, in which literally the only two changes are:

  • dropped support for node v14 (only 16 and up are supported) <--- this is the breaking bit
  • added support for got v13

There are no code changes, so as long as you're running node v16 or newer, you should be able to upgrade without any worries!

  • require node v16 736038d
  • add badge [skip ci] f7d5fd0
  • CircleCI expects string for version numbers f445f74
  • fix CI f0d10af
  • fuck it, just turn on lockfile 3e359c0
  • share cache only between node versions b158aaa
  • pls cache work 6244054
  • cover all branches 856698f
  • add extensive test and documentation (closes #69) 1566344
  • update year e26701b
  • Update README.md [skip ci] 5a5ee45
  • fix renovate 5eedc53

https://github.com/hanover-computing/got-ssrf/compare/v1.3.5...v2.0.0

v1.3.5

1 year ago

Fixes typescript definition; no code changes

  • Merge pull request #66 from Markus-Rost/patch-2 f62456c
  • fix export 1d4e04e

https://github.com/hanover-computing/got-ssrf/compare/v1.3.4...v1.3.5

v1.3.4

1 year ago

This release does NOT affect the code whatsoever; the repository URL in the package.json was broken.

  • Merge pull request #65 from Markus-Rost/patch-1 3057c0f
  • Fix repository url e51a66f

https://github.com/hanover-computing/got-ssrf/compare/v1.3.3...v1.3.4

v1.3.3

1 year ago

This is a documentation release to update references in the npm README page.

v1.3.2

1 year ago

This is a refactor release, in which we now import the node dns module directly instead of having to do a roundabout, dirty hack, just so we could mock it during tests.

  • mock ES Imports directly 144570d
  • update ESLint to v8 7ae574d
  • fix CI a75f935

https://github.com/JaneJeon/got-csrf/compare/v1.3.1...v1.3.2

v1.3.1

1 year ago

This release adds special handling for IPv4/IPv6 addresses and fixes issues associated with them (the behaviour is backwards-compatible, minus the fixed bugs, and this does not result in any new "features" or options for the library, so it's a patch upgrade).

In particular, the change in the IP address handling leads to these improvements to the library:

  • it no longer needs to "DNS lookup" an IP address (duh)
  • it now handles IPv6 addresses encoded in the URL properly (e.g. http://[2606:2800:220:1:248:1893:25c8:1946])
  • it automatically handles IPv4-mapped IPv6 addresses properly (e.g. http://[::ffff:7f00:1] is a public IPv4 address that's mapped to an IPv6 address, but if we were to stick to the old implementation, in which we checked the range - ipv4mapped - we would've assumed that it's a reserved address and threw an error, even though it's a valid, public IP address)

Very subtle things, but it's more "correct" than before, so hey.

Commits

  • add npmignore e796920
  • handle IPv4/IPv6 addresses 5ecbc54
  • update email 5b0f3fc
  • update eslint 763fd61
  • remove package-lock as this is a library 6aa6c34
  • npm setup f2ac162
  • make linters ignore using gitignore 25aac7d
  • split eslint/prettier configs out of package.json [skip ci] 991411a
  • upgrade from husky v4 to v8 [skip ci] e11cc4a
  • chore: add gitignore [skip ci] 399cd02
  • Merge pull request #62 from Markus-Rost/master e77b241
  • declare module for TypeScript a04b76b
  • Merge pull request #59 from JaneJeon/dependabot/npm_and_yarn/got-12.1.0 c15e840
  • Merge pull request #61 from JaneJeon/renovate/jest-junit-14.x ab31a56
  • Update dependency jest-junit to v14 75b99ad
  • Update dependency lint-staged to v13.0.3 f752678
  • Bump got from 12.0.0 to 12.1.0 a71f652
  • Update dependency lint-staged to v13.0.2 a37b848
  • Update dependency lint-staged to v13.0.1 f22ce4e
  • Merge pull request #56 from JaneJeon/dependabot/npm_and_yarn/semver-regex-3.1.4 22866c9
  • Bump semver-regex from 3.1.2 to 3.1.4 caf0d4d
  • Merge pull request #55 from JaneJeon/renovate/lint-staged-13.x 3a260b1
  • Update dependency lint-staged to v13 614e5c2
  • Update dependency lint-staged to v12.5.0 29a9770
  • Update dependency lint-staged to v12.4.3 9f4e692
  • Update dependency lint-staged to v12.4.2 67bc7e0
  • Update dependency lint-staged to v12.4.1 05e02fe
  • Merge pull request #50 from JaneJeon/renovate/github-codeql-action-2.x 044b21b
  • Update github/codeql-action action to v2 ec47854
  • Merge pull request #48 from JaneJeon/renovate/lint-staged-12.x 8a9736a
  • Update dependency lint-staged to v12.4.0 08492a1
  • Update dependency lint-staged to v12.3.8 badfcbf
  • Merge pull request #46 from JaneJeon/dependabot/npm_and_yarn/minimist-1.2.6 ee4430b
  • Bump minimist from 1.2.5 to 1.2.6 0577090
  • Update dependency lint-staged to v12.3.7 6d44336
  • Update dependency lint-staged to v12.3.6 c4a1e31
  • Update dependency lint-staged to v12.3.5 71f9f2f
  • Merge pull request #42 from JaneJeon/renovate/actions-checkout-3.x 048f98c
  • Update actions/checkout action to v3 4b1e657
  • Update dependency lint-staged to v12.3.4 a6f9871
  • Update dependency lint-staged to v12.3.3 d127688
  • Update dependency lint-staged to v12.3.2 d810378
  • Update dependency lint-staged to v12.3.1 2ef9173
  • Update dependency lint-staged to v12.3.0 f532aa0
  • Update dependency lint-staged to v12.2.2 3d30db9
  • Update dependency lint-staged to v12.2.1 a0dfbe5
  • Update dependency lint-staged to v12.2.0 c91c0be
  • Update README.md b4e4ca6
  • Update README.md bc5981c
  • Update README.md 8c232fd
  • Update README.md 71c2ba6
  • Update README.md 6d4c1f9
  • Update dependency lint-staged to v12.1.7 ead7cc1
  • Update dependency lint-staged to v12.1.6 cad2a4d
  • Update dependency lint-staged to v12.1.5 563385c
  • Update config.yml d99ce6f
  • Update config.yml daa3e84
  • Update .npmrc 347fa84
  • Update .npmrc 6c0742b
  • remove codecov token 546e7d4
  • yeet a247fc8
  • circleci migration ba81ff4
  • Merge pull request #29 from JaneJeon/renovate/lint-staged-12.x 02c9a46
  • Delete dependabot.yml f575f3a
  • Update dependency lint-staged to v12.1.4 08ed79f
  • Merge pull request #28 from JaneJeon/renovate/configure f99de0b
  • Update renovate.json 1cafb7c
  • Add renovate.json 2bb5d35
  • Merge pull request #26 from JaneJeon/dependabot/npm_and_yarn/jest-27.4.5 4fba620
  • Merge pull request #27 from JaneJeon/dependabot/npm_and_yarn/lint-staged-12.1.3 96a1a69
  • Merge pull request #20 from JaneJeon/dependabot/npm_and_yarn/debug-4.3.3 85a2a4e
  • Bump debug from 4.3.2 to 4.3.3 db27b0b
  • Bump lint-staged from 12.1.2 to 12.1.3 714dc46
  • Bump jest from 27.4.4 to 27.4.5 9699d6b

https://github.com/JaneJeon/got-csrf/compare/v1.3.0...v1.3.1

v1.3.0

2 years ago

This version bumps got version to v12 from v12 beta v4.

  • deps c258170
  • Merge pull request #23 from JaneJeon/dependabot/npm_and_yarn/jest-27.4.4 c536a5a
  • Merge pull request #22 from JaneJeon/dependabot/npm_and_yarn/got-12.0.0 2bbbd97
  • Bump jest from 27.4.3 to 27.4.4 6efbfe2
  • Bump got from 12.0.0-beta.4 to 12.0.0 75bec9d
  • Merge pull request #21 from JaneJeon/dependabot/npm_and_yarn/jest-27.4.3 da2e65a
  • Bump jest from 27.3.1 to 27.4.3 3305ab1
  • Merge pull request #19 from JaneJeon/dependabot/npm_and_yarn/lint-staged-12.1.2 3804ebd
  • Bump lint-staged from 12.0.2 to 12.1.2 1ac987f
  • Merge pull request #17 from JaneJeon/dependabot/npm_and_yarn/nock-13.2.1 f058937
  • Merge pull request #18 from JaneJeon/dependabot/npm_and_yarn/lint-staged-12.0.2 d98040b
  • Bump lint-staged from 11.2.6 to 12.0.2 a775b79
  • Bump nock from 13.2.0 to 13.2.1 66dc7d0
  • Merge pull request #16 from JaneJeon/dependabot/npm_and_yarn/nock-13.2.0 ff03f23
  • Bump nock from 13.1.4 to 13.2.0 b544696
  • Merge pull request #15 from JaneJeon/dependabot/npm_and_yarn/lint-staged-11.2.6 f136efa
  • Bump lint-staged from 11.1.2 to 11.2.6 d057bc0
  • oops d0850f3
  • fuck it 04d93b8
  • hmm 2b47014
  • y no work 7c26ad5
  • maybe?? c262bde
  • please just fucking work d347ee5
  • pls work 6f4d829
  • does this work? 043e5df
  • become, evil circle [skip ci] 4718a27
  • le badge [skip ci] ee04698
  • does it not work for v12? 5a610ef
  • oops 0e518ce
  • move to github actions for CI? aa281e7
  • npm conf 48e9041
  • Merge pull request #11 from JaneJeon/dependabot/npm_and_yarn/jest-27.3.1 3cf25e9
  • Merge pull request #12 from JaneJeon/dependabot/npm_and_yarn/lint-staged-11.2.4 0e37eb4
  • Merge pull request #13 from JaneJeon/dependabot/npm_and_yarn/nock-13.1.4 9862913
  • Merge pull request #14 from JaneJeon/dependabot/npm_and_yarn/eslint-plugin-promise-5.1.1 3136cda
  • Bump eslint-plugin-promise from 5.1.0 to 5.1.1 52c009c
  • Bump nock from 13.1.3 to 13.1.4 fe4eec5
  • Bump lint-staged from 11.2.3 to 11.2.4 41926e6
  • Bump jest from 27.3.0 to 27.3.1 a9c1dc1
  • Merge pull request #10 from JaneJeon/dependabot/npm_and_yarn/eslint-plugin-import-2.25.2 ae5f981
  • Merge pull request #9 from JaneJeon/dependabot/npm_and_yarn/jest-27.3.0 3323507
  • Bump eslint-plugin-import from 2.24.2 to 2.25.2 496623e
  • Bump jest from 27.2.5 to 27.3.0 196b486
  • Merge pull request #6 from JaneJeon/dependabot/npm_and_yarn/jest-27.2.5 6b2f0d2
  • Merge pull request #7 from JaneJeon/dependabot/npm_and_yarn/jest-junit-13.0.0 34198ce
  • Merge pull request #8 from JaneJeon/dependabot/npm_and_yarn/lint-staged-11.2.3 75a377b
  • Bump lint-staged from 11.1.2 to 11.2.3 e88d602
  • Bump jest-junit from 12.3.0 to 13.0.0 f7fb995
  • Bump jest from 27.2.4 to 27.2.5 2bee8ee
  • Merge pull request #5 from JaneJeon/dependabot/npm_and_yarn/jest-27.2.4 bed9a83
  • Bump jest from 27.2.2 to 27.2.4 ffa03c7
  • fix 8f0e8ce
  • prettier 3d82c7d
  • prettier a5d8f52
  • Create ossar-analysis.yml dbc0e27
  • Create codeql-analysis.yml c058a4b
  • Merge pull request #4 from JaneJeon/dependabot/npm_and_yarn/jest-27.2.2 d1e1077
  • Bump jest from 27.2.1 to 27.2.2 4366b5f
  • fix 69d8f7e
  • depbot 83d6594

https://github.com/JaneJeon/got-csrf/compare/v1.2.0...v1.3.0

v1.2.0

2 years ago

This release makes sure the SSRF check also runs on every redirect, see #2

  • asdf 1d74837
  • closes #2 6be993a
  • test on LTS 28e74ee
  • Update README.md 004a489

https://github.com/JaneJeon/got-csrf/compare/v1.1.0...v1.2.0