Skip to content

update to latest bunyan #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nadavsinai wants to merge 24 commits into
base: master
Choose a base branch
from
Open

update to latest bunyan #1

nadavsinai wants to merge 24 commits into from

Conversation

@nadavsinai
Copy link

@nadavsinai nadavsinai commented Sep 1, 2020

No description provided.

trentm and others added 24 commits June 23, 2020 21:32
@trentm
Fix a vulnerability from a crafted argument to 'bunyan -p ARG'
9d68e23 
This was reported privately as:
    https://hackerone.com/reports/902739
    bunyan - RCE via insecure command formatting

After this change:
    % ./bin/bunyan -p "S'11;touch hacked ;'\\"
    bunyan: error: no matching PIDs found for "S'11;touch hacked ;'\"

With bunyan's self-trace logging to show the escaped command:
    % BUNYAN_SELF_TRACE=1 ./bin/bunyan -p "S'11;touch hacked ;'\\"
    [bunyan self-trace] exec cmd: "ps -A -o pid,command | grep '[S]'\\''11;touch hacked ;'\\''\\\\'"
    bunyan: error: no matching PIDs found for "S'11;touch hacked ;'\"
    [bunyan self-trace] cleanupAndExit(2, undefined)
    [bunyan self-trace] process.exit(2)

Before this change these would create a "hacked" file in the current dir.
@cterse
Fixed typo in README (#620)
6cb828c
@mistval
Add tip about --no-optional (#625)
89cda5b 
Installing with `--no-optional` can reduce a bunyan 1.x install from ~3-4MB to ~450kB.
@trentm
Fix a test failure in node >=12 due to util.format edge case change
44c0491 
THis is a slight change in how `log.info(undefined, 'some message')`
is rendered by Bunyan, but that's been a fact since node v12.

nodejs/node#23162 was the relevant change.
@trentm
Fix test suite failure in node v14 due to util.inspect change with ci…
b38eae8 
…rcular refs

In nodejs/node#27685 (part of node v14), how
objects with circular references are stringified with `util.inspect` changed.
@trentm
travis: test with more node versions
a5cd893
@douira
Typo fixes in readme and contributing.md (#588)
28be9a0 
fixes #576
@piperchester
Fix typo (#587)
3908e7b
@bwknight877
Use os.EOL for line endings for text loggers (#590)
33adee5 
This change uses `os.EOL` for line endings instead of `\n`
This is useful for those of us using NodeJS on Windows where the easiest log reader is Notepad.exe
Fixes #589
@trentm
changelog entry for recent fix
4e5107b
@ronkorving @trentm
Remove old hack for some old Node 0.6 versions (#567)
0df66f4 
Co-authored-by: Ron Korving <rkorving@wizcorp.jp>
@trentm
Switch from travis to github actions for CI
86f0a56 
This also:
- adds "files" to package.json which removes a lot of dev files
  from the published package
- adds a package-lock.json file for 'npm ci' usage
@trentm
flail to guess why 'make check' is failing only on GH actions
383b003
@trentm
fix 'make check' in GH actions env; fix 'test' action (#641)
92c3e30 
- fix more jsstyle issues with newer Perl
- drop windows testing for now until using node-tap that handles globs
@trentm
drop debugging perl ver check from 'check' GH action
90699be
@mdholloway
Update moment to resolve regex DoS vulnerability (#558)
1920138 
CVE-2017-18214
https://nodesecurity.io/advisories/532

See the upstream issue resolved by the update:
moment/moment#4163
@trentm
2.0.4 (beta)
a636083
@trentm
nodeunit -> node-tap for testing (#644)
13e00c7 
Currently just tap v9 because that is the last major version of node-tap
that supports back to node v0.10.
@trentm
express support: use req.originalUrl for "req" serializer (#575)
7641566
@jacamera
updated webpack configuration instructions (#574)
f5a8d1d
@trentm
TODO: review logpp
a72af24
@trentm
version 2.0.5 (beta)
0ff1ae2
@dependabot
Bump moment from 2.27.0 to 2.29.4 (#693)
cb70cc7 
Refs: #692
@trentm
typo: minor correction in changelog ver ref
5c2258e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@nadavsinai @trentm @cterse @mistval @douira @piperchester @bwknight877 @ronkorving @mdholloway @jacamera