Skip to content

deps: update llhttp to 6.0.2#38665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
indutny wants to merge 1 commit into from
Closed

deps: update llhttp to 6.0.2 #38665

indutny wants to merge 1 commit into from

Conversation

@indutny
Copy link
Member

@indutnyindutny commented May 13, 2021
edited by aduh95
Loading

Fixes: #37053
Refs: nodejs/llparse#44

Needs backports to all release branches. I've made 4.0.1 release to facilitate with that.

@indutnyindutny mentioned this pull request May 13, 2021
Closed
@github-actionsgithub-actionsbot added the needs-ci PRs that need a full CI run. label May 13, 2021
@indutnyindutny mentioned this pull request May 13, 2021
Closed
@mscdex
Copy link
Contributor

mscdex commented May 13, 2021
edited
Loading

@indutny I think that's the wrong link for the "Fixes:" part of the commit message?

@RaisinTen
Copy link
Member

RaisinTen commented May 13, 2021

- Fix: #37503+ Fixes: https://github.com/nodejs/node/issues/37053

mcollina
mcollina approved these changes May 13, 2021
View reviewed changes
Copy link
Member

@mcollinamcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 13, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/38057/

@indutnyindutnyforce-pushed the feature/llhttp-6.0.2 branch from 2aae81b to 49e48a1CompareMay 13, 2021 06:58
@indutny
Copy link
MemberAuthor

indutny commented May 13, 2021

Thanks! That was a typo in "Fix". Fixed now! 😂

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 13, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/38058/

@richardlau
Copy link
Member

richardlau commented May 13, 2021

Needs backports to all release branches. I've made 4.0.1 release to facilitate with that.

I take this statement to mean we'd need manual backports for the LTS releases (14/12)? Unfortunately it looks like the way we applied security patches hasn't kept the llhttp files in-step -- current versions of

declare llhttp 2.1.3 and is what you get in node -p process.versions.llhttp.

@targos
Copy link
Member

targos commented May 13, 2021

On master, we jumped directly from v2.1.3 to v5.1.0 in #38146

@legendecaslegendecas mentioned this pull request May 13, 2021
Closed
@indutny
Copy link
MemberAuthor

indutny commented May 14, 2021

@richardlau asking the right question! I don't expect any problems with making 2.x release for these branches. Thankfully the fix is not in llhttp itself, but rather in its compiler. 2.x uses [email protected] and the fixed version is [email protected]. Should be as easy as bumping the dependency and making a release. If there are any security fixes - I'll happily apply them as well.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 15, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/38121/

indutny added a commit that referenced this pull request May 20, 2021
@indutny
deps: update llhttp to 6.0.2
d798de1
Fix: #37053 See: nodejs/llparse#44 PR-URL: #38665 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniele Belardi <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
@indutny
Copy link
MemberAuthor

indutny commented May 20, 2021

Landed in d798de1, thank you!

@indutnyindutny closed this May 20, 2021
@indutnyindutny deleted the feature/llhttp-6.0.2 branch May 20, 2021 19:34
danielleadams pushed a commit that referenced this pull request May 31, 2021
@indutny@danielleadams
deps: update llhttp to 6.0.2
15aaf14
Fix: #37053 See: nodejs/llparse#44 PR-URL: #38665 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Daniele Belardi <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
@danielleadamsdanielleadams mentioned this pull request May 31, 2021
Merged
@richardlau
Copy link
Member

richardlau commented Jul 16, 2021

Coming back to this for v14.x and v12.x. I could do with some help here working out what is landable on those re. llhttp. As mentioned before (#38665 (comment)) they both claim to be llhttp 2.1.3 although e.g. on v14.x there was a security patch applied which I think corresponded to a semver major llhttp (3?)

$ git log --oneline deps/llhttp/ 641f786bb1 http: unset `F_CHUNKED` on new `Transfer-Encoding` 85062b3aad deps: update llhttp to 2.1.3 ...

I guess we missed a step somewhere with the security patches and synching llhttp versions.

Perhaps the best thing to do is mark this as requiring manual backports.

@ChaphasilorChaphasilor mentioned this pull request Aug 19, 2021
Closed
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollinamcollinamcollina approved these changes

@jasnelljasnelljasnell approved these changes

@TrottTrottTrott approved these changes

@addaleaxaddaleaxaddaleax approved these changes

@lpincalpincalpinca approved these changes

+2 more reviewers

@dnlupdnlupdnlup approved these changes

@lioncorpolioncorpolioncorpo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

needs-ciPRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[linux-armv7l] http.request() fails with HPE_INVALID_CONSTANT error

14 participants

@indutny@mscdex@RaisinTen@nodejs-github-bot@richardlau@targos@mcollina@jasnell@Trott@addaleax@lpinca@dnlup@lioncorpo