profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/AlexLandau/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

AlexLandau/gdl-perf 5

Cross-language perf and correctness test framework for GDL interpreters.

AlexLandau/gdl-validation 3

Standalone GDL validation library, formerly part of Griddle.

AlexLandau/cadiaplayer-prolog-engine 1

A fork of Cadiaplayer for use with the gdl-perf testing framework.

AlexLandau/fluxplayer-prolog-engine 1

The Fluxplayer prolog engine, with a script for testing with the gdl-perf framework.

AlexLandau/ggp-repository 1

GGP Game Repository

AlexLandau/antlr-preferring-later-rule 0

Repro of what looks like a bug in ANTLR

AlexLandau/blueprint 0

A React-based UI toolkit for the web

AlexLandau/commons-compress-asm-error 0

Repro commons-compress 1.21 failing with asm 4.0+

push eventpalantir/gradle-baseline

Alex Landau

commit sha 7e73be830fd4d6892a43919849e94be7ead53909

Add logging when a jar has multiple entries for one class

view details

push time in 13 days

Pull request review commentpalantir/gradle-baseline

Speed up class uniqueness analyses by caching results of reading jars

+/*+ * (c) Copyright 2021 Palantir Technologies Inc. All rights reserved.+ *+ * Licensed under the Apache License, Version 2.0 (the "License");+ * you may not use this file except in compliance with the License.+ * You may obtain a copy of the License at+ *+ *     http://www.apache.org/licenses/LICENSE-2.0+ *+ * Unless required by applicable law or agreed to in writing, software+ * distributed under the License is distributed on an "AS IS" BASIS,+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+ * See the License for the specific language governing permissions and+ * limitations under the License.+ */++package com.palantir.baseline.services;++import com.github.benmanes.caffeine.cache.Cache;+import com.github.benmanes.caffeine.cache.Caffeine;+import com.google.common.collect.ImmutableSetMultimap;+import com.google.common.hash.HashCode;+import com.google.common.hash.Hashing;+import com.google.common.hash.HashingInputStream;+import com.google.common.io.ByteStreams;+import java.io.File;+import java.io.FileInputStream;+import java.io.IOException;+import java.util.jar.JarEntry;+import java.util.jar.JarInputStream;+import org.gradle.api.artifacts.ModuleVersionIdentifier;+import org.gradle.api.artifacts.ResolvedArtifact;+import org.gradle.api.services.BuildService;+import org.gradle.api.services.BuildServiceParameters;++public abstract class JarClassHasher implements BuildService<BuildServiceParameters.None>, AutoCloseable {+    private final Cache<ModuleVersionIdentifier, Result> cache =+            Caffeine.newBuilder().build();++    public static class Result {+        private final ImmutableSetMultimap<String, HashCode> hashesByClassName;

I sent you the details internally.

AlexLandau

comment created time in 24 days

PullRequestReviewEvent

issue commentgradle/gradle

IterationOrderRetainingSetElementSource#add takes time linear in the collection size

I opened a PR with one possible approach to fixing this at #18098.

AlexLandau

comment created time in a month

push eventAlexLandau/gradle

Alex Landau

commit sha 8a4188fda768a94bb728dbf34bc1ba72e5cc40c9

Fix performance at scale of IterationOrderRetainingSetElementSource#add Fixes #16998 This `add` method was taking time linear in the size of the collection rather than constant time, causing performance issues at scale. There is a slight semantic change here: Previously, if an element was submitted using `add`, it could be rejected if it matched an element from a provider, but only if the provider had been realized. This means the outcome of the iterator could have changed based on the timing of this realization, and was also different from what the behavior would be if the element were added through a provider. Now, if provider and non-provider versions of the same value are added, they will generally both be accepted into the collection at `add` time (with a return value of true), and at iteration time, only one of them will be returned. Signed-off-by: Alex Landau <alandau@palantir.com>

view details

push time in a month

push eventAlexLandau/gradle

Alex Landau

commit sha 4dc3381fa3757cf6c6340ef6f2a7720dfce0ec2c

Fix performance at scale of IterationOrderRetainingSetElementSource#add Fixes #16998 This `add` method was taking time linear in the size of the collection rather than constant time, causing performance issues at scale. There is a slight semantic change here: Previously, if an element was submitted using `add`, it could be rejected if it matched an element from a provider, but only if the provider had been realized. This means the outcome of the iterator could have changed based on the timing of this realization, and was also different from what the behavior would be if the element were added through a provider. Now, if provider and non-provider versions of the same value are added, they will generally both be accepted into the collection at `add` time (with a return value of true), and at iteration time, only one of them will be returned. Signed-off-by: Alex Landau <alandau@palantir.com>

view details

push time in a month

push eventAlexLandau/gradle

Alex Landau

commit sha df947a9747f18a5339e599aa7a2c7d64ac9eef85

Fix performance at scale of IterationOrderRetainingSetElementSource#add This `add` method was taking time linear in the size of the collection rather than constant time, causing performance issues at scale. There is a slight semantic change here: Previously, if an element was submitted using `add`, it could be ignored if it matched an element from a provider, but only if the provider had been realized. This means the outcome of the iterator could change based on the timing of this realization, and is also different from what the behavior would be if it were added through a provider. Signed-off-by: Alex Landau <alandau@palantir.com>

view details

push time in a month

PR opened gradle/gradle

Fix performance at scale of IterationOrderRetainingSetElementSource#add

Fixes #16998

Context

This add method was taking time linear in the size of the collection rather than constant time, causing performance issues at scale.

There is a slight semantic change here: Previously, if an element was submitted using add, it could be ignored if it matched an element from a provider, but only if the provider had been realized. This means the outcome of the iterator could change based on the timing of this realization, and is also different from what the behavior would be if it were added through a provider.

I don't have a test for the performance characteristics (I don't know how I'd make such a test non-flakey), but I have tested it manually with https://github.com/AlexLandau/gradle-linear-iorses-add-repro.

Contributor Checklist

  • [ ] Review Contribution Guidelines
  • [ ] Make sure that all commits are signed off to indicate that you agree to the terms of Developer Certificate of Origin.
  • [ ] Make sure all contributed code can be distributed under the terms of the Apache License 2.0, e.g. the code was written by yourself or the original code is licensed under a license compatible to Apache License 2.0.
  • [ ] Check "Allow edit from maintainers" option in pull request so that additional changes can be pushed by Gradle team
  • [ ] Provide integration tests (under <subproject>/src/integTest) to verify changes from a user perspective
  • [ ] Provide unit tests (under <subproject>/src/test) to verify logic
  • [ ] Update User Guide, DSL Reference, and Javadoc for public-facing changes
  • [ ] Ensure that tests pass sanity check: ./gradlew sanityCheck
  • [ ] Ensure that tests pass locally: ./gradlew <changed-subproject>:quickTest

Gradle Core Team Checklist

  • [ ] Verify design and implementation
  • [ ] Verify test coverage and CI build status
  • [ ] Verify documentation
  • [ ] Recognize contributor in release notes
+42 -1

0 comment

2 changed files

pr created time in a month

push eventAlexLandau/gradle

bot-gradle

commit sha 2c84289e631f8176edc68a92c2007dab7e318e06

Merge pull request #17486 Split MavenPublishResolvedVersionsJavaIntegTest

view details

bot-teamcity

commit sha 44b10870dc6bbe2effae3afc755bb68c8ba7e7ff

Publish 7.1-20210618230308+0000

view details

Stefan Wolf

commit sha f4a9b7904c744a184aa26eb27e85be361add2b54

Fix fs watching test for 7.1 The test only works if the target version is 7.2+.

view details

bot-teamcity

commit sha de0ef8f77ac8f12c8d5c69a3ab6c1f806cdb75ae

Publish 7.1-20210619232348+0000

view details

Bo Zhang

commit sha 41c7d879f870b7aca12939029afc9246f6779a46

Re-split the test buckets based on latest test runtime data

view details

Stefan Wolf

commit sha 80c37478b113c2bc45d0d27226548c50b0e6ddd1

Extract kotlin subclass name to constant

view details

Stefan Wolf

commit sha 8d9ff433591e3a9bb4e5fd3294469bc8a88c1ff3

Fix minor problems in MavenConversionIntegrationTest

view details

Stefan Wolf

commit sha a7eb7ac16a9f698791a28066d93ef445edff3eaf

Annotate abstract super classes with DisableCachingByDefault

view details

Stefan Wolf

commit sha 0f57cb09435452c804ae70941a28193979781d6f

Annotate DefaultTask with DisableCachingByDefault

view details

Stefan Wolf

commit sha 3cc68b7c21cd6ef9ccac62159808e26e4b5bc76d

Annotate tasks in build-init with DisableCachingByDefault

view details

Stefan Wolf

commit sha eb100e22818c0aef7ae7aaa8e3a43abcc95d6561

Annotate tasks in core with DisableCachingByDefault

view details

Stefan Wolf

commit sha a1d6b39cf29b2a79b6fa923bea402a46b7c77f0a

Add DisableCachingByDefault in diagnostics project

view details

Stefan Wolf

commit sha 2557b78598803c121eacd1ea5916c51f991ca190

Add DisableCachingByDefault in ide* project

view details

Stefan Wolf

commit sha 2af9e94f56bf2f03e542fd1476f988241374720f

Add DisableCachingByDefault in kotlin* project

view details

Stefan Wolf

commit sha 038bf69620072d2b836eb9c4261bebcc223eeaed

Add DisableCachingByDefault in language* and platform* projects

view details

Stefan Wolf

commit sha 963e6cc4c51964d502b9b0bc7d826fd51b8e5bfd

Add DisableCachingByDefault in maven and ivy projects

view details

Stefan Wolf

commit sha 919cb5fdf4f3417641c6564104e0dd205ee0cd75

Add DisableCachingByDefault to remaining tasks

view details

Stefan Wolf

commit sha 849ac742e63a5082478a848f01e81eb7c7dfa473

Fix detection of test source sets in IDEA The test source sets (testFixtures/integTest/etc.) have not been marked as such in idea, because: - The idea plugin hasn't been applied to the sub-projects, which caused the configuration not to run - For testFixtures, we didn't mark the java sources as test sources, though it seems that is what idea relies on.

view details

Stefan Wolf

commit sha 87f2a294c282d7940a91197defa80d560db88cbd

Mark performance test sources as test sources

view details

bot-gradle

commit sha 8e5fa88a44304ee0e9779cf89e1a8654067b9975

Merge pull request #17485 Split MavenConversionIntegrationTest

view details

push time in a month

create barnchAlexLandau/gradle

branch : alandau/iorses-add-perf-fix

created branch time in a month

issue commentgradle/gradle

IterationOrderRetainingSetElementSource#add takes time linear in the collection size

I'm playing around with these collections a little more to get a better feel for what the fix should be. Obviously they're fairly complicated, given that they can contain views of other collections that change later, as well as supporting removal and lazy realization of values (with onRealize actions as well).

I don't know the exact semantics this is trying to achieve, but the fact that these give different outcomes feels questionable (I put these in IterationOrderRetainingSetElementSourceTest):

    def "adding is ignored when a realized provider currently has the same value"() {
        def provider1 = setProvider("foo")

        when:
        source.addPendingCollection(provider1)
        source.realizePending()
        boolean addResult = source.add("foo")
        provider1.value = []

        then:
        !addResult
        source.iterator().collect() == []
    }

    def "adding is not ignored when an unrealized provider has the same value"() {
        def provider1 = setProvider("foo")

        when:
        source.addPendingCollection(provider1)
        boolean addResult = source.add("foo")
        provider1.value = []

        then:
        addResult
        source.iterator().collect() == ["foo"]
    }

One possible fix for the performance issue is removing the check for an existing element at add time, and relying on the iterator to remove duplicate values. (This would involve making add always return true, which might not be desirable.) Another would be to track non-pending elements added in their own supplementary HashSet, and use that for the check in add. Either of those would change the above semantics, which is part of why I bring it up.

Also, size() is misleading at best for the IterationOrderRetainingSetElementSource (presumably it should create the realized iterator and use that if actually needed):

    def "let's see if I can break size"() {
        when:
        source.addPendingCollection(setProvider("foo"))
        source.addPendingCollection(setProvider("foo"))
        source.add("foo")
        source.add("foo")

        then:
        source.size() == 3
        source.iterator().collect() == ["foo"]
    }
AlexLandau

comment created time in a month

Pull request review commentpalantir/gradle-baseline

Speed up class uniqueness analyses by caching results of reading jars

+/*+ * (c) Copyright 2021 Palantir Technologies Inc. All rights reserved.+ *+ * Licensed under the Apache License, Version 2.0 (the "License");+ * you may not use this file except in compliance with the License.+ * You may obtain a copy of the License at+ *+ *     http://www.apache.org/licenses/LICENSE-2.0+ *+ * Unless required by applicable law or agreed to in writing, software+ * distributed under the License is distributed on an "AS IS" BASIS,+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+ * See the License for the specific language governing permissions and+ * limitations under the License.+ */++package com.palantir.baseline.services;++import com.github.benmanes.caffeine.cache.Cache;+import com.github.benmanes.caffeine.cache.Caffeine;+import com.google.common.collect.ImmutableSetMultimap;+import com.google.common.hash.HashCode;+import com.google.common.hash.Hashing;+import com.google.common.hash.HashingInputStream;+import com.google.common.io.ByteStreams;+import java.io.File;+import java.io.FileInputStream;+import java.io.IOException;+import java.util.jar.JarEntry;+import java.util.jar.JarInputStream;+import org.gradle.api.artifacts.ModuleVersionIdentifier;+import org.gradle.api.artifacts.ResolvedArtifact;+import org.gradle.api.services.BuildService;+import org.gradle.api.services.BuildServiceParameters;++public abstract class JarClassHasher implements BuildService<BuildServiceParameters.None>, AutoCloseable {+    private final Cache<ModuleVersionIdentifier, Result> cache =+            Caffeine.newBuilder().build();++    public static class Result {

Done

AlexLandau

comment created time in a month

PullRequestReviewEvent

Pull request review commentpalantir/gradle-baseline

Speed up class uniqueness analyses by caching results of reading jars

 public class BaselineClassUniquenessPlugin extends AbstractBaselinePlugin {     @Override     public final void apply(Project project) {-        TaskProvider<CheckClassUniquenessLockTask> checkClassUniqueness =-                project.getTasks().register("checkClassUniqueness", CheckClassUniquenessLockTask.class);+        Provider<JarClassHasher> jarClassHasher = project.getGradle()+                .getSharedServices()

Correct. The other alternative I'm aware of is putting an extension on the root project and locating the cache there, which should also work.

AlexLandau

comment created time in a month

PullRequestReviewEvent

Pull request review commentpalantir/gradle-baseline

Speed up class uniqueness analyses by caching results of reading jars

 public void analyzeConfiguration(Configuration configuration) {         Map<String, Set<ModuleVersionIdentifier>> classToJars = new HashMap<>();         Map<String, Set<HashCode>> tempClassToHashCodes = new HashMap<>();

I added this refactor to the PR. The section that looks for singleton-set values requires an asMap(), but that's the only wrinkle.

AlexLandau

comment created time in a month

PullRequestReviewEvent

push eventpalantir/gradle-baseline

Excavator Bot

commit sha 10a4664a926436d2b67f299fa1098c13dce0dc7c

Excavator: Consistent Gradle artifact repositories (#1840)

view details

Fabian Windheuser

commit sha fdb11cb24850cd900f4a5f73a7927916166dffff

Replace deprecated Report.enabled property (#1839) Replace deprecated Report.enabled property

view details

svc-autorelease

commit sha 289de330e087424ace4b3f694aac5066629d5058

Autorelease 4.1.0

view details

Alex Landau

commit sha 5e69d614289c9fd6dea3f277faf75a44debec098

Fix formatting of baseline-class-uniqueness.lock files (#1838) Fix the formatting of `baseline-class-uniqueness.lock` files when more than one configuration is listed. A newline was missing. This may require running `./gradlew checkClassUniqueness --write-locks` to update the files.

view details

Excavator Bot

commit sha ec99090e0c7b0f7a2c5e9fbda2c10017d7972ed2

Excavator: Upgrades Baseline to the latest version (#1841)

view details

Carter Kozak

commit sha 94d2f9a3b3470fe1244b91c6a3fc5cc70210ee63

Support the new SafeLogger API (#1834) Support the new SafeLogger API

view details

svc-autorelease

commit sha 779c6db14689b312bbdb2f4bc705cdfe2f61f078

Autorelease 4.2.0

view details

Carter Kozak

commit sha adc6b3595cf181f428e48c2ff04989302c481c76

Allow `PreferSafeLogger` to migrate uses with level-checks (#1842) Allow `PreferSafeLogger` to migrate logger uses which include level-checks

view details

svc-autorelease

commit sha d9423b80915df65efa56dbb73e2356ec52cdc49f

Autorelease 4.3.0

view details

dwyand

commit sha ec8a6cf720dda3c054566cc6029f47032dc0edfd

fix NPE on unused lambda param in static initializer (#1843) fix NPE on unused lambda param in static initializer

view details

svc-autorelease

commit sha dc02ba854bb097fecf7a453c7661e89fab7f27ec

Autorelease 4.4.0

view details

Excavator Bot

commit sha 8160322af1c9594a605848de1b0d34996ef60b8b

Excavator: Upgrades Baseline to the latest version (#1844)

view details

Excavator Bot

commit sha 99d1fbac1a6cb9d07a5e3f722a4061500573ae68

Excavator: Upgrade dependencies (#1845)

view details

Carter Kozak

commit sha 23343daf199c18e4aeea727fd307709b6735ddcc

Implement automatic fixes for `ImmutablesStyle` (#1846) Implement automatic fixes for `ImmutablesStyle`

view details

svc-autorelease

commit sha effbc90940d075c2f37153645678e120e34a71f8

Autorelease 4.5.0

view details

Excavator Bot

commit sha 94071dc9114de8559dcfa3fc754f959097da0579

Excavator: Upgrades Baseline to the latest version (#1849)

view details

Carter Kozak

commit sha 4c63ce9d929f72cd2ae7f4622c082483c2467c99

Suppress existing `ProxyNonConstantType` failures to ease rollout (#1850) Suppress existing `ProxyNonConstantType` failures to ease rollout

view details

svc-autorelease

commit sha e78e3926b5553fc9e4c17f9dea983eafdfce7926

Autorelease 4.6.0

view details

Carter Kozak

commit sha 2ea1274f8526843d1c595ffa3362698dcec6d023

Fix PreferSafeLogger edge case that produced non-compiling code (#1851) Fix PreferSafeLogger edge case that produced suggested fixes that didn't compile without human interaction.

view details

svc-autorelease

commit sha f7856056e88db0d14cf7697f5b487af5aceea9f6

Autorelease 4.7.0

view details

push time in a month

pull request commentpalantir/gradle-baseline

Speed up class uniqueness analyses by caching results of reading jars

@carterkozak Any follow-up here?

The completion of my thought above is that using this type of in-memory caching is well-insulated from unintended interactions with other plugins (while still being reusable if we want to), whereas adding new configurations and dependencies (in order to use artifact transformations) would be more of a public API change.

AlexLandau

comment created time in a month

startedGlenKPeterson/Paguro

started time in a month

push eventAlexLandau/commons-compress-asm-error

Alex Landau

commit sha 725dcdfc7064bae74ed2ff4ca020d9500bc31376

Add information about fix to README

view details

push time in a month

startedlinkedin/avro-util

started time in a month

push eventAlexLandau/semlang

dependabot[bot]

commit sha c8dbf66cba398147fe2f8828b4b1881ef6e89aba

Bump lodash from 4.17.15 to 4.17.21 in /typescript/semlang-api (#60) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in a month

delete branch AlexLandau/semlang

delete branch : dependabot/npm_and_yarn/typescript/semlang-api/lodash-4.17.21

delete time in a month

PR merged AlexLandau/semlang

Bump lodash from 4.17.15 to 4.17.21 in /typescript/semlang-api dependencies

Bumps lodash from 4.17.15 to 4.17.21. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538"><code>f299b52</code></a> Bump to v4.17.21</li> <li><a href="https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a"><code>c4847eb</code></a> Improve performance of <code>toNumber</code>, <code>trim</code> and <code>trimEnd</code> on large input strings</li> <li><a href="https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"><code>3469357</code></a> Prevent command injection through <code>_.template</code>'s <code>variable</code> option</li> <li><a href="https://github.com/lodash/lodash/commit/ded9bc66583ed0b4e3b7dc906206d40757b4a90a"><code>ded9bc6</code></a> Bump to v4.17.20.</li> <li><a href="https://github.com/lodash/lodash/commit/63150ef7645ac07961b63a86490f419f356429aa"><code>63150ef</code></a> Documentation fixes.</li> <li><a href="https://github.com/lodash/lodash/commit/00f0f62a979d2f5fa0287c06eae70cf9a62d8794"><code>00f0f62</code></a> test.js: Remove trailing comma.</li> <li><a href="https://github.com/lodash/lodash/commit/846e434c7a5b5692c55ebf5715ed677b70a32389"><code>846e434</code></a> Temporarily use a custom fork of <code>lodash-cli</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/5d046f39cbd27f573914768e3b36eeefcc4f1229"><code>5d046f3</code></a> Re-enable Travis tests on <code>4.17</code> branch.</li> <li><a href="https://github.com/lodash/lodash/commit/aa816b36d402a1ad9385142ce7188f17dae514fd"><code>aa816b3</code></a> Remove <code>/npm-package</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.21">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~bnjmnt4n">bnjmnt4n</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentAlexLandau/semlang

Bump lodash from 4.17.15 to 4.17.21 in /typescript/semlang-api

@dependabot rebase

dependabot[bot]

comment created time in a month

PR merged AlexLandau/semlang

Bump ws from 7.2.1 to 7.4.6 in /typescript/semlang-api dependencies

Bumps ws from 7.2.1 to 7.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.4.6</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a ReDoS vulnerability (00c425ec).</li> </ul> <p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used to significantly slow down a ws server.</p> <pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) { const value = 'b' + ' '.repeat(length) + 'x'; const start = process.hrtime.bigint(); <p>value.trim().split(/ *, */);</p> <p>const end = process.hrtime.bigint();</p> <p>console.log('length = %d, time = %f ns', length, end - start); } </code></pre></p> <p>The vulnerability was responsibly disclosed along with a fix in private by <a href="https://github.com/robmcl4">Robert McLaughlin</a> from University of California, Santa Barbara.</p> <p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a> and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p> <h2>7.4.5</h2> <h1>Bug fixes</h1> <ul> <li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed (23ba6b29).</li> <li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did not close the connection (67e25ff5).</li> </ul> <h2>7.4.4</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).</li> </ul> <h2>7.4.3</h2> <h1>Bug fixes</h1> <ul> <li>The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">#1840</a>).</li> </ul> <h2>7.4.2</h2> <h1>Bug fixes</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/f5297f7090f6a628832a730187c5b3a06a247f00"><code>f5297f7</code></a> [dist] 7.4.6</li> <li><a href="https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li> <li><a href="https://github.com/websockets/ws/commit/990306d1446faf346c76452409a4c11455690514"><code>990306d</code></a> [lint] Fix prettier error</li> <li><a href="https://github.com/websockets/ws/commit/32e3a8439b7c8273b44fe1adb5682f529e34d0ba"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li> <li><a href="https://github.com/websockets/ws/commit/8c914d18b86a7d1408884d18eeadae0fa41b0bb5"><code>8c914d1</code></a> [minor] Fix nits</li> <li><a href="https://github.com/websockets/ws/commit/fc7e27d12ad0af90ce05302afc85c292024000b4"><code>fc7e27d</code></a> [ci] Test on node 16</li> <li><a href="https://github.com/websockets/ws/commit/587c201bfc22c460658ca304d23477fc7ebd2a60"><code>587c201</code></a> [ci] Do not test on node 15</li> <li><a href="https://github.com/websockets/ws/commit/f67271079755e79a1ac2b40f3f4efb94ca024539"><code>f672710</code></a> [dist] 7.4.5</li> <li><a href="https://github.com/websockets/ws/commit/67e25ff50230d131d76b1061ca0be5c991df161f"><code>67e25ff</code></a> [fix] Fix case where <code>abortHandshake()</code> does not close the connection</li> <li><a href="https://github.com/websockets/ws/commit/23ba6b2922f521f2b656891a997ab562b7139dd4"><code>23ba6b2</code></a> [fix] Make UTF-8 validation work even if utf-8-validate is not installed</li> <li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.2.1...7.4.6">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventAlexLandau/semlang

dependabot[bot]

commit sha 1349d8e2d4c1f80083dcd0a2723d94187f82d97d

Bump ws from 7.2.1 to 7.4.6 in /typescript/semlang-api (#61) Bumps [ws](https://github.com/websockets/ws) from 7.2.1 to 7.4.6. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.2.1...7.4.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in a month

delete branch AlexLandau/semlang

delete branch : dependabot/npm_and_yarn/typescript/semlang-api/ws-7.4.6

delete time in a month

delete branch AlexLandau/semlang

delete branch : dependabot/npm_and_yarn/typescript/semlang-api/path-parse-1.0.7

delete time in a month