Mirror of YDB github repos https://code.mastervirt.ru/ydb/atom?h=main 2025-05-30T07:47:42Z 2025-05-30T07:47:42Z thegeorg thegeorg@yandex-team.com 2025-05-30T07:25:36Z urn:sha1:8b8d94c31949c2597d5c8ed23d8b7c45de2290f5 * http-parser was explicitly deprecated: https://github.com/nodejs/http-parser Use contrib/restricted/llhttp instead * https://github.com/lloyd/yajl received no updates for 10 years. Use either contrib/libs/json-c or contrib/libs/simdjson instead. commit_hash:4be3755e7075401bf866ec2716550bec000286b1 2025-05-12T08:51:50Z npt-1707 npthanh132@gmail.com 2025-05-12T08:37:42Z urn:sha1:bf1279129bcf6c1b1001e39c39a13d80737898d3 * Changelog entry Type: fix Component: contrib/restricted/http-parser/http_parser.c Hi there, I identified another vulnerability in a clone function http_parser_execute() in `contrib/restricted/http-parser/http_parser.c` sourced from [nodejs/node](https://github.com/nodejs/node). This issue, originally reported in-8287](https://nvd.nist.gov/vuln/detail/cve-2020-8287), was resolved in the repository via this commit https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e. This PR applies the corresponding patch to fix the vulnerabilities in this codebase. Please review at your convenience. Thank you! --- Pull Request resolved: https://github.com/ytsaurus/ytsaurus/pull/1260 Co-authored-by: nadya02 <nadya02@yandex-team.com> commit_hash:074ecc3485a1c90bd75678a6464ea12654804660 2025-05-07T09:45:19Z robot-piglet robot-piglet@yandex-team.com 2025-05-07T09:34:11Z urn:sha1:8136573857539859e147d7edd8762ca707c92402 commit_hash:8e91f1bc83ec2f7c5c04762b6c4a7343ab3506f2 2024-10-09T10:14:22Z maxim-yurchuk maxim-yurchuk@yandex-team.com 2024-10-09T09:29:46Z urn:sha1:9731d8a4bb7ee2cc8554eaf133bb85498a4c7d80 <HIDDEN_URL> commit_hash:c82a80ac4594723cebf2c7387dec9c60217f603e 2024-01-19T10:10:03Z armenqa armenqa@yandex-team.com 2024-01-19T09:23:50Z urn:sha1:2de0149d0151c514b22bca0760b95b26c9b0b578 Relates: https://st.yandex-team.ru/, https://st.yandex-team.ru/ 2023-12-05T09:25:06Z robot-ya-builder robot-ya-builder@yandex-team.com 2023-12-05T08:10:55Z urn:sha1:96458ea3c773a8a3edb707f73db0cdedbfcfad90 Update tools: yexport, os-yexport 2023-11-20T11:34:20Z dcherednik dcherednik@ydb.tech 2023-11-20T10:23:37Z urn:sha1:ffff7a34e41bf0dd7d5e0f3d78aeaebbf56200e6 2023-07-28T21:02:16Z max42 max42@yandex-team.com 2023-07-28T21:02:16Z urn:sha1:73b89de71748a21e102d27b9f3ed1bf658766cb5 After this, a new target libyqlplugin.so appears. in open-source cmake build. Diff in open-source YDB repo looks like the following: https://paste.yandex-team.ru/f302bdb4-7ef2-4362-91c7-6ca45f329264 2023-06-30T08:13:34Z max42 max42@yandex-team.com 2023-06-30T08:13:34Z urn:sha1:3e1899838408bbad47622007aa382bc8a2b01f87 This reverts commit ca272f12fdd0e8d5c3e957fc87939148f1caaf72, reversing changes made to 49f8acfc8b0b5c0071b804423bcf53fda26c7c12. 2023-06-30T00:37:03Z max42 max42@yandex-team.com 2023-06-30T00:37:03Z urn:sha1:fac2bd72b4b31ec3238292caf8fb2a8aaa6d6c4a This commit is formed by the following script: https://paste.yandex-team.ru/6f92e4b8-efc5-4d34-948b-15ee2accd7e7/text. This commit has zero effect on all projects that depend on YQL. The summary of changes: - `yql/providers/yt -> ydb/library/yql/providers/yt `- the whole implementation of YT provider is moved into YDB code base for further export as a part of YT YQL plugin shared library; - `yql/providers/stat/{expr_nodes,uploader} -> ydb/library/yql/providers/stat/{expr_nodes,uploader}` - a small interface without implementation and the description of stat expr nodes; - `yql/core/extract_predicate/ut -> ydb/library/yql/core/extract_predicate/ut`; - `yql/core/{ut,ut_common} -> ydb/library/yql/core/{ut,ut_common}`; - `yql/core` is gone; - `yql/library/url_preprocessing -> ydb/library/yql/core/url_preprocessing`. **NB**: all new targets inside `ydb/` are under `IF (NOT CMAKE_EXPORT)` clause which disables them from open-source cmake generation and ya make build. They will be enabled in the subsequent commits.