Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/webtorrent/webtorrent.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/package.json
AgeCommit message (Collapse)Author
2019-09-110.107.16v0.107.16Feross Aboukhadijeh
2019-09-11fix git commit referenceFeross Aboukhadijeh
2019-09-110.107.15v0.107.15Feross Aboukhadijeh
2019-09-110.107.14v0.107.14Feross Aboukhadijeh
2019-09-100.107.13v0.107.13Feross Aboukhadijeh
2019-09-10simple-sha1@^3.0.1Feross Aboukhadijeh
2019-09-070.107.12v0.107.12Feross Aboukhadijeh
2019-09-070.107.11v0.107.11Feross Aboukhadijeh
2019-09-070.107.10v0.107.10Feross Aboukhadijeh
2019-09-070.107.9v0.107.9Feross Aboukhadijeh
2019-09-060.107.8v0.107.8Feross Aboukhadijeh
2019-09-060.107.7v0.107.7Feross Aboukhadijeh
2019-09-06fix(package): update simple-sha1 to version 3.0.0greenkeeper[bot]
2019-08-280.107.6v0.107.6Feross Aboukhadijeh
2019-08-27Fix http server XSSFeross Aboukhadijeh
Low risk xss. If the torrent contains a specially crafted title or file name, and the user starts the WebTorrent HTTP server via createServer(), and then the user visits the HTTP server index page (which lists the contents of the torrent), then the attacker can run JavaScript in this browser context. The reason this seems relatively low risk is that the WebTorrent HTTP server only allows fetching data pieces from the torrent. It doesn't support any other control of the torrent client. So, attacker code could e.g. figure out what content the user is downloading and exfiltrate that to an external domain. This commit mitigates the issue in two ways (either of which could have prevented this XSS on its own): 1. HTML-escape untrusted torrent metadata (name, path, file names, etc.) 2. Add the strictest possible CSP to prevent all connections, scripts, styles, plugins, frames. Every capability is denied.
2019-08-210.107.5v0.107.5Feross Aboukhadijeh
2019-08-180.107.4v0.107.4Feross Aboukhadijeh
2019-08-090.107.3v0.107.3Feross Aboukhadijeh
2019-08-09Merge pull request #1692 from webtorrent/greenkeeper/stream-to-blob-url-3.0.0Feross Aboukhadijeh
Update stream-to-blob-url to the latest version 🚀
2019-08-090.107.2v0.107.2Feross Aboukhadijeh
2019-08-09fixpackFeross Aboukhadijeh
2019-08-09scripts: use verbose command flagsFeross Aboukhadijeh
2019-08-09chromeapp: prevent load-ip-set from inclusionFeross Aboukhadijeh
2019-08-090.107.1v0.107.1Feross Aboukhadijeh
2019-08-08Force update depsFeross Aboukhadijeh
2019-08-08Remove accidental double minification (saves 2kb!)Feross Aboukhadijeh
2019-08-08fix(package): update stream-to-blob-url to version 3.0.0greenkeeper[bot]
2019-08-08App "chromeapp" field to `package.json`Feross Aboukhadijeh
I'm attempting to make a defacto standard for specifying Chrome App dependency substitutions using the `"chromeapp"` field in `package.json`. The `"chromeapp"` field is just like the [`"browser"` field in `package.json`](https://github.com/defunctzombie/package-browser-field-spec) except it's intended for Chrome Apps instead of a generic browser environment. Bundler tools like `browserify` or `webpack` can be configured to look for the `"chromeapp"` field instead of the `"browser"` field when doing a build for a Chrome App. In this specific package, since Chrome Apps can use raw sockets we want to replace e.g. `require('net')` with `require('chrome-net')`.
2019-08-070.107.0v0.107.0Feross Aboukhadijeh
2019-08-07add size-disc script to visualize bundleFeross Aboukhadijeh
2019-08-07Use tinyify to compress buildFeross Aboukhadijeh
2019-08-07remove safe-bufferFeross Aboukhadijeh
2019-08-07fs-chunk-store@2Feross Aboukhadijeh
For: https://github.com/brave/brave-browser/issues/5490
2019-08-07ut_pex@2Feross Aboukhadijeh
For: https://github.com/brave/brave-browser/issues/5490
2019-08-07multistream@4Feross Aboukhadijeh
For: https://github.com/brave/brave-browser/issues/5490
2019-08-06Remove unusued devDependenciesFeross Aboukhadijeh
Fixes: https://github.com/webtorrent/webtorrent/issues/1585
2019-08-040.106.0v0.106.0Feross Aboukhadijeh
2019-08-04BREAKING: drop Node 8 supportFeross Aboukhadijeh
For: https://github.com/webtorrent/webtorrent/issues/1681
2019-08-02bitfield@3Feross Aboukhadijeh
For https://github.com/brave/brave-browser/issues/5490
2019-08-02stream-to-blob@2Feross Aboukhadijeh
For https://github.com/brave/brave-browser/issues/5490
2019-08-02Merge pull request #1677 from webtorrent/greenkeeper/electron-6.0.0Feross Aboukhadijeh
Update electron to the latest version 🚀
2019-08-020.105.3v0.105.3Feross Aboukhadijeh
2019-07-300.105.2v0.105.2Feross Aboukhadijeh
2019-07-30chore(package): update electron to version 6.0.0greenkeeper[bot]
2019-07-240.105.1v0.105.1Feross Aboukhadijeh
2019-07-12Update package.jsonFeross Aboukhadijeh
2019-07-12chore(package): update airtap to version 2.0.3greenkeeper[bot]
2019-07-090.105.0v0.105.0Feross Aboukhadijeh
2019-07-06fix(package): update parse-torrent to version 7.0.0greenkeeper[bot]
2019-06-290.104.0v0.104.0Feross Aboukhadijeh
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 12:07:31 +0300