contrib/fasthttp
1
0
Fork 0
mirror of https://github.com/valyala/fasthttp.git synced 2026-06-14 15:56:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,901 Commits 3 Branches 81 Tags
87f0fe1394dea443b31db4c76e3f3d6c8541e4db
Commit Graph

1901 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Dubbelboer 87f0fe1394 Update securego/gosec from 2.23.0 to 2.25.0 (#2161) 2026-03-20 07:27:24 +01:00
Erik Dubbelboer 4001e91911 Fix acquireRealZstdWriter panic 
Pass the normalized compression level to prevent zstd.WithEncoderLevel
from returning an error.

Fixes https://github.com/valyala/fasthttp/issues/2157
 2026-03-16 02:35:36 +01:00
Erik Dubbelboer 1ceb192a9b Remove stripTrailingSlashes 
It was unused.
 2026-03-16 02:30:39 +01:00
pj 6fcfcb1ac0 export ErrConnectionClosed (#2152) 2026-03-04 08:40:34 +09:00
dependabot[bot] bed2c19699 chore(deps): bump actions/upload-artifact from 6 to 7 (#2149) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-27 05:50:32 +01:00
Erik Dubbelboer 1d3c69196c Honor Root for fs.FS and normalize fs-style roots (#2145) 
- Apply `fs.Root` in non-`os.FS` path resolution.
- Normalize `fs.FS` roots (`./`, trailing slash, leading slash, separators).
- Handle `PathRewrite` outputs without a leading slash.
- Add tests for `MapFS` and `DirFS` root enforcement.
 2026-02-22 18:15:07 +01:00
Erik Dubbelboer f0d5d9a5cb Add WithLimit methods for uncompression (#2147) 
* Add WithLimit methods for uncompression

The current uncompress methods don't enforce a memory limit and are
susceptible to things like zip bombs. This pull introduces new methods
so retain backwards compatibility. The old methods might be deprecated
in the future.

* Fix suggestion
 2026-02-22 18:13:40 +01:00
Erik Dubbelboer c2b317d47d Go 1.26 and golangci-lint updates (#2146) 
Keep Go 1.24 compatibility for now (by not using `wg.Go()`).
 2026-02-21 10:28:39 +01:00
Erik Dubbelboer 80e3281747 fasthttpproxy: scope proxy auth cache to GetDialFunc (#2144) 
Move auth cache from package-level to GetDialFunc lifetime to prevent
leaks.
 2026-02-20 22:53:25 +01:00
dependabot[bot] a4ae8ef778 chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 (#2138) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0.
- [Commits](https://github.com/golang/net/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-15 12:27:21 +01:00
dependabot[bot] 407041cba6 chore(deps): bump securego/gosec from 2.22.11 to 2.23.0 (#2142) 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.11 to 2.23.0.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](https://github.com/securego/gosec/compare/v2.22.11...v2.23.0)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-12 08:45:43 +01:00
dependabot[bot] 5002cc2c99 chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#2139) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.47.0 to 0.48.0.
- [Commits](https://github.com/golang/crypto/compare/v0.47.0...v0.48.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-10 08:40:19 +01:00
dependabot[bot] 6a47a4c24d chore(deps): bump github.com/klauspost/compress from 1.18.3 to 1.18.4 (#2140) 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.3 to 1.18.4.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.3...v1.18.4)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-10 08:40:04 +01:00
dependabot[bot] 29c900bf8c chore(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 (#2137) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/sys/compare/v0.40.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-09 19:39:41 +01:00
Erik Dubbelboer 3471acf23f Limit url length in FuzzURIParse 
We had fuzzers use urls of 500kb which doesn't make sense to test with.
 2026-01-30 22:55:42 +01:00
dependabot[bot] 5fbda86a8e chore(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3 (#2129) 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.2 to 1.18.3.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.2...v1.18.3)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-19 16:41:29 -03:00
dependabot[bot] a47d28f18f chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 (#2128) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.49.0.
- [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-13 14:11:36 -03:00
dependabot[bot] 4df3fcd1fe chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 (#2125) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-09 13:15:33 -05:00
pj 21dbfe80ce return prev values (#2123) 2026-01-07 18:13:11 -05:00
Erik Dubbelboer 7cf1fb7967 Add documentation that modifying during iteration can panic (#2122) 
Fixes https://github.com/valyala/fasthttp/issues/2120
v1.69.0 		2026-01-05 15:10:34 +01:00
pj 7b5cb77b95 Add sortkeys (#2118) 
* added Args.SortKeys

* add test for SortKeys

* fix comment
 2025-12-29 15:00:35 -03:00
pj 42f89fbefd update readme (#2114) 2025-12-25 21:16:03 -03:00
dependabot[bot] fb6b6d160c chore(deps): bump securego/gosec from 2.22.10 to 2.22.11 (#2110) 
* chore(deps): bump securego/gosec from 2.22.10 to 2.22.11

Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.10 to 2.22.11.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](https://github.com/securego/gosec/compare/v2.22.10...v2.22.11)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.22.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Ignore invalid warnings

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
 2025-12-18 16:34:33 +01:00
dependabot[bot] fe7e70d901 chore(deps): bump actions/upload-artifact from 5 to 6 (#2111) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-15 12:24:35 -03:00
dependabot[bot] 69ef8f70f6 chore(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 (#2109) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.48.0.
- [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-09 10:05:58 -03:00
dependabot[bot] c2db56193f chore(deps): bump github.com/klauspost/compress from 1.18.1 to 1.18.2 (#2103) 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 12:10:32 +01:00
dependabot[bot] ec00ff0e62 chore(deps): bump actions/checkout from 5 to 6 (#2101) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-21 06:44:31 -03:00
dependabot[bot] 5d415acb4e chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 (#2099) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.44.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-20 12:18:51 +01:00
dependabot[bot] cc8220f692 chore(deps): bump golang.org/x/net from 0.46.0 to 0.47.0 (#2097) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.46.0 to 0.47.0.
- [Commits](https://github.com/golang/net/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-13 02:36:51 +01:00
dependabot[bot] 7b3edaf4d9 chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 (#2098) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-13 01:22:27 +01:00
RW 2a82a57b9d Expose header parsing error variables (#2096) 2025-11-12 02:31:36 +01:00
dependabot[bot] e6c64e1d18 chore(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 (#2094) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 13:22:23 -05:00
dependabot[bot] afeeda6f6e chore(deps): bump golangci/golangci-lint-action from 8 to 9 (#2095) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 13:22:04 -05:00
dependabot[bot] a38233e07d chore(deps): bump actions/upload-artifact from 4 to 5 (#2092) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-27 06:20:53 -06:00
Erik Dubbelboer 1b8c5593da Fix named return bugs 
The new golangci-lint doesn't allow empty return statements anymore.

But returning a specific value with named return variables actually assigns it to the variable.
See: https://go.dev/play/p/kNhVx2scGx5

This caused a bug here: https://github.com/valyala/fasthttp/issues/2090
v1.68.0 		2025-10-23 23:47:40 +02:00
dependabot[bot] 9ca6293984 chore(deps): bump github.com/klauspost/compress from 1.18.0 to 1.18.1 (#2089) 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 10:41:03 +02:00
dependabot[bot] 77468f66c6 chore(deps): bump securego/gosec from 2.22.9 to 2.22.10 (#2088) 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.9 to 2.22.10.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](https://github.com/securego/gosec/compare/v2.22.9...v2.22.10)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.22.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 06:50:58 +02:00
dependabot[bot] 3a2fdec290 chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 (#2085) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 12:47:32 +08:00
dependabot[bot] 59f58c07be chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#2086) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/crypto/compare/v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 12:15:24 +08:00
dependabot[bot] dbfb82aabe chore(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 (#2087) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/sys/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 12:12:35 +08:00
dependabot[bot] b26ff48669 chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 (#2084) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.44.0 to 0.45.0.
- [Commits](https://github.com/golang/net/compare/v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v1.67.0 		2025-10-08 06:32:00 +02:00
Erik Dubbelboer 1962450629 Fix copyTrailer 
Don't use it in PeekTrailerKeys and have it reuse the byte slices it might already
have.
 2025-10-06 03:45:12 +02:00
Erik Dubbelboer 2272d532e1 Reimplement flushing support for fasthttpadaptor (#2081) 
Use a simpler implementation, and do more tests.
Instead of https://github.com/valyala/fasthttp/pull/2069
 2025-10-06 03:22:13 +02:00
Erik Dubbelboer a17ec74999 Reject bad ipv6 hostnames (#2076) 2025-10-05 03:14:32 +02:00
Erik Dubbelboer f18eb9ef0c Reject backslash absolute URIs and cache parse errors (#2075) 
Keep our server behaviour the same as net/http.
 2025-10-05 02:47:11 +02:00
Erik Dubbelboer bed90bcf09 Reject invalid hosts with multiple port delimiters (#2077) 2025-10-05 02:46:46 +02:00
Erik Dubbelboer d3fc682391 Validate schemes (#2078) 2025-10-05 02:23:42 +02:00
Erik Dubbelboer af41f54adb Validate IPv6 addresses in urls (#2079) 2025-10-05 02:10:52 +02:00
Erik Dubbelboer 75dcdb8bba Fix username:password@ validation in urls (#2080) 2025-10-05 02:10:23 +02:00
Erik Dubbelboer ede09fad73 Limit FuzzTestHeaderScanner body size 2025-10-03 05:03:38 +02:00