* feat: enhance performance
* fix: improve request URI parsing condition
* feat: validate HTTP date parsing and optimize status code length calculation
* Address parsing and lint issues
* chore: update Go version to 1.24.x in CI configuration
* feat: enhance HTTP date parsing and request URI handling
* refactor: optimize month and day name parsing using bitwise operations
* refactor: replace cookie token comparison with case insensitive function and streamline request URI parsing
* refactor: streamline request body handling and simplify request URI assignment
* chore: update Go version to 1.25.x in CI configuration
* feat: add fuzz testing for HTTP date parsing to improve robustness
* refactor: avoid unused return values in HTTP date parsing benchmarks
* refactor: update HTTP date parsing to use http.TimeFormat for consistency
* client: simplify (*HostClient).do()
Remove an allocation in favour of deferring a call to release the
response.
* client: remove panic in dialAddr
Return an error instead of panicking if the user supplied a nonsensical
DialFunc.
* compression: remove panic on invalid compression level
If a compression level exceeding gzip's boundaries is provided, fasthttp
will panic. Instead it would be better to handle this error for them by
limiting it to the minimum or maximum value, depending on the direction
the user has exceeded the limits.
Clamp the value of gzip to always be between gzip.BestSpeed and
gzip.BestCompression.
* peripconn: remove panic on negative connection count
When a negative count is reached when unregistering a connection, a
panic is caused even though data-integrity is not at risk.
Replace the panic() with a simple clamp on the value to ensure the
value does not exceed it's expected lower bounds.
References: #1504
* compress: remove error on failed nonblocking writes
Since there is no way of handling or even logging non-critical errors in
stateless non-blocking writecalls, just drop them and hope the user
notices and tries again.
* workerPool: remove panic on redundant Start and Stop calls
Instead of panicking for invalid behaviour, it's preferable to just turn
the function into a noop.
* http: remove panic on invalid form boundary
* http: remove panic on negative reads
Since bufio already panics on negative reads, it is not necessary to do
so as well. If the length is zero and for some reason no error is
returned, readBodyIdentity and appendBodyFixedSize now errors in these
cases.
Link: https://github.com/golang/go/blob/851f6fd61425c810959c7ab51e6dc86f8a63c970/src/bufio/bufio.go#L246
* fs: remove panic on negative reader count
When a negative count is reached when unregistering a reader, a panic is
thrown even though data-integrity is not at risk.
Replace the panic() with a simple clamp on the value to ensure the
value does not exceed it's expected lower bounds.
* server: remove panic in favour of a segfault
Panicking with "BUG: " obscures the error. As the segfault causes a
panic anyway, just let the chaos unfold.
* server: remove panic in favour of returning an error
Writing on a timed-out response is not endangering data integrity and
just fails.
* chore: add comments to all panics
* chore: fix minor typo
* feat: workflow to valid security using GoSec
* Update security.yml
* Fix gosec problems
These are all either false positives or os.Open operations done on
filenames supplied by the fasthttp user which we have to assume is safe.
* Just ignore some rules globally
* Fix more warnings
* No more warnings
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
RW
Erik Dubbelboer
Kashiwa
Juan Calderon-Perez
Oleksandr Redko
Oleksandr Redko
Moritz Poldrack
kinggo
tyltr
ZhangYunHao
Oleg Kovalov
YenForYang
ZhangYunHao
Ivan Mironov
RENAN.BASTOS
Iskander Sharipov
Jan Siemiński
Kirill Danshin
Aliaksandr Valialkin
xPushkin