From 339afee1a00522467f9863d310f0425783ce556f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 6 Mar 2025 14:56:51 +0000 Subject: [PATCH 1/7] chore(release): 15.3.2 [skip ci] ## [ipfs-unixfs-importer-v15.3.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-importer-15.3.1...ipfs-unixfs-importer-15.3.2) (2025-03-06) ### Dependencies * **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b)) --- packages/ipfs-unixfs-importer/CHANGELOG.md | 6 ++++++ packages/ipfs-unixfs-importer/package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs-importer/CHANGELOG.md b/packages/ipfs-unixfs-importer/CHANGELOG.md index bad5711d..8033da38 100644 --- a/packages/ipfs-unixfs-importer/CHANGELOG.md +++ b/packages/ipfs-unixfs-importer/CHANGELOG.md @@ -1,3 +1,9 @@ +## [ipfs-unixfs-importer-v15.3.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-importer-15.3.1...ipfs-unixfs-importer-15.3.2) (2025-03-06) + +### Dependencies + +* **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b)) + ## [ipfs-unixfs-importer-v15.3.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-importer-15.3.0...ipfs-unixfs-importer-15.3.1) (2024-09-13) ### Dependencies diff --git a/packages/ipfs-unixfs-importer/package.json b/packages/ipfs-unixfs-importer/package.json index 6593f7e6..63abf473 100644 --- a/packages/ipfs-unixfs-importer/package.json +++ b/packages/ipfs-unixfs-importer/package.json @@ -1,6 +1,6 @@ { "name": "ipfs-unixfs-importer", - "version": "15.3.1", + "version": "15.3.2", "description": "JavaScript implementation of the UnixFs importer used by IPFS", "license": "Apache-2.0 OR MIT", "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs-importer#readme", From 33894da536f736b73dfc62c94bffffc3f42360ae Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 6 Mar 2025 14:57:09 +0000 Subject: [PATCH 2/7] chore(release): 13.6.2 [skip ci] ## [ipfs-unixfs-exporter-v13.6.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.1...ipfs-unixfs-exporter-13.6.2) (2025-03-06) ### Dependencies * **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b)) --- packages/ipfs-unixfs-exporter/CHANGELOG.md | 6 ++++++ packages/ipfs-unixfs-exporter/package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs-exporter/CHANGELOG.md b/packages/ipfs-unixfs-exporter/CHANGELOG.md index 70479eea..4ba0889c 100644 --- a/packages/ipfs-unixfs-exporter/CHANGELOG.md +++ b/packages/ipfs-unixfs-exporter/CHANGELOG.md @@ -1,3 +1,9 @@ +## [ipfs-unixfs-exporter-v13.6.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.1...ipfs-unixfs-exporter-13.6.2) (2025-03-06) + +### Dependencies + +* **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b)) + ## [ipfs-unixfs-exporter-v13.6.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.0...ipfs-unixfs-exporter-13.6.1) (2024-09-13) ### Dependencies diff --git a/packages/ipfs-unixfs-exporter/package.json b/packages/ipfs-unixfs-exporter/package.json index e74101e4..b81626c1 100644 --- a/packages/ipfs-unixfs-exporter/package.json +++ b/packages/ipfs-unixfs-exporter/package.json @@ -1,6 +1,6 @@ { "name": "ipfs-unixfs-exporter", - "version": "13.6.1", + "version": "13.6.2", "description": "JavaScript implementation of the UnixFs exporter used by IPFS", "license": "Apache-2.0 OR MIT", "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs-exporter#readme", From 7b178e98a40661059780dc16b6c630a261e1c38e Mon Sep 17 00:00:00 2001 From: web3-bot Date: Fri, 28 Mar 2025 14:08:08 +0100 Subject: [PATCH 3/7] ci: uci/copy-templates (#423) * chore: add or force update .github/workflows/stale.yml * chore: add or force update .github/workflows/generated-pr.yml --- .github/workflows/generated-pr.yml | 14 ++++++++++++++ .github/workflows/stale.yml | 5 +++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/generated-pr.yml diff --git a/.github/workflows/generated-pr.yml b/.github/workflows/generated-pr.yml new file mode 100644 index 00000000..b8c5cc63 --- /dev/null +++ b/.github/workflows/generated-pr.yml @@ -0,0 +1,14 @@ +name: Close Generated PRs + +on: + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + +permissions: + issues: write + pull-requests: write + +jobs: + stale: + uses: ipdxco/unified-github-workflows/.github/workflows/reusable-generated-pr.yml@v1 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 16d65d72..7c955c41 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,8 +1,9 @@ -name: Close and mark stale issue +name: Close Stale Issues on: schedule: - cron: '0 0 * * *' + workflow_dispatch: permissions: issues: write @@ -10,4 +11,4 @@ permissions: jobs: stale: - uses: pl-strflt/.github/.github/workflows/reusable-stale-issue.yml@v0.3 + uses: ipdxco/unified-github-workflows/.github/workflows/reusable-stale-issue.yml@v1 From 8ca014420094be90b8bb765bb3f703a9ce7260b1 Mon Sep 17 00:00:00 2001 From: Alex Potsides Date: Mon, 16 Jun 2025 15:39:30 +0300 Subject: [PATCH 4/7] fix: limit incoming hamt width (#433) Matches the undocumented limit in boxo. --- packages/ipfs-unixfs/src/errors.ts | 11 +++++++++++ packages/ipfs-unixfs/src/index.ts | 9 ++++++++- packages/ipfs-unixfs/test/unixfs-format.spec.ts | 13 +++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs/src/errors.ts b/packages/ipfs-unixfs/src/errors.ts index 949caf24..6ac59fed 100644 --- a/packages/ipfs-unixfs/src/errors.ts +++ b/packages/ipfs-unixfs/src/errors.ts @@ -8,3 +8,14 @@ export class InvalidTypeError extends Error { super(message) } } + +export class InvalidUnixFSMessageError extends Error { + static name = 'InvalidUnixFSMessageError' + static code = 'ERR_INVALID_MESSAGE' + name = InvalidUnixFSMessageError.name + code = InvalidUnixFSMessageError.code + + constructor (message = 'Invalid message') { + super(message) + } +} diff --git a/packages/ipfs-unixfs/src/index.ts b/packages/ipfs-unixfs/src/index.ts index 8cc1ad72..82f76823 100644 --- a/packages/ipfs-unixfs/src/index.ts +++ b/packages/ipfs-unixfs/src/index.ts @@ -90,7 +90,7 @@ * ``` */ -import { InvalidTypeError } from './errors.js' +import { InvalidTypeError, InvalidUnixFSMessageError } from './errors.js' import { Data as PBData } from './unixfs.js' export interface Mtime { @@ -117,6 +117,9 @@ const dirTypes = [ const DEFAULT_FILE_MODE = parseInt('0644', 8) const DEFAULT_DIRECTORY_MODE = parseInt('0755', 8) +// https://github.com/ipfs/boxo/blob/364c5040ec91ec8e2a61446e9921e9225704c34d/ipld/unixfs/hamt/hamt.go#L778 +const MAX_FANOUT = BigInt(1 << 10) + export interface UnixFSOptions { type?: string data?: Uint8Array @@ -134,6 +137,10 @@ class UnixFS { static unmarshal (marshaled: Uint8Array): UnixFS { const message = PBData.decode(marshaled) + if (message.fanout != null && message.fanout > MAX_FANOUT) { + throw new InvalidUnixFSMessageError(`Fanout size was too large - ${message.fanout} > ${MAX_FANOUT}`) + } + const data = new UnixFS({ type: types[message.Type != null ? message.Type.toString() : 'File'], data: message.Data, diff --git a/packages/ipfs-unixfs/test/unixfs-format.spec.ts b/packages/ipfs-unixfs/test/unixfs-format.spec.ts index a15d0f2e..12dae55b 100644 --- a/packages/ipfs-unixfs/test/unixfs-format.spec.ts +++ b/packages/ipfs-unixfs/test/unixfs-format.spec.ts @@ -431,4 +431,17 @@ describe('unixfs-format', () => { expect(marshaled).to.deep.equal(Uint8Array.from([0x08, 0x02, 0x18, 0x00])) }) + + it('should limit maximum fanout size', () => { + const data = new UnixFS({ + type: 'hamt-sharded-directory', + fanout: 1025n + }) + const marshaled = data.marshal() + + expect(() => { + UnixFS.unmarshal(marshaled) + }).to.throw() + .with.property('name', 'InvalidUnixFSMessageError') + }) }) From 89006d7e907be06477ac77fd678036f9ce215219 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 16 Jun 2025 12:45:17 +0000 Subject: [PATCH 5/7] chore(release): 11.2.2 [skip ci] ## [ipfs-unixfs-v11.2.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-11.2.1...ipfs-unixfs-11.2.2) (2025-06-16) ### Bug Fixes * limit incoming hamt width ([#433](https://github.com/ipfs/js-ipfs-unixfs/issues/433)) ([8ca0144](https://github.com/ipfs/js-ipfs-unixfs/commit/8ca014420094be90b8bb765bb3f703a9ce7260b1)) --- packages/ipfs-unixfs/CHANGELOG.md | 6 ++++++ packages/ipfs-unixfs/package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs/CHANGELOG.md b/packages/ipfs-unixfs/CHANGELOG.md index 572e8660..956b1de1 100644 --- a/packages/ipfs-unixfs/CHANGELOG.md +++ b/packages/ipfs-unixfs/CHANGELOG.md @@ -1,3 +1,9 @@ +## [ipfs-unixfs-v11.2.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-11.2.1...ipfs-unixfs-11.2.2) (2025-06-16) + +### Bug Fixes + +* limit incoming hamt width ([#433](https://github.com/ipfs/js-ipfs-unixfs/issues/433)) ([8ca0144](https://github.com/ipfs/js-ipfs-unixfs/commit/8ca014420094be90b8bb765bb3f703a9ce7260b1)) + ## [ipfs-unixfs-v11.2.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-11.2.0...ipfs-unixfs-11.2.1) (2025-03-06) ### Dependencies diff --git a/packages/ipfs-unixfs/package.json b/packages/ipfs-unixfs/package.json index f445a04c..ef24b7c4 100644 --- a/packages/ipfs-unixfs/package.json +++ b/packages/ipfs-unixfs/package.json @@ -1,6 +1,6 @@ { "name": "ipfs-unixfs", - "version": "11.2.1", + "version": "11.2.2", "description": "JavaScript implementation of IPFS' unixfs (a Unix FileSystem representation on top of a MerkleDAG)", "license": "Apache-2.0 OR MIT", "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs#readme", From 14d7e1cacfa61fad6df86c0875ad52ce6b203457 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jun 2025 16:20:47 +0300 Subject: [PATCH 6/7] deps(dev): bump sinon from 19.0.5 to 21.0.0 (#432) Bumps [sinon](https://github.com/sinonjs/sinon) from 19.0.5 to 21.0.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/commits) --- updated-dependencies: - dependency-name: sinon dependency-version: 21.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/ipfs-unixfs-exporter/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs-exporter/package.json b/packages/ipfs-unixfs-exporter/package.json index b81626c1..8e516a1c 100644 --- a/packages/ipfs-unixfs-exporter/package.json +++ b/packages/ipfs-unixfs-exporter/package.json @@ -168,7 +168,7 @@ "it-to-buffer": "^4.0.7", "merge-options": "^3.0.4", "readable-stream": "^4.5.2", - "sinon": "^19.0.2", + "sinon": "^21.0.0", "uint8arrays": "^5.1.0", "wherearewe": "^2.0.1" }, From e059bbdf2aed84198407c29746c3a8ce46bd3fd4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 16 Jun 2025 13:26:36 +0000 Subject: [PATCH 7/7] chore(release): 13.6.3 [skip ci] ## [ipfs-unixfs-exporter-v13.6.3](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.2...ipfs-unixfs-exporter-13.6.3) (2025-06-16) ### Dependencies * **dev:** bump sinon from 19.0.5 to 21.0.0 ([#432](https://github.com/ipfs/js-ipfs-unixfs/issues/432)) ([14d7e1c](https://github.com/ipfs/js-ipfs-unixfs/commit/14d7e1cacfa61fad6df86c0875ad52ce6b203457)) --- packages/ipfs-unixfs-exporter/CHANGELOG.md | 6 ++++++ packages/ipfs-unixfs-exporter/package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ipfs-unixfs-exporter/CHANGELOG.md b/packages/ipfs-unixfs-exporter/CHANGELOG.md index 4ba0889c..3d046c17 100644 --- a/packages/ipfs-unixfs-exporter/CHANGELOG.md +++ b/packages/ipfs-unixfs-exporter/CHANGELOG.md @@ -1,3 +1,9 @@ +## [ipfs-unixfs-exporter-v13.6.3](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.2...ipfs-unixfs-exporter-13.6.3) (2025-06-16) + +### Dependencies + +* **dev:** bump sinon from 19.0.5 to 21.0.0 ([#432](https://github.com/ipfs/js-ipfs-unixfs/issues/432)) ([14d7e1c](https://github.com/ipfs/js-ipfs-unixfs/commit/14d7e1cacfa61fad6df86c0875ad52ce6b203457)) + ## [ipfs-unixfs-exporter-v13.6.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.1...ipfs-unixfs-exporter-13.6.2) (2025-03-06) ### Dependencies diff --git a/packages/ipfs-unixfs-exporter/package.json b/packages/ipfs-unixfs-exporter/package.json index 8e516a1c..3c2141d3 100644 --- a/packages/ipfs-unixfs-exporter/package.json +++ b/packages/ipfs-unixfs-exporter/package.json @@ -1,6 +1,6 @@ { "name": "ipfs-unixfs-exporter", - "version": "13.6.2", + "version": "13.6.3", "description": "JavaScript implementation of the UnixFs exporter used by IPFS", "license": "Apache-2.0 OR MIT", "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs-exporter#readme",