pruvonet / squiss-ts Goto Github PK
View Code? Open in Web Editor NEWHigh-volume Amazon SQS Poller for Node.js
License: Apache License 2.0
High-volume Amazon SQS Poller for Node.js
License: Apache License 2.0
Setup a documentation site for proper documentation
Long and unreadable documentation in README.md file
Setup a slate documentation site
I am unable to delete message, at all. I am calling simply:
poller.on('message', (msg)=>{
msg.del();
});
And my program crashes, recieving:
(node:15264) UnhandledPromiseRejectionWarning: AWS.SimpleQueueService.BatchEntryIdsNotDistinct: Id 9f9954d8-ac18-4892-b59b-a7ced5ddb382 repeated.
If I receive messages with the correct attributes (__ SQS_S3__, SQS_GZIP) and with unwrapSns: true
then it should parse my message back to its original form.
If I receive a message in the form gzip or s3 then the message is not parsed properly.
Incorrect path in the constructor of the class Message, must be added to if (opts.unwrapSns)
- this.attributes = attributeUtils_1.parseMessageAttributes(unwrapped.MessageAttributes);
And in parseAttributeValue
replace with this
const type = unparsedAttribute.DataType || unparsedAttribute.Type;
const stringValue = unparsedAttribute.StringValue || unparsedAttribute.Value;
12.12.8
to 12.12.9
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
As explained at https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-temporary-queues.html
And implemented here https://github.com/awslabs/amazon-sqs-java-temporary-queues-client
The temp/virtual queues pattern allows for 2 way scalable communication using SQS queues
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: squiss-ts/node_modules/jmespath/index.html
Path to vulnerable library: squiss-ts/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
As far as I understand it, activePollIntervalMs should delay the poller by a specified number of ms before picking up another message? If so, I don't seem to be able to get it to work. As soon as one message is processed, the next message is picked up with no delay, even though I have set:
activePollIntervalMs: 5000,
Any ideas?
squiss-ts should run without any runtime warnings
Usage of gzipUtils will cause warning messages to be logged due to new Buffer()
being called. https://github.com/PruvoNet/squiss-ts/blob/master/src/gzipUtils.ts
See https://nodejs.org/docs/latest-v10.x/api/buffer.html#buffer_new_buffer_string_encoding
N.B. Also called in tests at https://github.com/PruvoNet/squiss-ts/blob/master/src/test/src/Message.spec.ts#L37 & https://github.com/PruvoNet/squiss-ts/blob/master/src/test/src/Message.spec.ts#L41
Replace Buffer constructor with Buffer.from()
Run tests and check logs. See https://travis-ci.com/PruvoNet/squiss-ts/jobs/257131231#L250
No issues with usability, just a warning message in logs
This package still uses iltorb, which is no longer needed in modern versions of Node:
npm WARN deprecated [email protected]: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: squiss-ts/node_modules/jmespath/index.html
Path to vulnerable library: squiss-ts/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
2.562.0
to 2.563.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
aws-sdk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
See changelog for more information.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
Timeout extender takes into account the advancedCallMs
only for the first time it schedules an extension action. After that, that param is not being taken under consideration, causing race condition between following renew times and message visibility end time.
Are there any plans to support aws-sdk version 3
of the AWS SDK? One of its perks is the modular architecture, it would reduce significantly the huge size of the dependency.
It is a very usual scenario where you have messages in your dead letter queue and you want to resbumit them back to your queue (while maybe modifying the message)
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: squiss-ts/node_modules/jmespath/index.html
Path to vulnerable library: squiss-ts/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: squiss-ts/node_modules/jmespath/index.html
Path to vulnerable library: squiss-ts/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: squiss-ts/node_modules/jmespath/index.html
Path to vulnerable library: squiss-ts/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: rails/jquery-rails@8f601cb
Release Date: 2020-05-19
Fix Resolution: jquery-rails - 2.2.0
Step up your Open Source Security Game with WhiteSource here
When stopping the queue using stop()
with timeout, the promise need to be resolved only once.
When stopping the queue using stop()
with timeout, the promise might get resolved twice.
Save the state of the resolve, and not perform it twice.
stop()
with timeout while there are messages being handled.12.12.1
to 12.12.2
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: squiss-ts/package.json
Path to vulnerable library: squiss-ts/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
It will be a cool feature, to allow the library user, to decide that he wants to rate-limit the handling of the messages across many microservices, instead of just using the concurrency control alone.
Example use case - a message queue to send emails with SMTP global hourly rate-limiting enforced.
We can leverage the following library for the task: https://github.com/dex4er/js-sliding-window-rate-limiter
2.570.0
to 2.571.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
aws-sdk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
See changelog for more information.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
It is not allowed o send extra parameters in the Entries value of the request
Your issue may already be reported!
Please search on the issue tracker before creating one.
If the call to deleteMessageBatch rejects, then that rejected Promise should be handled properly and not bubble up.
An UnhandledPromiseRejectionWarning is logged to console, for example:
(node:58881) UnhandledPromiseRejectionWarning: AWS.SimpleQueueService.NonExistentQueue: The specified queue does not exist for this wsdl version.
The cause of this bug is that a rejected Promise is returned from https://github.com/PruvoNet/squiss-ts/blob/master/src/Squiss.ts#L352, however that rejected Promise is not caught at https://github.com/PruvoNet/squiss-ts/blob/master/src/Squiss.ts#L471 which is where the call to _deleteMessages
occurs.
Proposed solutions:
_deleteMessages
, the error has already been emitted so no need to reject as well?.catch()
handler in _deleteXMessages
which suppresses the errorCan be replicated via the unit tests. For visibility set https://github.com/PruvoNet/squiss-ts/blob/master/src/test/src/index.spec.ts#L725 to be the only test to run:
it.only('emits error when delete call fails', () => {
Warnings can then be seen in the console
[me@mymachine squiss-ts (master)]$ npm test
> [email protected] test /Users/me/GitHub/squiss-ts
> npm run lint && npm run mocha
> [email protected] lint /Users/me/GitHub/squiss-ts
> tslint -c tslint.json 'src/**/*.ts' 'test/**/*.ts'
> [email protected] mocha /Users/me/GitHub/squiss-ts
> mocha --opts src/test/mocha.opts
index
Failures
(node:70693) UnhandledPromiseRejectionWarning: Error: test
at Object.promise (/Users/me/GitHub/squiss-ts/src/test/src/index.spec.ts:731:41)
at getQueueUrl.then (/Users/me/GitHub/squiss-ts/src/Squiss.ts:348:16)
at <anonymous>
(node:70693) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)
(node:70693) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
β emits error when delete call fails (72ms)
1 passing (84ms)
We are currently testing out squiss-ts by testing it in different scenarios before implementing in production code. A real world example which would cause an error like this would be a network blip.
squiss-ts: 4.0.6
Node: 8.16.1
Hi,
Looking at using this library, its awesome!
I have a use-case:
We have an sqs-processor that involves booting up Puppeteer and google lighthouse to audit webpages. The processing time varies wildly, and sometimes the program hangs, hence I have been using (in my own manual implementation) a timer that repeatedly extends the message visibility up to a certain limit. With this library, I can now use the autoExtendTimeout
feature which is awesome!
However, there's a problem; when the message reaches it's hard time limit (i.e. noExtensionsAfterSecs
) I need to capture this event, so that I can shut down the Puppeteer browser and lighthouse processes - i.e. actually stop the message processing. As far as I can tell, when the noExtensionsAfterSecs
limit is reached, the message is simply returned to the queue, i.e. effectively calling release()
on it?
It would be awesome if I could capture this event with a listener so I can do as I please on a timeout event.
I've been looking at poller.on('handled')...
to see if there is anything I can grab from there, but it doesn't look like the handled
event is fired in this case.
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.1.tgz
Path to dependency file: squiss-ts/package.json
Path to vulnerable library: squiss-ts/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 9b4ec2c6366c49ad22ffe58a91f08185fe51b78d
Found in base branch: master
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: yargs/yargs-parser@63810ca
Release Date: 2020-06-05
Fix Resolution: 5.0.1;13.1.2;15.0.1;18.1.1
Step up your Open Source Security Game with WhiteSource here
2.580.0
to 2.581.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
aws-sdk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
See changelog for more information.
The new version differs by 2 commits.
5ea6715
Updates SDK to v2.581.0
2f3826c
feat: add opt-in support for S3 us-east-1 regional endpoint (#2960)
See the full diff
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
βοΈ Important announcement: Greenkeeper will be saying goodbye π and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
2.634.0
to 2.635.0
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
aws-sdk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
See changelog for more information.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
12.12.6
to 12.12.7
.π¨ View failing branch.
This version is covered by your current version range and after updating it in your project the build failed.
@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those donβt help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot π΄
Helps lowering message sizes to reduce costs of api calls
Is your feature request related to a problem? Please describe.
We currently use sqs-consumer
which is Apache 2.0 licensed. We really liked some of the features in squiss
which was ISC and were super excited to find this updated TypeScriptified fork. Unfortunately due to legal restrictions out of our control, we aren't able to use or contribute to GPL libraries, which means sadly we can't get involved with this library.
Describe the solution you'd like
I'd love for the repo to be relicensed as MIT, ISC or Apache 2.0. Appreciate it might be an impossible request but doesn't hurt to ask!
Describe alternatives you've considered
As mentioned above:
sqs-consumer
- doesn't have concurrency utilizationsquiss
- unmaintainedAdditional context
Before we noticed the license, we actually prototyped a solution using squiss-ts
and it worked fantastically. So even if you are unable to change the license, I just wanted to say great effort on the library :)
Need to fire event when S3 events occur such as upload, download, and delete.
This will be useful if you want to monitor how many messages are getting sent that way
Currently we are using our own typing of the linked-list library. This should be removed once wooorm/linked-list#12 is fixed
Same behaviour like https://github.com/awslabs/amazon-sqs-java-extended-client-lib
When a message is received and failed to get parsed, there is an un-handled promise rejection error.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.