Skip to content

Node Client 3.7.1 #968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Sep 25, 2025
Merged

Node Client 3.7.1 #968

merged 12 commits into from
Sep 25, 2025

Conversation

@anu3990
Copy link
Contributor

@anu3990 anu3990 commented Sep 25, 2025

No description provided.

anu3990 and others added 12 commits August 19, 2025 15:01
@anu3990
MLE-23575 : Security vulnerability detected in Node Client
01586dc 
 - GHSA-52f5-9888-hmc6
@anu3990
MLE-23607 : Node Client Sparql test fails for 12-nightly on Jenkins
cb01203
@stevebio
MLE-24312: map port 8017 via docker-compose. SSL service configured f…
1cdebb1 
…or port 8017. Add a second error message for test using SSL to confirm error when connecting to non-SSL REST service. Message probably changed for ML12 (not sure, but error message in test does not work).
@stevebio
Merge pull request #960 from marklogic/task/fixSslTests
963cba1 
MLE-24312: fix ssl tests
@stevebio
MLE-24397 - fix reported issue on Linux FIPS around exception caused …
8c9e5ff 
…by default load of FIPS-forbidden MD5 digest algorithm. Incorporate the source from the abandoned www-authenticate project and fix in place.
@stevebio
Merge pull request #963 from stevebio/task/fipsMd5Fix
739c156 
MLE-24397 - fix issue on Linux FIPS reported by consultant/customer a…
@stevebio
Re-add external www-authenticate library so we can show our changes i…
507cec1 
…n another commit..

Delete and re-add existing www-authenticate files to www-authenticate-patched. Change path for require for requester and tests. Changes to www-authenticate will be in subsequent commit, for tracking
@stevebio
Remove unnecessary top-level MD5 digester functions that cause an exc…
9d57aef 
…eption on FIPS-enabled systems when the www-authenticate module is loaded via require. The MD5 digester functions are already created on demand when using DIGEST authentication.

Use Buffer.from rather than deprecated new Buffer constructor form.
Move the Parser_Authenticate_Info prototype statement to after the definition of the function.
Add copyright to all the files.
@stevebio
Merge pull request #965 from stevebio/task/fipsMD5Fix2
6ba3f22 
MLE-24397 - fix reported issue on Linux FIPS around exception caused by default load of FIPS-forbidden MD5 digest algorithm. Incorporate the source from the abandoned www-authenticate project and fix in place.
@anu3990
MLE-24407 : Update package.json and changelog for Node Client 3.7.1
80fadc6
@stevebio
MLE-123456 - polaris fixes: remove unreachable break and continue sta…
21e78bc 
…tements, unused variables, and move return note_error line outside of the for loop, which was probably intended.
@stevebio
Merge pull request #967 from stevebio/task/polarisFixes
d39fb6f 
MLE-123456 - polaris fixes: remove unreachable break and continue sta…
Copilot AI review requested due to automatic review settings September 25, 2025 17:08
Copilot AI reviewed Sep 25, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

A patch release (version 3.7.1) that addresses FIPS compliance by replacing the www-authenticate npm dependency with a patched local version to avoid MD5 hashing issues.

  • Added patched local version of www-authenticate module to avoid FIPS MD5 compliance issues
  • Updated test infrastructure to support port range expansion and better error handling
  • Added FIPS-specific test to verify MD5 hash digester is not loaded by default

Reviewed Changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
package.json Version bump to 3.7.1, removed www-authenticate dependency, added tmp dev dependency
lib/requester.js Updated import to use local patched www-authenticate module
lib/www-authenticate-patched/*.js Added patched www-authenticate module files for FIPS compliance
test-basic/digestauth-fips-nomd5load.js Added FIPS test to verify MD5 digester is not loaded on require
test-complete/nodejs-optic-from-sparql.js Refactored version-specific logic for server configuration handling
test-basic/client.js Enhanced error message matching for HTTPS/HTTP protocol mismatch
test-app/docker-compose*.yaml Expanded port range from 8016 to 8017
CHANGELOG.md Added changelog entry for version 3.7.1

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@anu3990 anu3990 merged commit a6bcd85 into master Sep 25, 2025
0 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rjrudin rjrudin rjrudin approved these changes

@BillFarber BillFarber Awaiting requested review from BillFarber BillFarber is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@anu3990 @rjrudin @stevebio