nodejs
diff --git a/‎deps/llhttp/.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎deps/llhttp/.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎deps/llhttp/CMakeLists.txt‎
Lines changed: 8 additions & 6 deletions b/‎deps/llhttp/CMakeLists.txt‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎deps/llhttp/README.md‎
Lines changed: 94 additions & 27 deletions b/‎deps/llhttp/README.md‎
Lines changed: 94 additions & 27 deletions
diff --git a/‎deps/llhttp/include/llhttp.h‎
Lines changed: 94 additions & 11 deletions b/‎deps/llhttp/include/llhttp.h‎
Lines changed: 94 additions & 11 deletions
@@ -0,0 +1 @@
+libllhttp.pc
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.5.1)
 cmake_policy(SET CMP0069 NEW)
 
-project(llhttp VERSION 8.1.2)
+project(llhttp VERSION 9.1.2)
 include(GNUInstallDirs)
 
 set(CMAKE_C_STANDARD 99)
@@ -47,8 +47,9 @@ configure_file(
 function(config_library target)
   target_sources(${target} PRIVATE ${LLHTTP_SOURCES} ${LLHTTP_HEADERS})
 
-  target_include_directories(${target} PRIVATE
-      ${CMAKE_CURRENT_SOURCE_DIR}/include
+  target_include_directories(${target} PUBLIC
+    $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+    $<INSTALL_INTERFACE:include>
   )
 
   set_target_properties(${target} PROPERTIES
@@ -72,9 +73,10 @@ function(config_library target)
 
   # This is required to work with FetchContent
   install(EXPORT llhttp
-        FILE llhttp-config.cmake
-        NAMESPACE llhttp::
-        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/llhttp)
+    FILE llhttp-config.cmake
+    NAMESPACE llhttp::
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/llhttp
+  )
 endfunction(config_library target)
 
 if(BUILD_SHARED_LIBS)
 
@@ -61,33 +61,41 @@ checks could be performed to get even stricter verification of the llhttp.
 ## Usage
 
 ```C
+#include "stdio.h"
 #include "llhttp.h"
+#include "string.h"
 
-llhttp_t parser;
-llhttp_settings_t settings;
+int handle_on_message_complete(llhttp_t* parser) {
+	fprintf(stdout, "Message completed!\n");
+	return 0;
+}
+
+int main() {
+	llhttp_t parser;
+	llhttp_settings_t settings;
 
-/* Initialize user callbacks and settings */
-llhttp_settings_init(&settings);
+	/*Initialize user callbacks and settings */
+	llhttp_settings_init(&settings);
 
-/* Set user callback */
-settings.on_message_complete = handle_on_message_complete;
+	/*Set user callback */
+	settings.on_message_complete = handle_on_message_complete;
 
-/* Initialize the parser in HTTP_BOTH mode, meaning that it will select between
- * HTTP_REQUEST and HTTP_RESPONSE parsing automatically while reading the first
- * input.
- */
-llhttp_init(&parser, HTTP_BOTH, &settings);
+	/*Initialize the parser in HTTP_BOTH mode, meaning that it will select between
+	*HTTP_REQUEST and HTTP_RESPONSE parsing automatically while reading the first
+	*input.
+	*/
+	llhttp_init(&parser, HTTP_BOTH, &settings);
 
-/* Parse request! */
-const char* request = "GET / HTTP/1.1\r\n\r\n";
-int request_len = strlen(request);
+	/*Parse request! */
+	const char* request = "GET / HTTP/1.1\r\n\r\n";
+	int request_len = strlen(request);
 
-enum llhttp_errno err = llhttp_execute(&parser, request, request_len);
-if (err == HPE_OK) {
-  /* Successfully parsed! */
-} else {
-  fprintf(stderr, "Parse error: %s %s\n", llhttp_errno_name(err),
-          parser.reason);
+	enum llhttp_errno err = llhttp_execute(&parser, request, request_len);
+	if (err == HPE_OK) {
+		fprintf(stdout, "Successfully parsed!\n");
+	} else {
+		fprintf(stderr, "Parse error: %s %s\n", llhttp_errno_name(err), parser.reason);
+	}
 }
 ```
 For more information on API usage, please refer to [src/native/api.h](https://github.com/nodejs/llhttp/blob/main/src/native/api.h).
@@ -279,7 +287,7 @@ protocol support to highly non-compliant clients/server.
 No `HPE_INVALID_HEADER_TOKEN` will be raised for incorrect header values when
 lenient parsing is "on".
 
-**USE AT YOUR OWN RISK!**
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
 
 ### `void llhttp_set_lenient_chunked_length(llhttp_t* parser, int enabled)`
 
@@ -292,23 +300,22 @@ conjunction with `Content-Length`.
 This error is important to prevent HTTP request smuggling, but may be less desirable
 for small number of cases involving legacy servers.
 
-**USE AT YOUR OWN RISK!**
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
 
 ### `void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled)`
 
 Enables/disables lenient handling of `Connection: close` and HTTP/1.0
 requests responses.
 
-Normally `llhttp` would error on (in strict mode) or discard (in loose mode)
-the HTTP request/response after the request/response with `Connection: close`
-and `Content-Length`. 
+Normally `llhttp` would error the HTTP request/response 
+after the request/response with `Connection: close` and `Content-Length`. 
 
 This is important to prevent cache poisoning attacks,
 but might interact badly with outdated and insecure clients. 
 
 With this flag the extra request/response will be parsed normally.
 
-**USE AT YOUR OWN RISK!**
+**Enabling this flag can pose a security issue since you will be exposed to poisoning attacks. USE WITH CAUTION!**
 
 ### `void llhttp_set_lenient_transfer_encoding(llhttp_t* parser, int enabled)`
 
@@ -323,7 +330,67 @@ avoid request smuggling.
 
 With this flag the extra value will be parsed normally.
 
-**USE AT YOUR OWN RISK!**
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_version(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of HTTP version.
+
+Normally `llhttp` would error when the HTTP version in the request or status line
+is not `0.9`, `1.0`, `1.1` or `2.0`.
+With this flag the extra value will be parsed normally.
+
+**Enabling this flag can pose a security issue since you will allow unsupported HTTP versions. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of additional data received after a message ends
+and keep-alive is disabled.
+
+Normally `llhttp` would error when additional unexpected data is received if the message
+contains the `Connection` header with `close` value.
+With this flag the extra data will discarded without throwing an error.
+
+**Enabling this flag can pose a security issue since you will be exposed to poisoning attacks. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of incomplete CRLF sequences.
+
+Normally `llhttp` would error when a CR is not followed by LF when terminating the
+request line, the status line, the headers or a chunk header.
+With this flag only a CR is required to terminate such sections.
+
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of line separators.
+
+Normally `llhttp` would error when a LF is not preceded by CR when terminating the
+request line, the status line, the headers, a chunk header or a chunk data.
+With this flag only a LF is required to terminate such sections.
+
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of chunks not separated via CRLF.
+
+Normally `llhttp` would error when after a chunk data a CRLF is missing before
+starting a new chunk.
+With this flag the new chunk can start immediately after the previous one.
+
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
+### `void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled)`
+
+Enables/disables lenient handling of spaces after chunk size.
+
+Normally `llhttp` would error when after a chunk size is followed by one or more spaces are present instead of a CRLF or `;`.
+With this flag this check is disabled.
+
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
 
 ## Build Instructions
 
 
@@ -1,14 +1,11 @@
+
 #ifndef INCLUDE_LLHTTP_H_
 #define INCLUDE_LLHTTP_H_
 
-#define LLHTTP_VERSION_MAJOR 8
+#define LLHTTP_VERSION_MAJOR 9
 #define LLHTTP_VERSION_MINOR 1
 #define LLHTTP_VERSION_PATCH 2
 
-#ifndef LLHTTP_STRICT_MODE
-# define LLHTTP_STRICT_MODE 0
-#endif
-
 #ifndef INCLUDE_LLHTTP_ITSELF_H_
 #define INCLUDE_LLHTTP_ITSELF_H_
 #ifdef __cplusplus
@@ -33,7 +30,7 @@ struct llhttp__internal_s {
   uint8_t http_major;
   uint8_t http_minor;
   uint8_t header_state;
-  uint8_t lenient_flags;
+  uint16_t lenient_flags;
   uint8_t upgrade;
   uint8_t finish;
   uint16_t flags;
@@ -50,6 +47,7 @@ int llhttp__internal_execute(llhttp__internal_t* s, const char* p, const char* e
 #endif
 #endif  /* INCLUDE_LLHTTP_ITSELF_H_ */
 
+
 #ifndef LLLLHTTP_C_HEADERS_
 #define LLLLHTTP_C_HEADERS_
 #ifdef __cplusplus
@@ -114,7 +112,12 @@ enum llhttp_lenient_flags {
   LENIENT_CHUNKED_LENGTH = 0x2,
   LENIENT_KEEP_ALIVE = 0x4,
   LENIENT_TRANSFER_ENCODING = 0x8,
-  LENIENT_VERSION = 0x10
+  LENIENT_VERSION = 0x10,
+  LENIENT_DATA_AFTER_CLOSE = 0x20,
+  LENIENT_OPTIONAL_LF_AFTER_CR = 0x40,
+  LENIENT_OPTIONAL_CRLF_AFTER_CHUNK = 0x80,
+  LENIENT_OPTIONAL_CR_BEFORE_LF = 0x100,
+  LENIENT_SPACES_AFTER_CHUNK_SIZE = 0x200
 };
 typedef enum llhttp_lenient_flags llhttp_lenient_flags_t;
 
@@ -534,6 +537,7 @@ typedef enum llhttp_status llhttp_status_t;
 #endif
 #endif  /* LLLLHTTP_C_HEADERS_ */
 
+
 #ifndef INCLUDE_LLHTTP_API_H_
 #define INCLUDE_LLHTTP_API_H_
 #ifdef __cplusplus
@@ -759,7 +763,8 @@ const char* llhttp_status_name(llhttp_status_t status);
  * `HPE_INVALID_HEADER_TOKEN` will be raised for incorrect header values when
  * lenient parsing is "on".
  *
- * **(USE AT YOUR OWN RISK)**
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
 void llhttp_set_lenient_headers(llhttp_t* parser, int enabled);
@@ -773,7 +778,8 @@ void llhttp_set_lenient_headers(llhttp_t* parser, int enabled);
  * request smuggling, but may be less desirable for small number of cases
  * involving legacy servers.
  *
- * **(USE AT YOUR OWN RISK)**
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
 void llhttp_set_lenient_chunked_length(llhttp_t* parser, int enabled);
@@ -788,7 +794,8 @@ void llhttp_set_lenient_chunked_length(llhttp_t* parser, int enabled);
  * but might interact badly with outdated and insecure clients. With this flag
  * the extra request/response will be parsed normally.
  *
- * **(USE AT YOUR OWN RISK)**
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * poisoning attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
 void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled);
@@ -802,14 +809,90 @@ void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled);
  * avoid request smuggling.
  * With this flag the extra value will be parsed normally.
  *
- * **(USE AT YOUR OWN RISK)**
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
 void llhttp_set_lenient_transfer_encoding(llhttp_t* parser, int enabled);
 
+/* Enables/disables lenient handling of HTTP version.
+ *
+ * Normally `llhttp` would error when the HTTP version in the request or status line
+ * is not `0.9`, `1.0`, `1.1` or `2.0`.
+ * With this flag the invalid value will be parsed normally.
+ *
+ * **Enabling this flag can pose a security issue since you will allow unsupported
+ * HTTP versions. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_version(llhttp_t* parser, int enabled);
+
+/* Enables/disables lenient handling of additional data received after a message ends
+ * and keep-alive is disabled.
+ *
+ * Normally `llhttp` would error when additional unexpected data is received if the message
+ * contains the `Connection` header with `close` value.
+ * With this flag the extra data will discarded without throwing an error.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * poisoning attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled);
+
+/* Enables/disables lenient handling of incomplete CRLF sequences.
+ *
+ * Normally `llhttp` would error when a CR is not followed by LF when terminating the
+ * request line, the status line, the headers or a chunk header.
+ * With this flag only a CR is required to terminate such sections.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
+
+/*
+ * Enables/disables lenient handling of line separators.
+ *
+ * Normally `llhttp` would error when a LF is not preceded by CR when terminating the
+ * request line, the status line, the headers, a chunk header or a chunk data.
+ * With this flag only a LF is required to terminate such sections.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled);
+
+/* Enables/disables lenient handling of chunks not separated via CRLF.
+ *
+ * Normally `llhttp` would error when after a chunk data a CRLF is missing before
+ * starting a new chunk.
+ * With this flag the new chunk can start immediately after the previous one.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled);
+
+/* Enables/disables lenient handling of spaces after chunk size.
+ *
+ * Normally `llhttp` would error when after a chunk size is followed by one or more
+ * spaces are present instead of a CRLF or `;`.
+ * With this flag this check is disabled.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled);
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
 #endif  /* INCLUDE_LLHTTP_API_H_ */
 
+
 #endif  /* INCLUDE_LLHTTP_H_ */