update to latest bunyan

.github/workflows/check.yml

@@ -0,0 +1,12 @@
+name: Check Lint & Style
+on: [push, pull_request]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+    - run: npm ci
+    - run: npm run check

.github/workflows/test.yml

@@ -0,0 +1,58 @@
+name: Test
+
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+    - '*.md'
+  pull_request:
+    paths-ignore:
+    - 'docs/**'
+    - '*.md'
+
+jobs:
+  # Test once on every (available) plat, using LTS node version
+  # (https://nodejs.org/en/about/releases/).
+  test-plats:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '12.x'
+    - run: npm ci
+    - run: npm test
+
+  # Test once for every supported node version (don't repeat the LTS
+  # node version from the previous step). Only test on one
+  # platform to not overkill the number of builds.
+  test-vers:
+    strategy:
+      matrix:
+        node: ['8.x', '10.x', '14.x']
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node }}
+    - run: npm ci
+    - run: npm test
+
+  # Test older versions separately because really old node/npm don't support
+  # 'npm ci'.
+  test-old-vers:
+    strategy:
+      matrix:
+        node: ['0.10.x', '4.x', '6.x']
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node }}
+    - run: npm install
+    - run: npm test

.gitignore

@@ -3,4 +3,4 @@
 *.log
 !/test/corpus/*.log
 /*.tgz
-/test/*.log.0
+/test/log.test.rot.log.*

CHANGES.md

@@ -1,14 +1,48 @@
 # bunyan Changelog
 
+See [the [email protected] changelog](https://github.com/trentm/node-bunyan/blob/1.x/CHANGES.md)
+for details on recent 1.x releases.
+
 Known issues:
 
 - [issue #58] Can't install to a dir with spaces. This is [this node-gyp
   bug](https://github.com/TooTallNate/node-gyp/issues/65).
 
+
 ## not yet released
 
 (nothing yet)
 
+## 2.0.5 (beta)
+
+- [pull #575, #278] Change the default "req" serializer to accept expressjs's
+  `req.originalUrl` for the "url" field per
+  <https://expressjs.com/en/api.html#req.originalUrl>. (By @twelve17 and
+  @kingcody.)
+- Development change: Switch to node-tap for testing (from nodeunit, which is
+  now obsolete). Currently just tap v9 because that is the last major version
+  of node-tap that supports back to node v0.10.
+
+## 2.0.4 (beta)
+
+- [pull #558] Update minimum "moment" version to 2.19.3 for CVE-2017-18214.
+- [issue #589] Use `os.EOL` for newlines in bunyan output, which helps with
+  some Unix-EOL-naive apps like notepad. (By @bwknight877.)
+- Development change: Switched to GitHub Actions for CI.
+
+## 2.0.3 (beta)
+
+- Fix a vulnerability from a crafted argument to 'bunyan -p ARG'
+
+  This was reported privately as:
+      https://hackerone.com/reports/902739
+      bunyan - RCE via insecure command formatting
+
+  Previous to this version the 'bunyan' CLI was not escaping a given argument
+  to the '-p' option before executing `ps -A -o pid,command | grep '$ARG'`
+  which could lead to unintended execution.
+
+  (This same change is also in [email protected].)
 
 ## 2.0.2 (beta)
 

CONTRIBUTING.md

@@ -24,7 +24,7 @@ If you want to help me here, great! Thank you! Some ideas:
   place to start.
 
 - [Once I've made a once over
-  triaging](https://github.com/trentm/node-bunyan/issues/335) and consolodating
+  triaging](https://github.com/trentm/node-bunyan/issues/335) and consolidating
   issues and PRs, volunteering for issues in a particular
   [component](#component) with which you have familiarity would be great.
 

Makefile

@@ -1,7 +1,9 @@
 
+SHELL := bash
+
 #---- Tools
 
-NODEUNIT := ./node_modules/.bin/nodeunit
+TAP_EXEC := ./node_modules/.bin/tap
 SUDO := sudo
 ifeq ($(shell uname -s),SunOS)
 	# On SunOS (e.g. SmartOS) we expect to run the test suite as the
@@ -16,26 +18,23 @@ endif
 ifeq ($(shell uname -s),Darwin)
     DTRACE_UP_IN_HERE=1
 endif
-NODEOPT ?= $(HOME)/opt
 
 
 #---- Files
 
 JSSTYLE_FILES := $(shell find lib test tools examples -name "*.js") bin/bunyan
-# All test files *except* dtrace.test.js.
-NON_DTRACE_TEST_FILES := $(shell ls -1 test/*.test.js | grep -v dtrace | xargs)
 
 
 #---- Targets
 
-all $(NODEUNIT):
+all $(TAP_EXEC):
 	npm install $(NPM_INSTALL_FLAGS)
 
 # Ensure all version-carrying files have the same version.
 .PHONY: versioncheck
 versioncheck:
-	@echo version is: $(shell cat package.json | json version)
-	[[ `cat package.json | json version` == `grep '^## ' CHANGES.md | head -2 | tail -1 | awk '{print $$2}'` ]]
+	@echo version is: $(shell node -e 'console.log(require("./package.json").version)')
+	[[ `node -e 'console.log(require("./package.json").version)'` == `grep '^## ' CHANGES.md | head -2 | tail -1 | awk '{print $$2}'` ]]
 	@echo Version check ok.
 
 .PHONY: cutarelease
@@ -91,45 +90,12 @@ distclean:
 #---- test
 
 .PHONY: test
-test: $(NODEUNIT)
+test: $(TAP_EXEC)
 	test -z "$(DTRACE_UP_IN_HERE)" || test -n "$(SKIP_DTRACE)" || \
 		(node -e 'require("dtrace-provider").createDTraceProvider("isthisthingon")' && \
 		echo "\nNote: Use 'SKIP_DTRACE=1 make test' to skip parts of the test suite that require root." && \
-		$(SUDO) $(NODEUNIT) test/dtrace.test.js)
-	$(NODEUNIT) $(NON_DTRACE_TEST_FILES)
-
-# Test with all node supported versions (presumes install locations I use on
-# my machine -- "~/opt/node-VER"):
-# Note: 'test4' is last so (if all is well) I end up with a binary
-# dtrace-provider build for my current default node version.
-.PHONY: testall
-testall: test7 test6 test012 test010 test4
-
-.PHONY: test7
-test7:
-	@echo "# Test node 7.x (with node `$(NODEOPT)/node-7/bin/node --version`)"
-	@$(NODEOPT)/node-7/bin/node --version | grep '^v7\.'
-	PATH="$(NODEOPT)/node-7/bin:$(PATH)" make distclean all test
-.PHONY: test6
-test6:
-	@echo "# Test node 6.x (with node `$(NODEOPT)/node-6/bin/node --version`)"
-	@$(NODEOPT)/node-6/bin/node --version | grep '^v6\.'
-	PATH="$(NODEOPT)/node-6/bin:$(PATH)" make distclean all test
-.PHONY: test4
-test4:
-	@echo "# Test node 4.x (with node `$(NODEOPT)/node-4/bin/node --version`)"
-	@$(NODEOPT)/node-4/bin/node --version | grep '^v4\.'
-	PATH="$(NODEOPT)/node-4/bin:$(PATH)" make distclean all test
-.PHONY: test012
-test012:
-	@echo "# Test node 0.12.x (with node `$(NODEOPT)/node-0.12/bin/node --version`)"
-	@$(NODEOPT)/node-0.12/bin/node --version | grep '^v0\.12\.'
-	PATH="$(NODEOPT)/node-0.12/bin:$(PATH)" make distclean all test
-.PHONY: test010
-test010:
-	@echo "# Test node 0.10.x (with node `$(NODEOPT)/node-0.10/bin/node --version`)"
-	@$(NODEOPT)/node-0.10/bin/node --version | grep '^v0\.10\.'
-	PATH="$(NODEOPT)/node-0.10/bin:$(PATH)" make distclean all test
+		$(SUDO) $(TAP_EXEC) test/dtrace/*.test.js)
+	$(TAP_EXEC) test/*.test.js
 
 
 #---- check

README.md

@@ -94,6 +94,12 @@ all versions of Bunyan logs. Therefore you might want to `npm install -g bunyan`
 to get the bunyan CLI on your PATH, then use local bunyan installs for
 node.js library usage of bunyan in your apps.
 
+**Tip**: Installing without optional dependencies can dramatically reduce
+bunyan's install size. **dtrace-provider** is used for dtrace features,
+**mv** is used for RotatingFileStream, and **moment** is used for local time.
+If you don't need these features, consider installing with the
+`--no-optional` flag.
+
 
 # Features
 
@@ -411,13 +417,13 @@ log.addSerializers({req: reqSerializer});
 
 A serializer function is passed unprotected objects that are passed to the
 `log.info`, `log.debug`, etc. call. This means a poorly written serializer
-function can case side-effects. Logging shouldn't do that. Here are a few
+function can cause side-effects. Logging shouldn't do that. Here are a few
 rules and best practices for serializer functions:
 
 - A serializer function *should never throw*. The bunyan library *does*
   protect somewhat from this: if the serializer throws an error, then
   bunyan will (a) write an ugly message on stderr (along with the traceback),
-  and (b) the field in the log record will be replace with a short error message.
+  and (b) the field in the log record will be replaced with a short error message.
   For example:
 
     ```
@@ -439,7 +445,7 @@ rules and best practices for serializer functions:
 - A serializer function *should never mutate the given object*. Doing so will
   change the object in your application.
 
-- A serializer function *should be defensive*. In my experience it is common to
+- A serializer function *should be defensive*. In my experience, it is common to
   set a serializer in an app, say for field name "foo", and then accidentally
   have a log line that passes a "foo" that is undefined, or null, or of some
   unexpected type. A good start at defensiveness is to start with this:
@@ -649,7 +655,7 @@ Pretty-printed:
   is the name of the service/app using Bunyan for logging.
 - `hostname`: Required. String. Provided or determined at Logger creation.
   You can specify your hostname at Logger creation or it will be retrieved
-  vi `os.hostname()`.
+  via `os.hostname()`.
 - `pid`: Required. Integer. Filled in automatically at Logger creation.
 - `time`: Required. String. Added by Bunyan. Can be overridden.
   The date and time of the event in [ISO 8601
@@ -726,7 +732,7 @@ follow (feedback from actual users welcome).
 - `req.username`: Authenticated user (or for a 401, the user attempting to
   auth).
 - Some mechanism to calculate response latency. "restify" users will have
-  a "X-Response-Time" header. A `latency` custom field would be fine.
+  an "X-Response-Time" header. A `latency` custom field would be fine.
 - `req.body`: If you know that request bodies are small (common in APIs,
   for example), then logging the request body is good.
 
@@ -754,7 +760,7 @@ var log = bunyan.createLogger({
 });
 ```
 
-For convenience, if there is only one stream, it can specified with the
+For convenience, if there is only one stream, it can be specified with the
 "stream" and "level" options (internally converted to a `Logger.streams`).
 
 ```js
@@ -1060,7 +1066,7 @@ used for anything else.</td>
 
 **Note on log rotation**: Often you may be using external log rotation utilities
 like `logrotate` on Linux or `logadm` on SmartOS/Illumos. In those cases, unless
-your are ensuring "copy and truncate" semantics (via `copytruncate` with
+you are ensuring "copy and truncate" semantics (via `copytruncate` with
 logrotate or `-c` with logadm) then the fd for your 'file' stream will change.
 You can tell bunyan to reopen the file stream with code like this in your
 app:
@@ -1374,19 +1380,19 @@ var log = bunyan.createLogger({
 log.info('hi on info');
 ```
 
-## Webpack
-Webpack can work with the same example Browserify above. To do this, we need to make webpack ignore optional files:
+## webpack
+To include bunyan in your webpack bundle you need to tell webpack to
+ignore the optional dependencies that are unavailable in browser environments.
+
+Mark the following dependencies as
+[externals](https://webpack.js.org/configuration/externals/) in your webpack
+configuration file to exclude them from the bundle:
 
-Now tell webpack to ignore files for 
-[optional dependencies](https://webpack.js.org/configuration/module/#module-noparse)
-in your "webpack.config.js":
 ```
 module: {
-    noParse: [/dtrace-provider$/, /safe-json-stringify$/, /mv/],
-    ...
+    externals: ['dtrace-provider', 'fs', 'mv', 'os', 'source-map-support']
 }
 ```
-Now webpack builds.
 
 # Versioning
 

TODO.md

@@ -79,7 +79,7 @@ TODO:
 - full-on docs
 - better examples/
 - better coloring
-- look at pino (bunyan style, perf benefits)
+- look at pino (bunyan style, perf benefits), also logpp (https://github.com/mrkmarron/logpp)
 - would be exciting to have bunyan support in http://lnav.org/ if that
   made sense
 - "template" support for 'rotating-file' stream to get dated rolled files