Upgrade Core and Blaze#923
Conversation
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
🤖 Augment PR SummarySummary: This PR updates the vendored Sourcemeta Changes:
Technical Notes: The new JSON-LD component is wired into Core’s build/config component system ( 🤖 Was this summary useful? React with 👍 or 👎 |
| const std::chrono::system_clock::time_point now) -> bool { | ||
| std::optional<FetchResult> fetched; | ||
| try { | ||
| fetched = this->fetcher_(this->jwks_uri_); |
There was a problem hiding this comment.
vendor/core/src/core/jose/jose_jwks_provider.cc:60 — fetch_and_install_locked invokes the user-provided fetcher_ while holding mutex_, which risks deadlock/re-entrancy issues and can block unrelated verify() calls for the duration of network I/O.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| if (state.resolver == nullptr || !*state.resolver) { | ||
| throw JSONLDError("Loading remote context failed", location); | ||
| } | ||
| const auto document{(*state.resolver)(reference)}; |
There was a problem hiding this comment.
vendor/core/src/core/jsonld/jsonld_context_processing.cc:81 — The user-supplied JSONLDResolver is called without guarding against exceptions; if it throws, it will escape as an arbitrary exception rather than being reported as a JSON-LD loading failure.
Severity: medium
Other Locations
vendor/core/src/core/jsonld/jsonld_context_processing.cc:161
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
Signed-off-by: Juan Cruz Viotti jv@jviotti.com