Skip to content

Add size limits on request bodies and upstream metadata reads#25

Merged
andrew merged 1 commit into
mainfrom
add-body-size-limits
Mar 13, 2026
Merged

Add size limits on request bodies and upstream metadata reads#25
andrew merged 1 commit into
mainfrom
add-body-size-limits

Conversation

@andrew
Copy link
Copy Markdown
Contributor

@andrew andrew commented Mar 12, 2026

POST endpoints (/api/outdated, /api/bulk) now reject bodies over 1 MB using http.MaxBytesReader. Upstream metadata reads (npm, pypi, composer, nuget, pub) now use io.LimitReader capped at 50 MB to prevent OOM from unexpectedly large responses.

@andrew
Add size limits on request bodies and upstream metadata reads
0e1a06c 
POST endpoints (/api/outdated, /api/bulk) now reject bodies over 1 MB
using http.MaxBytesReader. Upstream metadata reads (npm, pypi, composer,
nuget, pub) now use io.LimitReader capped at 50 MB to prevent OOM from
unexpectedly large responses.
@andrew andrew force-pushed the add-body-size-limits branch from 34c8248 to 0e1a06c Compare March 13, 2026 07:28
@andrew andrew merged commit 73b9633 into main Mar 13, 2026
5 checks passed
@andrew andrew deleted the add-body-size-limits branch March 26, 2026 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrew