You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
c3b4e5 fix(http): check socket state before operations in doRedirect (#26221)
Summary
Fix assertion failure when using HTTP proxy with redirects and socket
closes during redirect processing
Add isClosedOrHasError() checks before releaseSocket and closeSocket in doRedirect
Fixes #26220
Root Cause
In doRedirect (src/http.zig:786-797), the code called releaseSocket or closeSocket without checking if the socket was
already closed. When onClose is triggered while is_redirect_pending
is true, it calls doRedirect, but the socket is already closed at that
point, causing the assertion in HTTPContext.zig:168 to fail:
assert(!socket.isClosed()); // FAILS - socket IS closed
Fix
Added !socket.isClosedOrHasError() checks before socket operations in doRedirect, matching the pattern already used at line 1790 in the same
file.
Test plan
All existing proxy redirect tests pass (bun bd test test/js/bun/http/proxy.test.ts)
The .direnv folder is created by direnv when
using use flake in .envrc to automatically load the Nix development
shell. Since the repo already includes a flake.nix, developers on NixOS
commonly use direnv (via nix-direnv) to auto-load the environment. This
folder contains cached environment data and should not be committed.
939f5c fix(nix): disable fortify hardening for debug builds (#26199)
What does this PR do?
NixOS enables security hardening flags by default in mkShell / devShells e.g. _FORTIFY_SOURCE=2. This flag adds runtime buffer
overflow checks but requires compiler optimization (-O1 or higher) to
work, since it needs to inline functions to insert checks.
Debug builds use -O0 (no optimization), which causes this compilation
error: error: _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror,-W#warnings]
This patch is a standard Nix way to disable this specific flag while
keeping other hardening features intact. It doesn't affect release
builds since it's scoped to devShells.
How did you verify your code works?
bun bd test successfully runs test cases.
496aeb refactor(wrapAnsi): use WTF::find for character searches (#26200)
Summary
This PR addresses the review feedback from #26061
(comment)
requesting the use of WTF::find for newline searches in wrapAnsi.cpp.
Changes
1. CRLF Normalization (lines 628-639)
Replaced manual loop with WTF::findNextNewline which provides
SIMD-optimized detection for \r, \n, and \r\n sequences.
Before:
for (size_t i = 0; i < input.size(); ++i) {
if (i + 1 < input.size() && input[i] == '\r' && input[i + 1] == '\n') {
normalized.append(static_cast<Char>('\n'));
i++;
} else {
normalized.append(input[i]);
}
}
Merges upstream WebKit changes into oven-sh/webkit fork
WebKit Upgrade Summary (JavaScriptCore Changes)
JSType Enum Changes
No breaking changes to JSType enum from upstream. The diff showing InternalFieldTupleType removal is actually showing Bun's custom
addition - upstream WebKit does not have this type. The Bun fork
maintains InternalFieldTupleType after DerivedStringObjectType,
which is preserved during the upgrade.
Notable Performance Improvements
ARM64 Conditional Compare Chain (ccmp/ccmn)
Commit:2cd6a734ed6c
Implements ARM64 ccmp/ccmn instruction chaining for compound
boolean expressions
Converts patterns like if (x0 == 0 && x1 == 1) into efficient
conditional compare sequences
Reduces branch prediction misses and code size
Introduces new Air opcodes: CompareOnFlags, CompareConditionallyOnFlags, BranchOnFlags
Extended Constant Materialization for Float16/Float/Double/V128
Commit:0521cc7f331a
Enhanced ARM64 constant materialization using movi, mvni, and
vector fmov
Avoids memory loads for Float constants (32-bit values can now be
materialized directly)
Adds FPImm128 and Move128ToVector Air instructions
DFG/FTL Storage Pointer Improvements
Commits:00c0add58ec3, 7051d3ac1f34
FTL Phis now properly support storage (butterfly) pointers
Introduces KnownStorageUse for all storage operands in DFG/FTL
Fixes issues with Array allocation sinking when creating storage Phis
Improves GC safety by ensuring butterfly pointers are properly tracked
Bug Fixes
Thread Termination Race Condition
Commit:23922a766f07
Fixes race condition in VM::m_hasTerminationRequest between main
thread and worker threads
Moves setHasTerminationRequest() call into VMTraps::handleTraps()
to eliminate race
ThrowScope Exception Clearing
Commit:67abaaa35c4d
ThrowScopes can no longer accidentally clear termination exceptions
Introduces tryClearException() which fails on termination exceptions
Affects iterator operations, promises, and WebCore stream handling
Bytecode Cache JIT Threshold
Commit:e0644034f46e
Functions loaded from bytecode cache now correctly set JIT threshold
Previously, cached functions would JIT immediately on first execution
Wasm Fixes
Commit:8579516f4b61 - Fix JIT-less Wasm-to-JS i31ref
marshalling for i31 values in double format
The implementation closes and reopens ANSI codes around line breaks for
robust terminal compatibility. This differs slightly from the npm
package in edge cases but produces visually equivalent output.
Behavioral Differences from npm wrap-ansi
ANSI code preservation: Bun always maintains complete ANSI escape
sequences. The npm version can output malformed codes (missing ESC
character) in certain edge cases with wordWrap: false, trim: false.
Newline ANSI handling: Bun closes and reopens ANSI codes around
newlines for robustness. The npm version sometimes keeps them spanning
across newlines. The visual output is equivalent.
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
6f6f76 fix(macho): only update signature size on ARM64 with codesigning enabled (#26175)
The signature size adjustment was being applied unconditionally, but it
should only happen when building for ARM64 and codesigning is enabled.
This prevents incorrect offset calculations on non-ARM64 platforms.
8da29a feat(node:inspector): implement Profiler API (#25939)
bcbb4f fix(cli): show helpful error for unsupported file types instead of "File not found" (#26126)
Summary
When running bun <file> on a file with an unsupported type (e.g., .css, .yaml, .toml), Bun now shows a helpful error message instead
of the misleading "File not found"
Tracks when a file is resolved but has a loader that can't be run
directly
Shows the actual file path and file type in the error message
Before:
error: File not found "test.css"
After:
error: Cannot run "/path/to/test.css"
note: Bun cannot run css files directly
Test plan
Added regression test in test/regression/issue/1365.test.ts
Test verifies unsupported files show "Cannot run" error
Test verifies nonexistent files still show "File not found"
Test fails with USE_SYSTEM_BUN=1 and passes with debug build
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
ad4aab fix(Request): set cache and mode options correctly (#26099)
Summary
new Request() was ignoring cache and mode options, always
returning hardcoded default values ("default" for cache, "navigate" for
mode)
Added proper storage and handling of these options in the Request
struct
Both options are now correctly parsed from the constructor init object
and preserved when cloning
Fixes #2993
Test plan
Added regression test in test/regression/issue/2993.test.ts
However, Server objects returned from Bun.serve() also have a fetch method (for programmatic request handling), so the wrapper
mistakenly tried to call Bun.serve(server) on an already-running
server.
Solution
Added an isServerConfig() helper that checks:
The object has a fetch function or app property (config object
indicators)
The object does NOT have a stop method (Server instance indicator)
Server instances have stop, reload, upgrade, etc. methods, while
config objects don't.
Test plan
Added regression test that verifies exporting a Server as default
export works without errors
Added test that verifies config objects with fetch still trigger
auto-start
Verified test fails with USE_SYSTEM_BUN=1 and passes with the
fix
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
5d3f37 feat(s3): add Content-Encoding header support for S3 uploads (#26149)
Summary
Add support for setting the Content-Encoding header in S3 .write()
and .writer() calls, following the same pattern as Content-Disposition.
This allows users to specify the encoding of uploaded content:
// With .write()awaits3file.write("compressed data",{contentEncoding: "gzip"});// With .writer()constwriter=s3file.writer({contentEncoding: "gzip"});writer.write("compressed data");awaitwriter.end();// With bucket.write()awaitbucket.write("key",data,{contentEncoding: "br"});
Implementation
Extended SignedHeaders.Key from 6 bits to 7 bits (64→128
combinations) to accommodate the new header
Added content_encoding to S3CredentialsWithOptions, SignOptions,
and SignResult structs
Updated CanonicalRequest format strings to include content-encoding in AWS SigV4 signing
Added getContentEncoding() method to Headers for fetch-based S3
uploads
Expanded _headers array from 9 to 10 elements
Pass content_encoding through all S3 upload paths (upload,
uploadStream, writableStream)
Test plan
Added tests for "should be able to set content-encoding"
Added tests for "should be able to set content-encoding in writer"
Tests verify the Content-Encoding header is properly set on uploaded
objects via presigned URL fetch
All 4 new tests pass with bun bd test and fail with USE_SYSTEM_BUN=1 (confirming the feature is new)
Changelog
Describe your changes in 1-2 sentences. These will be featured on bun.sh/blog and Bun's release notes.
Added contentEncoding option to S3 .write() and .writer() methods,
allowing users to set the Content-Encoding header when uploading
objects.
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
dfa704 fix(s3): add contentDisposition and type support to presign() (#25999)
Summary
S3 File.presign() was ignoring the contentDisposition and type
options
These options are now properly included as response-content-disposition and response-content-type query
parameters in the presigned URL
Added content_type field to SignOptions and S3CredentialsWithOptions structs
Added parsing for the type option in getCredentialsWithOptions()
Query parameters are added in correct alphabetical order for AWS
Signature V4 compliance
Test plan
Added regression test in test/regression/issue/25750.test.ts
Verified tests pass with debug build: bun bd test test/regression/issue/25750.test.ts
Verified tests fail with system bun (without fix): USE_SYSTEM_BUN=1 bun test test/regression/issue/25750.test.ts
Verified existing S3 presign tests still pass
Verified existing S3 signature order tests still pass
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
f01467 perf(buffer): optimize Buffer.from(array) by using setFromArrayLike directly (#26135)
Summary
Optimizes Buffer.from(array) by bypassing JSC::construct() overhead
(~30ns) and leveraging JSC's internal array optimizations.
Changes
For JSArray inputs, directly use setFromArrayLike() which internally
detects array indexing types (Int32Shape/DoubleShape) and uses bulk copy
operations (copyFromInt32ShapeArray/copyFromDoubleShapeArray)
Array-like objects and iterables continue to use the existing slow
path
Added mitata benchmark for measuring performance
Benchmark Results
Test
Before
After
Improvement
Buffer.from(int32[8])
~85ns
~43ns
~50% faster
Buffer.from(int32[64])
~207ns
~120ns
~42% faster
Buffer.from(int32[1024])
~1.85μs
~1.32μs
~29% faster
Buffer.from(double[8])
~86ns
~50ns
~42% faster
Buffer.from(double[64])
~212ns
~151ns
~29% faster
Bun is now faster than Node.js for these operations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Packages