Release 4.0.0

What's Changed

• feat: add per-test dictionaries by @zgtm & @oetr in 7b19343
• feat: add ESM support by @oetr in #865
• feat: add linux arm64 support by @oetr in #856
• feat: add SSRF sanitizer by @oetr in adaa4ef
• feat: add eval and Function sanitizers by @oetr in 4c01ffc
• feat: enable hooking built-in class functions by @oetr in 47ce80c
• feat: add the ability to hook global functions by @oetr in a1fb6e1
• feat: support skip and only in Jest fuzzing mode by @bertschneider in #671
• feat: unify CLI and Jest options -- CLI supports camelCase by @oetr in ccbe200
• feat: logging: print all options in Jest mode for each test by @oetr in bb64ba4
• BREAKING fix(FDP): remove the ability to generate printable strings by @oetr in a6c6420
• BREAKING fix(FDP): use UTF-8 when consuming strings by @oetr in 93d6e26
• bugfix: don't try to hook builtin functions in modules without package name by @oetr in 9b6da87
• bugfix: enable quitting endless loops with CTRL+C by @oetr in 19a19be
• fix node.js v14 support by @bertschneider in #672
• fix(instrumentor): show babel warnings only in verbose mode by @oetr in 6e019af
• fix: add workflow permissions by @oetr in #864
• docs: describe every option by @oetr in 2ce150e

Full Changelog: v2.1.0...v4.0.0

Releases v3.x.x were used by the commercial version and are therefore skipped.

Release 2.1.0

What's Changed

• Feature: Jest support: List fuzz test names by @zgtm in #606
• Feature: Handle real segfaults in fuzz targets by @br-lewis in #602
• Feature: Provide consistent exit codes by @bertschneider in #617
• Bugfix: Patch coverage of implicit else branches by @bertschneider in #635

Full Changelog: v2.0.0...v2.1.0

Release 2.0.0

Jazzer.js now supports all Jest features 🎉 This introduces a small but breaking change, though. See the migration guide on how to convert the fuzz test projects from previous versions of Jazzer.js.

What's Changed

• Feature: (Breaking change) Deeper Jest integration by @bertschneider and @oetr in #585
• Bugfix: Prevent TypeError in the bug detectors by @oetr in #586

Full Changelog: v1.7.0...v2.0.0

Release 1.7.0

Summary

Handling application parameters is a hassle, so we simplified it.

All parameters can now be passed in with consistent names and clear priorities regarding their origin. Along the way support for environment variables was added as well to make integration into scripts and pipelines easier. More details can be found at Configuration options.

What's Changed

• Feat: Streamline option handling (#530)
• Fix: FuzzedDataProvider crash on float length (#552)
• Fix: Always log internal messages to stderr (#576)

Full Changelog: v1.6.1...v1.7.0

Release 1.6.1

This release enables instrumentation in Jest when in fuzzing mode, and thus reverts the change introduced in version 1.6.0.
In addition, from now on the version of each workspace is now pinned, which prevents the @jazzer.js packages to use wrong versions of each other.

What's Changed

• Bugfix: Always instrument in fuzzing mode by @bertschneider in #547
• Tests: Add release canary test by @br-lewis in #525

Release 1.6.0

This release contains two main additions: the Prototype Pollution bug detector, and handling of SIGINT/SIGSEGV signals.

Jazzer.js can now detect Prototype Pollution---a widespread vulnerability that is easy to introduce and hard to detect by manual code review.

Jazzer.js will now gracefully shut down when Ctrl+C is pressed, and will report coverage (if requested) and other information that was previously only available on crash or when the fuzzer exited by itself. In addition, Jazzer.js will now save crash files when segmentation faults occur, which allows a quick reproduction of the issue.

What's Changed

• Feature: Prototype Pollution Bug Detector by @oetr in #452
• Feature: Add SIGINT handling by @oetr in #497
• Feature: Handle segfault by @oetr in #524
• Feature: Add eslint header plugin by @bertschneider in #534
• Feature Configure eslint rules by @bertschneider in #508
• Bugfix: prevent endless loop when consuming an array of strings by @oetr in #528
• Tests: fix flaky signal handling tests by @oetr in #529

Release 1.5.1

Summary

This release fixes Jest fuzz tests written in TypeScript.

What's Changed

• Bugfix: TypeScript support for Jest now works in standalone projects by @oetr in #485
• Actions: send release event to datadog by @WillRoque in #480

New Contributors

• @WillRoque made their first contribution in #480

Full Changelog: v1.5.0...v1.5.1

Release 1.5.0

Summary

This release contains two main additions: Bug detectors and TypeScript support for Jest fuzz tests.

Hooks can now be used to raise findings that escape all try/catch blocks and force the fuzzer to report a crash. Such hooks are called bug detectors. This release of Jazzer.js already contains two bug detectors, one for command injections and one for path traversals.

As TypeScript is used in many projects in the JavaScript ecosystem, many tests are also written in TypeScript. To better support already existing development workflows, Jazzer.js now supports the direct execution of Jest fuzz tests written in TypeScript. Simply set up your TypeScript project, like you would normally do, and enjoy running Jest fuzz tests written in TypeScript without the need to transpile them before the actual execution.

What's Changed

• Feature: Support Jest fuzz tests written in TypeScript by @bertschneider (#449)
• Feature: Add command injection bug detector by @oetr (#407)
• Feature: Add path traversal bug detector by @0xricksanchez (#419)
• Feature: Log coverage input directories on startup by @zgtm (#450)
• Feature: Use wording from jazzer for logging corpus inputs on startup by @zgtm (#469)
• Feature: Update llvm version by @br-lewis in (#416)
• Feature: Streamline CLI arguments for a more intuitive Jazzer.js usage by @0xricksanchez (#429)
• Bugfix: Fix async bug detector wrapper by @bertschneider (#460)
• Bugfix: Deep-copy default Jest config to prevent tests changing each other's configurations by @oetr (#451)
• Documentation: Note Jest TypeScript limitation by @br-lewis (#340)
• Pipeline: Use rebase in Dependabot auto-merge by @bertschneider (#348)
• Pipeline: Demote jest to a dev dependency by @0xricksanchez (#363)

New Contributors

• @br-lewis made their first contribution in #340
• @zgtm made their first contribution in #450

Full Changelog: v1.4.0...v1.5.0

Release 1.4.0

Summary

This release enables using absolute paths to the fuzz targets. It also includes cleanups and CI improvements.

What's Changed

• docs: fix typo and explain FuzzedDataProvider in Jest documentation by @kyakdan in #311
• Enable merge groups by @0xricksanchez in #320
• Remove unnecessary excluded flag on CLI by @0xricksanchez in #316
• Switch from auto-merge action to gh command by @bertschneider in #325
• Switch to fixed number of runs in flaky promise test by @bertschneider in #330
• Change Jazzer.js fuzz tests to fixed number of runs by @0xricksanchez in #321
• improve CI build times by limiting runs by @0xricksanchez in #337
• Enable providing fuzz targets using absolute paths by @kyakdan in #341

Full Changelog: v1.3.0...v1.4.0

Release 1.3.0

Summary

The main additions in this release are the ability to collecting coverage information and generate coverage reports, and the ability to leverage the FuzzedDataProvider to return arbitrary combinations of ASCII printable and/or lossy strings without having to rely on libfuzzers -only_ascii flag.

What's Changed

• Fix a broken link by @ligurio in #292
• Introduce toggle for FuzzedDataProvider to only return printable strings by @0xricksanchez in #268
• Un-hide fuzz function flag by @kyakdan in #294
• Gracefully handle none-string types when intercepting string comparisons by @kyakdan in #296
• Jazzer.js now supports coverage report generation. Simply add "--coverage". by @oetr in #272
• fuzztests: check error code of each individual fuzztest by @oetr in #297
• Added simple detection mechanism for synchronous return values by @0xricksanchez in #283

New Contributors

• @ligurio made their first contribution in #292

Full Changelog: v1.2.0...v1.3.0