http: do not allow OBS fold in headers by default

Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Fixes: https://hackerone.com/reports/2237099
PR-URL: nodejs-private/node-private#556
CVE-ID: CVE-2024-27982

Author: ShogunPanda

deps/llhttp/.gitignore

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.5.1)
 cmake_policy(SET CMP0069 NEW)
 
-project(llhttp VERSION 9.2.0)
+project(llhttp VERSION 9.2.1)
 include(GNUInstallDirs)
 
 set(CMAKE_C_STANDARD 99)

deps/llhttp/CMakeLists.txt

@@ -397,7 +397,7 @@ With this flag this check is disabled.
 Make sure you have [Node.js](https://nodejs.org/), npm and npx installed. Then under project directory run:
 
 ```sh
-npm install
+npm ci
 make
 ```
 
@@ -451,7 +451,7 @@ _Note that using the git repo directly (e.g., via a git repo url and tag) will n
 
 1. Ensure that `Clang` and `make` are in your system path.
 2. Using Git Bash, clone the repo to your preferred location.
-3. Cd into the cloned directory and run `npm install`
+3. Cd into the cloned directory and run `npm ci`
 5. Run `make`
 6. Your `repo/build` directory should now have `libllhttp.a` and `libllhttp.so` static and dynamic libraries.
 7. When building your executable, you can link to these libraries. Make sure to set the build folder as an include path when building so you can reference the declarations in `repo/build/llhttp.h`.

deps/llhttp/README.md

@@ -4,7 +4,7 @@
 
 #define LLHTTP_VERSION_MAJOR 9
 #define LLHTTP_VERSION_MINOR 2
-#define LLHTTP_VERSION_PATCH 0
+#define LLHTTP_VERSION_PATCH 1
 
 #ifndef INCLUDE_LLHTTP_ITSELF_H_
 #define INCLUDE_LLHTTP_ITSELF_H_