Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update dependency sirv to v0.4.6 - abandoned #36

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency sirv to v0.4.6 - abandoned #36

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 1, 2019
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sirv 0.2.2 -> 0.4.6 age adoption passing confidence

Release Notes

lukeed/sirv

v0.4.6

Compare Source

NOTICE
This version patches a directory-traversal security vulnerability that exists in dev mode only. All users should update immediately, even if they don't think they're using --dev or opts.dev on live servers. There are no other changes in this release.

Patches

  • Fixes dev mode security vulnerability (#​63): 1e0bac5
    Thank you @​marvinhagemeister~!

    As Marvin describes:

    This allows an attacker to traverse the file system outside of the specified directory.

    Let's say sirv was initialized to serve files from /foo/bar:

    sirv("/foo/bar");

    ...and an attacker makes a request to:

    GET /../../etc/passwd

    ...then they are able to download the contents of that file.

Chores

v0.4.2

Compare Source

Patches

  • Immediately fix regression for --single flag in "dev" mode: c73fd13

v0.4.1

Compare Source

Patches

  • (sirv): Handle files without an extension correctly (#​26): b2e1baf
    Wrongly assumed all extensionless files were pathnames meant to be expanded.

  • (sirv): Call return from for-loop directly: c39f0e4

v0.4.0

Compare Source

Breaking

  • (sirv) Change opts.onNoMatch from (res) to (req, res): abe9d69
    Allowing the callback to consume the original request & response is more expected and flexible.

Patches

  • Fix(sirv-cli) Maintain Range/partial requests during --dev mode: abe9d69
    By sending an empty object, the original request's headers were all lost.

v0.3.1

Compare Source

Patches

  • Run custom opts.setHeaders function in dev mode: (#​22): e4b7cc3

v0.3.0

Compare Source

Features

  • (sirv) Respond to Range headers/partial requests correctly! (#​19): 135db55

    Now, larger files (video, PDF, etc) will be served correctly. Previously, sirv would ignore the ranged requests and pipe down the entire file at once.

Patches

  • (sirv) Running dev mode will also send Last-Modified and Content-Length headers: 135db55

v0.2.5

Compare Source

Patches

  • Replace tiny-glob with manual directory traversal: 38ba617

    While tiny-glob is very much a great globbing library, sirv really had no need for a globbing library because it asks for all files within the directory. This makes declaring & responding to filter patterns pointless.

v0.2.4

Compare Source

Patches

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency sirv to v0.4.0 Update dependency sirv to v0.4.1 May 8, 2019
@renovate renovate bot force-pushed the renovate/sirv-0.x branch from c7455ed to c52c636 Compare May 8, 2019 20:59
@renovate renovate bot changed the title Update dependency sirv to v0.4.1 Update dependency sirv to v0.4.2 May 9, 2019
@renovate renovate bot force-pushed the renovate/sirv-0.x branch from c52c636 to 0c21cd8 Compare May 9, 2019 00:49
@renovate renovate bot force-pushed the renovate/sirv-0.x branch from 0c21cd8 to a4b1783 Compare July 1, 2020 12:57
@renovate renovate bot changed the title Update dependency sirv to v0.4.2 Update dependency sirv to v0.4.6 Jul 1, 2020
@renovate
Copy link
Contributor Author

renovate bot commented Mar 24, 2023
edited
Loading

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 8, 2024

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title Update dependency sirv to v0.4.6 Update dependency sirv to v0.4.6 - abandoned Dec 8, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot