lukeed/sirv
### [`v1.0.10`](https://togithub.com/lukeed/sirv/releases/v1.0.10)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.9...v1.0.10)
#### Patches
- (`sirv`) Use `Cache-Control: no-cache` when both `dev` & `etag` are enabled ([#90](https://togithub.com/lukeed/sirv/issues/90)): [`c8fe11b`](https://togithub.com/lukeed/sirv/commit/c8fe11b)
_By default `dev`-mode always used `no-store` – but this also means that any `ETag` on the response is ignored too. Changing this to `no-cache` allows the browser to remember the `ETag` and send if as the `If-None-Match` header on next request._
### [`v1.0.9`](https://togithub.com/lukeed/sirv/releases/v1.0.9)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.8...v1.0.9)
#### Patches
- (`sirv`) More specific `ignore` regex default ([#88](https://togithub.com/lukeed/sirv/issues/88)): [`5e3d7a8`](https://togithub.com/lukeed/sirv/commit/5e3d7a8)
_Thank you [@adam-lynch](https://togithub.com/adam-lynch)~!_
- (`sirv`) Replace `VoidFunction` usage in TypeScript definitions ([#89](https://togithub.com/lukeed/sirv/issues/89)): [`478b487`](https://togithub.com/lukeed/sirv/commit/478b487)
### [`v1.0.8`](https://togithub.com/lukeed/sirv/releases/v1.0.8)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.7...v1.0.8)
#### Patches
- (`sirv-cli`): Add hidden `--no-logs` option ([#85](https://togithub.com/lukeed/sirv/issues/85)): [`714c058`](https://togithub.com/lukeed/sirv/commit/714c058)\\
_Does not render `"LOGS"` output on requests. Unlike `--quiet`, `--no-logs` keeps intro banner._
### [`v1.0.7`](https://togithub.com/lukeed/sirv/releases/v1.0.7)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.6...v1.0.7)
#### Patches
- (`sirv`): Use a separate `FILES` cache per `sirv` instance ([#84](https://togithub.com/lukeed/sirv/issues/84)): [`c69bbfb`](https://togithub.com/lukeed/sirv/commit/c69bbfb)
_Thank you [@Rich-Harris](https://togithub.com/Rich-Harris)~!_
- (`sirv`): Append [`must-revalidate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Revalidation_and_reloading) Cache-Control directive when `maxAge: 0` is used: [`fb31a46`](https://togithub.com/lukeed/sirv/commit/fb31a46)
_Only appends when `immutable` option is not in use!_
### [`v1.0.6`](https://togithub.com/lukeed/sirv/releases/v1.0.6)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.5...v1.0.6)
#### Patches
- (`sirv`) Ensure `options.setHeaders` changes are respected ([#79](https://togithub.com/lukeed/sirv/issues/79)): [`25eb012`](https://togithub.com/lukeed/sirv/commit/25eb012)
### [`v1.0.5`](https://togithub.com/lukeed/sirv/releases/v1.0.5)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.4...v1.0.5)
#### Patches
- (`sirv`) Ensure cached response headers (in "prod" mode) are not mutated between requests ([#75](https://togithub.com/lukeed/sirv/issues/75), [#55](https://togithub.com/lukeed/sirv/issues/55)): [`b33bb15`](https://togithub.com/lukeed/sirv/commit/b33bb15)
_Thank you [@imtiazmangerah](https://togithub.com/imtiazmangerah)!_
### [`v1.0.4`](https://togithub.com/lukeed/sirv/releases/v1.0.4)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.3...v1.0.4)
#### Patches
- (`sirv-cli`): Allow graceful HTTP/1 support when `--http2` enabled ([#74](https://togithub.com/lukeed/sirv/issues/74)): [`4b419bf`](https://togithub.com/lukeed/sirv/commit/4b419bf)
_Does not affect HTTP/2 clients. Instead, allows HTTP/1.1 clients to connect over HTTPS.
Thank you [@ArtskydJ](https://togithub.com/ArtskydJ)~!_
### [`v1.0.3`](https://togithub.com/lukeed/sirv/releases/v1.0.3)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.2...v1.0.3)
#### Patches
- (`sirv-cli`) Add `--no-clear` option to disable console scroll reset ([#58](https://togithub.com/lukeed/sirv/issues/58)): [`32a6a2c`](https://togithub.com/lukeed/sirv/commit/32a6a2c)
_Default behavior is completely unchanged._
### [`v1.0.2`](https://togithub.com/lukeed/sirv/releases/v1.0.2)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.1...v1.0.2)
#### Patches
- (`sirv-cli`) Print `--host` hint when not in use ([#70](https://togithub.com/lukeed/sirv/issues/70), [#71](https://togithub.com/lukeed/sirv/issues/71)): [`ec5febc`](https://togithub.com/lukeed/sirv/commit/ec5febc)
_Thank you [@mhkeller](https://togithub.com/mhkeller)~!_
A lot of users are/were unaware that `sirv-cli` was capable of setting up a network endpoint for your server. The option always existed in the help text's list of options, but it can be easy for things to hide in plain sight! So now the CLI will _always_ show a "Network:" field (to show that it's at least _possible_) and either the server address if there is one or a short clue about the `--host` flag.
#### Chores
- (docs) Add mention of `mkcert` for alternative SSL certificate generation ([#68](https://togithub.com/lukeed/sirv/issues/68)): [`9eea208`](https://togithub.com/lukeed/sirv/commit/9eea208)
_Thank you [@longrunningprocess](https://togithub.com/longrunningprocess)~!_
### [`v1.0.1`](https://togithub.com/lukeed/sirv/releases/v1.0.1)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.0...v1.0.1)
#### Patches
- (`sirv`) Set "br" for `content-encoding` header value ([#65](https://togithub.com/lukeed/sirv/issues/65)): [`fa4f7db`](https://togithub.com/lukeed/sirv/commit/fa4f7db), [`7205446`](https://togithub.com/lukeed/sirv/commit/7205446)
_Thank you [@DaGhostman](https://togithub.com/DaGhostman)~!_
#### Chores
- (`sirv`) Add additional `dotfiles` tests: [`d01fe72`](https://togithub.com/lukeed/sirv/commit/d01fe72)
- Update badges: [`8785b42`](https://togithub.com/lukeed/sirv/commit/8785b42)
### [`v1.0.0`](https://togithub.com/lukeed/sirv/releases/v1.0.0)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v0.4.6...v1.0.0)
#### Breaking
Both `sirv` and `sirv-cli` now require at least Node v10.x to function ([`19061be`](https://togithub.com/lukeed/sirv/commit/19061bef5206df230102343f1eae1f8d218eaa58)). This is the oldest LTS version of Node.js that's still possesses the "ACTIVE" label.
#### Features
- (`sirv-cli`) Added HTTP/2 support ([#2](https://togithub.com/lukeed/sirv/issues/2), [#64](https://togithub.com/lukeed/sirv/issues/64)): [`36ba734`](https://togithub.com/lukeed/sirv/commit/36ba7344fc3896291f32a7e6cb572f87cfebe77d), [`8c92751`](https://togithub.com/lukeed/sirv/commit/8c92751ba976e27d48a9c752256482d8b3d2c8ba)
- (`sirv-cli`) Added `--gzip` and `--brotli` flags ([#3](https://togithub.com/lukeed/sirv/issues/3))
- (`sirv-cli`) Allow `--single` to accept custom fallback: [`fd55eca`](https://togithub.com/lukeed/sirv/commit/fd55ecab7d20e1cdaa7e5190b1a92d9262a51e07)
- (`sirv-cli`) Added `--ignores` option to escape `single`: [`918102e`](https://togithub.com/lukeed/sirv/commit/918102ed741463c6154d458ca63d3637deb54210)
- (`sirv`) Added TypeScript definitions ([#61](https://togithub.com/lukeed/sirv/issues/61)): [`05058a2`](https://togithub.com/lukeed/sirv/commit/05058a20cc93fa1ad1a1dca6091c76aec5de571c)
- (`sirv`) Support If-None-Match/ETag matching ([#56](https://togithub.com/lukeed/sirv/issues/56), [#46](https://togithub.com/lukeed/sirv/issues/46))
- (`sirv`) Added `single` option, with customizable fallback: [`f13fbb8`](https://togithub.com/lukeed/sirv/commit/f13fbb8bd698d6c9b95df55845dbb237aca1340d), [`fd55eca`](https://togithub.com/lukeed/sirv/commit/fd55ecab7d20e1cdaa7e5190b1a92d9262a51e07)
- (`sirv`) Allow serving of precompiled gzip and/or brotli files: [`3d34763`](https://togithub.com/lukeed/sirv/commit/3d34763619eb6ed520d3377d96e8e64862f90285)
- (`sirv`): Ships separate `"module"` (ESM) and `"main"` (CJS) entries: [`9754302`](https://togithub.com/lukeed/sirv/commit/9754302969bc9a603e7a4795a11ecc42d6ed8bc8)
#### Patches
- (`sirv`) Prevent server crash with malformed URLs ([#54](https://togithub.com/lukeed/sirv/issues/54)): [`1757b26`](https://togithub.com/lukeed/sirv/commit/1757b26bd713368a1d7cde7df338fe843bb5e31c)
- (`sirv`) Allow dotfiles option in "dev" mode ([#51](https://togithub.com/lukeed/sirv/issues/51))
- (`sirv`) Allow requests to `/.well-known/*` files ([#50](https://togithub.com/lukeed/sirv/issues/50)): [`0a04d66`](https://togithub.com/lukeed/sirv/commit/0a04d66221325ff34b0145bdcac97a8e6a60f64e)
- (`sirv`) Force `Cache-Control: no-store` value for "dev" mode ([#45](https://togithub.com/lukeed/sirv/issues/45)): [`604f926`](https://togithub.com/lukeed/sirv/commit/604f926c2324781d1f57d37f8ad93674677b82cf)
- (`sirv`) Respect _any previous_ `Content-Type` on response ([#38](https://togithub.com/lukeed/sirv/issues/38)): [`c08ac50`](https://togithub.com/lukeed/sirv/commit/c08ac50b25e60ec1518c8712fd25e8f9d5eda7f5), [`5ef168f`](https://togithub.com/lukeed/sirv/commit/5ef168f48d8bea850e28d4094ea1a907f3d06a14)
- (`sirv`) Ignore deeply-nested dotfiles (default): [`84d4f33`](https://togithub.com/lukeed/sirv/commit/84d4f33f74a7cff2373de6916888a85a1537fe6a)
#### Chores
- (`sirv`) Refactor: Consolidate "dev" & "prod" handlers: [`f1bcc43`](https://togithub.com/lukeed/sirv/commit/f1bcc431463605ae112f943a466f8d9809234b68)
- (`sirv`): Refactor: Extract `list` utility into [`totalist`](https://togithub.com/lukeed/totalist): [`535b2c2`](https://togithub.com/lukeed/sirv/commit/535b2c262e1ca430e4b9de09a7fe3d23d0286a31)
- Update benchmarks, include directly: [`a346382`](https://togithub.com/lukeed/sirv/commit/a3463822a7f683321ee0cb15815500a349c893da)
- Update documentation: [`8e9cb49`](https://togithub.com/lukeed/sirv/commit/8e9cb49bb173bc337913bd320f10d269fb122ccf)
- Add multiple test suites for 99% code coverage: [`cbe0a47`](https://togithub.com/lukeed/sirv/commit/cbe0a4783026ad4714265153e6e9d3b70d54bb8f), [`461b8de`](https://togithub.com/lukeed/sirv/commit/461b8ded44fd7c95ce26cda3077cfb09af5f80b9), [`5953004`](https://togithub.com/lukeed/sirv/commit/5953004a1fcbdb65e914bb33d842e869cbfe6794), [`07c65ac`](https://togithub.com/lukeed/sirv/commit/07c65ac060722c0b2eacd72aa1869aee9ad65068), [`3cfb51e`](https://togithub.com/lukeed/sirv/commit/3cfb51eb298bb7de0146e1a9f234cbc229d4277d), [`4608c92`](https://togithub.com/lukeed/sirv/commit/4608c9274b284907ead02e34e2d343da44ef4eb8), [`b3b89cb`](https://togithub.com/lukeed/sirv/commit/b3b89cb7538cadc0ebf13bc8520ee3e5a29e53b7), [`f6b1e72`](https://togithub.com/lukeed/sirv/commit/f6b1e72b50f55bfca46b1244166e0ffe3f86311c), [`5f583e5`](https://togithub.com/lukeed/sirv/commit/5f583e5ad594f08a378378085829fe7d0d92c457), [`bdfc9b0`](https://togithub.com/lukeed/sirv/commit/bdfc9b0dc7d19a74d1e3eb0926f127d10fdab1f1), [`3009ae0`](https://togithub.com/lukeed/sirv/commit/3009ae03539d493a6ac288497ebbab0993858252), [`5d555d2`](https://togithub.com/lukeed/sirv/commit/5d555d257d6fa24e3c1076334d9090a4ad8172bd)
### [`v0.4.6`](https://togithub.com/lukeed/sirv/releases/v0.4.6)
[Compare Source](https://togithub.com/lukeed/sirv/compare/v0.4.5...v0.4.6)
> **NOTICE** This version patches a directory-traversal **security vulnerability** that exists in `dev` mode only. All users should update _immediately_, even if they don't think they're using `--dev` or `opts.dev` on live servers. There are no other changes in this release.
>
> #### Patches
- Fixes `dev` mode security vulnerability ([#63](https://togithub.com/lukeed/sirv/issues/63)): [`1e0bac5`](https://togithub.com/lukeed/sirv/commit/1e0bac5)
_Thank you [@marvinhagemeister](https://togithub.com/marvinhagemeister)~!_
As Marvin describes:
This allows an attacker to traverse the file system outside of the specified directory.
Let's say `sirv` was initialized to serve files from /foo/bar:
```js
sirv("/foo/bar");
```
...and an attacker makes a request to:
GET /../../etc/passwd
...then they are able to download the contents of that file.
##### Chores
- Attach GitHub Actions: [`ea15d6a`](https://togithub.com/lukeed/sirv/commit/ea15d6a)
- Update test runner: [`2b965cd`](https://togithub.com/lukeed/sirv/commit/2b965cd)
- Update `lerna` version: [`0b6de8d`](https://togithub.com/lukeed/sirv/commit/0b6de8d)
Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.4.5
->1.0.10
Release Notes
lukeed/sirv
### [`v1.0.10`](https://togithub.com/lukeed/sirv/releases/v1.0.10) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.9...v1.0.10) #### Patches - (`sirv`) Use `Cache-Control: no-cache` when both `dev` & `etag` are enabled ([#90](https://togithub.com/lukeed/sirv/issues/90)): [`c8fe11b`](https://togithub.com/lukeed/sirv/commit/c8fe11b) _By default `dev`-mode always used `no-store` – but this also means that any `ETag` on the response is ignored too. Changing this to `no-cache` allows the browser to remember the `ETag` and send if as the `If-None-Match` header on next request._ ### [`v1.0.9`](https://togithub.com/lukeed/sirv/releases/v1.0.9) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.8...v1.0.9) #### Patches - (`sirv`) More specific `ignore` regex default ([#88](https://togithub.com/lukeed/sirv/issues/88)): [`5e3d7a8`](https://togithub.com/lukeed/sirv/commit/5e3d7a8) _Thank you [@adam-lynch](https://togithub.com/adam-lynch)~!_ - (`sirv`) Replace `VoidFunction` usage in TypeScript definitions ([#89](https://togithub.com/lukeed/sirv/issues/89)): [`478b487`](https://togithub.com/lukeed/sirv/commit/478b487) ### [`v1.0.8`](https://togithub.com/lukeed/sirv/releases/v1.0.8) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.7...v1.0.8) #### Patches - (`sirv-cli`): Add hidden `--no-logs` option ([#85](https://togithub.com/lukeed/sirv/issues/85)): [`714c058`](https://togithub.com/lukeed/sirv/commit/714c058)\\ _Does not render `"LOGS"` output on requests. Unlike `--quiet`, `--no-logs` keeps intro banner._ ### [`v1.0.7`](https://togithub.com/lukeed/sirv/releases/v1.0.7) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.6...v1.0.7) #### Patches - (`sirv`): Use a separate `FILES` cache per `sirv` instance ([#84](https://togithub.com/lukeed/sirv/issues/84)): [`c69bbfb`](https://togithub.com/lukeed/sirv/commit/c69bbfb) _Thank you [@Rich-Harris](https://togithub.com/Rich-Harris)~!_ - (`sirv`): Append [`must-revalidate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Revalidation_and_reloading) Cache-Control directive when `maxAge: 0` is used: [`fb31a46`](https://togithub.com/lukeed/sirv/commit/fb31a46) _Only appends when `immutable` option is not in use!_ ### [`v1.0.6`](https://togithub.com/lukeed/sirv/releases/v1.0.6) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.5...v1.0.6) #### Patches - (`sirv`) Ensure `options.setHeaders` changes are respected ([#79](https://togithub.com/lukeed/sirv/issues/79)): [`25eb012`](https://togithub.com/lukeed/sirv/commit/25eb012) ### [`v1.0.5`](https://togithub.com/lukeed/sirv/releases/v1.0.5) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.4...v1.0.5) #### Patches - (`sirv`) Ensure cached response headers (in "prod" mode) are not mutated between requests ([#75](https://togithub.com/lukeed/sirv/issues/75), [#55](https://togithub.com/lukeed/sirv/issues/55)): [`b33bb15`](https://togithub.com/lukeed/sirv/commit/b33bb15) _Thank you [@imtiazmangerah](https://togithub.com/imtiazmangerah)!_ ### [`v1.0.4`](https://togithub.com/lukeed/sirv/releases/v1.0.4) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.3...v1.0.4) #### Patches - (`sirv-cli`): Allow graceful HTTP/1 support when `--http2` enabled ([#74](https://togithub.com/lukeed/sirv/issues/74)): [`4b419bf`](https://togithub.com/lukeed/sirv/commit/4b419bf) _Does not affect HTTP/2 clients. Instead, allows HTTP/1.1 clients to connect over HTTPS. Thank you [@ArtskydJ](https://togithub.com/ArtskydJ)~!_ ### [`v1.0.3`](https://togithub.com/lukeed/sirv/releases/v1.0.3) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.2...v1.0.3) #### Patches - (`sirv-cli`) Add `--no-clear` option to disable console scroll reset ([#58](https://togithub.com/lukeed/sirv/issues/58)): [`32a6a2c`](https://togithub.com/lukeed/sirv/commit/32a6a2c) _Default behavior is completely unchanged._ ### [`v1.0.2`](https://togithub.com/lukeed/sirv/releases/v1.0.2) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.1...v1.0.2) #### Patches - (`sirv-cli`) Print `--host` hint when not in use ([#70](https://togithub.com/lukeed/sirv/issues/70), [#71](https://togithub.com/lukeed/sirv/issues/71)): [`ec5febc`](https://togithub.com/lukeed/sirv/commit/ec5febc) _Thank you [@mhkeller](https://togithub.com/mhkeller)~!_A lot of users are/were unaware that `sirv-cli` was capable of setting up a network endpoint for your server. The option always existed in the help text's list of options, but it can be easy for things to hide in plain sight! So now the CLI will _always_ show a "Network:" field (to show that it's at least _possible_) and either the server address if there is one or a short clue about the `--host` flag. #### Chores - (docs) Add mention of `mkcert` for alternative SSL certificate generation ([#68](https://togithub.com/lukeed/sirv/issues/68)): [`9eea208`](https://togithub.com/lukeed/sirv/commit/9eea208) _Thank you [@longrunningprocess](https://togithub.com/longrunningprocess)~!_ ### [`v1.0.1`](https://togithub.com/lukeed/sirv/releases/v1.0.1) [Compare Source](https://togithub.com/lukeed/sirv/compare/v1.0.0...v1.0.1) #### Patches - (`sirv`) Set "br" for `content-encoding` header value ([#65](https://togithub.com/lukeed/sirv/issues/65)): [`fa4f7db`](https://togithub.com/lukeed/sirv/commit/fa4f7db), [`7205446`](https://togithub.com/lukeed/sirv/commit/7205446) _Thank you [@DaGhostman](https://togithub.com/DaGhostman)~!_ #### Chores - (`sirv`) Add additional `dotfiles` tests: [`d01fe72`](https://togithub.com/lukeed/sirv/commit/d01fe72) - Update badges: [`8785b42`](https://togithub.com/lukeed/sirv/commit/8785b42) ### [`v1.0.0`](https://togithub.com/lukeed/sirv/releases/v1.0.0) [Compare Source](https://togithub.com/lukeed/sirv/compare/v0.4.6...v1.0.0) #### Breaking Both `sirv` and `sirv-cli` now require at least Node v10.x to function ([`19061be`](https://togithub.com/lukeed/sirv/commit/19061bef5206df230102343f1eae1f8d218eaa58)).
This is the oldest LTS version of Node.js that's still possesses the "ACTIVE" label. #### Features - (`sirv-cli`) Added HTTP/2 support ([#2](https://togithub.com/lukeed/sirv/issues/2), [#64](https://togithub.com/lukeed/sirv/issues/64)): [`36ba734`](https://togithub.com/lukeed/sirv/commit/36ba7344fc3896291f32a7e6cb572f87cfebe77d), [`8c92751`](https://togithub.com/lukeed/sirv/commit/8c92751ba976e27d48a9c752256482d8b3d2c8ba) - (`sirv-cli`) Added `--gzip` and `--brotli` flags ([#3](https://togithub.com/lukeed/sirv/issues/3)) - (`sirv-cli`) Allow `--single` to accept custom fallback: [`fd55eca`](https://togithub.com/lukeed/sirv/commit/fd55ecab7d20e1cdaa7e5190b1a92d9262a51e07) - (`sirv-cli`) Added `--ignores` option to escape `single`: [`918102e`](https://togithub.com/lukeed/sirv/commit/918102ed741463c6154d458ca63d3637deb54210) - (`sirv`) Added TypeScript definitions ([#61](https://togithub.com/lukeed/sirv/issues/61)): [`05058a2`](https://togithub.com/lukeed/sirv/commit/05058a20cc93fa1ad1a1dca6091c76aec5de571c) - (`sirv`) Support If-None-Match/ETag matching ([#56](https://togithub.com/lukeed/sirv/issues/56), [#46](https://togithub.com/lukeed/sirv/issues/46)) - (`sirv`) Added `single` option, with customizable fallback: [`f13fbb8`](https://togithub.com/lukeed/sirv/commit/f13fbb8bd698d6c9b95df55845dbb237aca1340d), [`fd55eca`](https://togithub.com/lukeed/sirv/commit/fd55ecab7d20e1cdaa7e5190b1a92d9262a51e07) - (`sirv`) Allow serving of precompiled gzip and/or brotli files: [`3d34763`](https://togithub.com/lukeed/sirv/commit/3d34763619eb6ed520d3377d96e8e64862f90285) - (`sirv`): Ships separate `"module"` (ESM) and `"main"` (CJS) entries: [`9754302`](https://togithub.com/lukeed/sirv/commit/9754302969bc9a603e7a4795a11ecc42d6ed8bc8) #### Patches - (`sirv`) Prevent server crash with malformed URLs ([#54](https://togithub.com/lukeed/sirv/issues/54)): [`1757b26`](https://togithub.com/lukeed/sirv/commit/1757b26bd713368a1d7cde7df338fe843bb5e31c) - (`sirv`) Allow dotfiles option in "dev" mode ([#51](https://togithub.com/lukeed/sirv/issues/51)) - (`sirv`) Allow requests to `/.well-known/*` files ([#50](https://togithub.com/lukeed/sirv/issues/50)): [`0a04d66`](https://togithub.com/lukeed/sirv/commit/0a04d66221325ff34b0145bdcac97a8e6a60f64e) - (`sirv`) Force `Cache-Control: no-store` value for "dev" mode ([#45](https://togithub.com/lukeed/sirv/issues/45)): [`604f926`](https://togithub.com/lukeed/sirv/commit/604f926c2324781d1f57d37f8ad93674677b82cf) - (`sirv`) Respect _any previous_ `Content-Type` on response ([#38](https://togithub.com/lukeed/sirv/issues/38)): [`c08ac50`](https://togithub.com/lukeed/sirv/commit/c08ac50b25e60ec1518c8712fd25e8f9d5eda7f5), [`5ef168f`](https://togithub.com/lukeed/sirv/commit/5ef168f48d8bea850e28d4094ea1a907f3d06a14) - (`sirv`) Ignore deeply-nested dotfiles (default): [`84d4f33`](https://togithub.com/lukeed/sirv/commit/84d4f33f74a7cff2373de6916888a85a1537fe6a) #### Chores - (`sirv`) Refactor: Consolidate "dev" & "prod" handlers: [`f1bcc43`](https://togithub.com/lukeed/sirv/commit/f1bcc431463605ae112f943a466f8d9809234b68) - (`sirv`): Refactor: Extract `list` utility into [`totalist`](https://togithub.com/lukeed/totalist): [`535b2c2`](https://togithub.com/lukeed/sirv/commit/535b2c262e1ca430e4b9de09a7fe3d23d0286a31) - Update benchmarks, include directly: [`a346382`](https://togithub.com/lukeed/sirv/commit/a3463822a7f683321ee0cb15815500a349c893da) - Update documentation: [`8e9cb49`](https://togithub.com/lukeed/sirv/commit/8e9cb49bb173bc337913bd320f10d269fb122ccf) - Add multiple test suites for 99% code coverage: [`cbe0a47`](https://togithub.com/lukeed/sirv/commit/cbe0a4783026ad4714265153e6e9d3b70d54bb8f), [`461b8de`](https://togithub.com/lukeed/sirv/commit/461b8ded44fd7c95ce26cda3077cfb09af5f80b9), [`5953004`](https://togithub.com/lukeed/sirv/commit/5953004a1fcbdb65e914bb33d842e869cbfe6794), [`07c65ac`](https://togithub.com/lukeed/sirv/commit/07c65ac060722c0b2eacd72aa1869aee9ad65068), [`3cfb51e`](https://togithub.com/lukeed/sirv/commit/3cfb51eb298bb7de0146e1a9f234cbc229d4277d), [`4608c92`](https://togithub.com/lukeed/sirv/commit/4608c9274b284907ead02e34e2d343da44ef4eb8), [`b3b89cb`](https://togithub.com/lukeed/sirv/commit/b3b89cb7538cadc0ebf13bc8520ee3e5a29e53b7), [`f6b1e72`](https://togithub.com/lukeed/sirv/commit/f6b1e72b50f55bfca46b1244166e0ffe3f86311c), [`5f583e5`](https://togithub.com/lukeed/sirv/commit/5f583e5ad594f08a378378085829fe7d0d92c457), [`bdfc9b0`](https://togithub.com/lukeed/sirv/commit/bdfc9b0dc7d19a74d1e3eb0926f127d10fdab1f1), [`3009ae0`](https://togithub.com/lukeed/sirv/commit/3009ae03539d493a6ac288497ebbab0993858252), [`5d555d2`](https://togithub.com/lukeed/sirv/commit/5d555d257d6fa24e3c1076334d9090a4ad8172bd) ### [`v0.4.6`](https://togithub.com/lukeed/sirv/releases/v0.4.6) [Compare Source](https://togithub.com/lukeed/sirv/compare/v0.4.5...v0.4.6) > **NOTICE**
This version patches a directory-traversal **security vulnerability** that exists in `dev` mode only. All users should update _immediately_, even if they don't think they're using `--dev` or `opts.dev` on live servers. There are no other changes in this release. > > #### Patches - Fixes `dev` mode security vulnerability ([#63](https://togithub.com/lukeed/sirv/issues/63)): [`1e0bac5`](https://togithub.com/lukeed/sirv/commit/1e0bac5) _Thank you [@marvinhagemeister](https://togithub.com/marvinhagemeister)~!_ As Marvin describes: This allows an attacker to traverse the file system outside of the specified directory. Let's say `sirv` was initialized to serve files from /foo/bar: ```js sirv("/foo/bar"); ``` ...and an attacker makes a request to: GET /../../etc/passwd ...then they are able to download the contents of that file. ##### Chores - Attach GitHub Actions: [`ea15d6a`](https://togithub.com/lukeed/sirv/commit/ea15d6a) - Update test runner: [`2b965cd`](https://togithub.com/lukeed/sirv/commit/2b965cd) - Update `lerna` version: [`0b6de8d`](https://togithub.com/lukeed/sirv/commit/0b6de8d)
Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.