search

mozilla-rally / rally-core-addon

Mozilla Public License 2.0
9 stars 13 forks source link

Bump sirv-cli from 1.0.12 to 1.0.14 #747

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps sirv-cli from 1.0.12 to 1.0.14.

Release notes

Sourced from sirv-cli's releases.

v1.0.14

Chores

  • (sirv): Bump @polka/url to take advantage of this fix

v1.0.13

Patches

  • (sirv) Only use req.path if has req._decoded flag exists (#82):

    The req._decoded check was added & should have always been in there, since this was sirv's way of preventing duplicate decodeURIComponent calls. However, this was only true when it received a request from a polka@next app, since Polka was previously writing the decoded value to req.path – this changed with polka@v1.0.0-next.16

    Now that the latest polka@next (and Express) doesn't decode automatically anymore, req.path isn't trustworthy on its own. It needs req._decoded to be there too in order to trust it.

    This combo-check is backwards compatible for polka@next users who don't upgrade and will unblock Express users for the first time, who have always had a "raw" req.path value set.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
firefoxci-taskcluster[bot] commented 2 years ago
No Taskcluster jobs started for this pull request ```js The `allowPullRequests` configuration for this repository (in `.taskcluster.yml` on the default branch) does not allow starting tasks for this pull request. ```
dependabot[bot] commented 2 years ago

Superseded by #758.