Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.1.2 to 0.3.0 #60

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Laurry-gee
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.1.2 to 0.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released a year ago, on 2022-12-19.
Release notes
Package name: @cloudflare/kv-asset-handler
  • 0.3.0 - 2022-12-19
    • Features

      • Allow configurable downgrade of ETag validator strength - awwong1, pull/315

      This allows users to override the default strong ETag validator behaviour to use weak ETag validators. This change allows the developer to use weak ETags and preserve 304 responses (e.g. on *.workers.dev domains).

    • Fixes

      Previously when edge cached was enabled, the content-length of the response was not being set correctly. This was due to the length property of the ArrayBuffer instance being called instead of the byteLength property. This PR fixes this issue.

    • Maintenance

      • chore(ci): bump node versions in actions - KianNH, pull/354

        This bumps the Node versions used in the CI actions to the latest LTS versions.

      • chore: use tabs for indentation - Cherry, pull/355

        This PR changes the indentation of the project to use tabs instead of spaces, falling more in line with other Cloudflare JavaScript projects like wrangler.

      • chore: bump dependencies - Cherry, pull/356

        This bumps many dependencies of the project to their latest versions.

  • 0.2.0 - 2021-11-16
    • Features

      • Allow changing pathIsEncoded through options - JackPriceBurns, pull/243

        When using mapRequestToAsset, it encodes the URL / key and will never check the KV store for the decoded key.

        This adds the ability to set pathIsEncoded to true, which will decode the URL before getting it from the KV.

      • Support ES Modules. - threepointone, pull/261

        This PR provides a possible solution for getting Workers Sites working with ES Module workers. This approach is not as invasive as other approaches, so isn't as risky either.

        Usage:

        import manifestJSON from "__STATIC_CONTENT_MANIFEST";
        const manifest = JSON.parse(manifestJSON);

        export default {
        fetch(request, env, ctx) {
        return await getAssetFromKV(
        {
        request,
        waitUntil(promise) {
        return ctx.waitUntil(promise);
        },
        },
        {
        ASSET_NAMESPACE: env.ASSET_NAMESPACE,
        ASSET_MANIFEST: manifest,
        }
        );
        // ...
        },
        };

    • Fixes

      • fix: default ASSET_MANIFEST to empty object - Cherry, pull/254

        As per discussion in Discord and the repo at https://github.com/Erisa-bits/getassetfromkv-undefined-error, allowing ASSET_MANIFEST to be optional got lost somewhere along the years and errors when attempted to be used without it. This PR restores this functionality by setting it to an empty object (instead of undefined), which allows fall-through to the standard mapRequestToAsset function.

        chore: bump dependencies - This updates a few dependencies and also pins @ types/node to 15.x since 16.x has some incompatible types.
        feat: generate more modern code - This removes the unnecessary async/await polyfill added by TypeScript

    • Maintenance

  • 0.1.3 - 2021-06-18
    • Performance

      • Only parse ASSET_MANIFEST once on startup - Cherry, pull/185

        This PR improves performance of the getAssetFromKV function by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:

        Before change:
        100 iterations: Done. Mean kv response time is 16.61
        1000 iterations: Done. Mean kv response time is 17.798
        After change:
        100 iterations: Done. Mean kv response time is 6.62
        1000 iterations: Done. Mean kv response time is 7.296

        Initial work and credit to groenlid in pull/143.

    • Fixes

      • ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188

        This PR fixes the library from crashing when global environment variables such as __STATIC_CONTENT and __STATIC_CONTENT_MANIFEST are missing, which is currently the case when using the new ESM module syntax.

        Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.

    • Maintenance

      • Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185

        This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs prettier to maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.

      • Add test for mapRequestToAsset asset override - Cherry, pull/186

        This PR adds a test for the functionality added in pull/159. This tests that when overriding the mapRequestToAsset function in its entirety, this function is always run.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged:

        • Bump @ types/node from 15.3.1 to 15.6.0 (pull/183)
        • Bump @ types/node from 15.6.0 to 15.6.1 (pull/184)
        • Bump @ types/node from 15.6.1 to 15.9.0 (pull/189)
        • Bump @ types/node from 15.9.0 to 15.12.0 (pull/190)
        • Bump @ types/node from 15.12.0 to 15.12.1 (pull/191)
        • Bump @ types/node from 15.12.1 to 15.12.2 (pull/193)
        • Bump typescript from 4.2.4 to 4.3.2 (pull/187)
        • Bump prettier from 2.3.0 to 2.3.1 (pull/192)
  • 0.1.2 - 2021-05-24
    • Features

      • Support for defaultDocument configuration - boemekeld, pull/161

        This PR adds support for customizing the defaultDocument option in getAssetFromKV. In situations where a project does not use index.html as the default document for a path, this can now be customized to values like index.shtm:

        return getAssetFromKV(event, { 
          defaultDocument: "index.shtm"
        })
    • Fixes

      • Fire mapRequestToAsset for all requests, if explicitly defined - Cherry, pull/159

        This PR fixes an issue where a custom mapRequestToAsset handler weren't fired if a matching asset path was found in ASSET_MANIFEST data. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in the ASSET_MANIFEST.

        Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the ASSET_MANIFEST. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.

      • Etag logic refactor - shagamemnon, pull/133

        This PR refactors a great deal of the Etag functionality introduced in 0.0.11. kv-asset-handler will now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.

      • Fix path decoding issue - xiaolanglanglang, pull/142

        This PR improves support for non-alphanumeric character paths in kv-asset-handler, for instance, if the path requested is in Chinese.

      • Check HTTP method after mapRequestToAsset - oliverpool, pull/178

        This PR fixes an issue where the HTTP method for an asset is checked before the mapRequestToAsset handler is called. This has caused issues for users in the past, where they need to generate a requestKey based on an asset path, even if the request method is not GET. This fixes issue/151.

    • Maintenance

      • Add Markdown linting workflow to GitHub Actions - jbampton, pull/135

        Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other .md files in the source code.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged since our last release:

        • Bump @ types/node from 15.30.0 to 15.30.1 (pull/180)
        • Bump hosted-git-info from 2.8.8 to 2.8.9 (pull/176)
        • Bump ini from 1.3.5 to 1.3.8 (pull/160)
        • Bump lodash from 4.17.19 to 4.17.21 (pull/175)
        • Bump urijs from 1.19.2 to 1.19.6 (pull/168)
        • Bump y18n from 4.0.0 to 4.0.1 (pull/173)
      • Repository maintenance - Cherry, pull/179

        New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.

    • Documentation

      • Update README.md - signalnerve, pull/177

        This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server

      • Add instructions for updating version in related repos - caass, [pull/171]

        This PR adds instructions for updating the kv-asset-handler version in related repositories, such as our templates, that use kv-asset-handler and are exposed to end-users of Wrangler and Workers.

from @cloudflare/kv-asset-handler GitHub release notes
Commit messages
Package name: @cloudflare/kv-asset-handler

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants