[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.1.2 to 0.3.0 #80
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.1.2 to 0.3.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: @cloudflare/kv-asset-handler
Features
This allows users to override the default strong ETag validator behaviour to use weak ETag validators. This change allows the developer to use weak ETags and preserve 304 responses (e.g. on *.workers.dev domains).
Fixes
ArrayBuffer
instance - philipatkinson, pull/295Previously when edge cached was enabled, the
content-length
of the response was not being set correctly. This was due to thelength
property of theArrayBuffer
instance being called instead of thebyteLength
property. This PR fixes this issue.Maintenance
chore(ci): bump node versions in actions - KianNH, pull/354
This bumps the Node versions used in the CI actions to the latest LTS versions.
chore: use tabs for indentation - Cherry, pull/355
This PR changes the indentation of the project to use tabs instead of spaces, falling more in line with other Cloudflare JavaScript projects like wrangler.
chore: bump dependencies - Cherry, pull/356
This bumps many dependencies of the project to their latest versions.
Features
Allow changing pathIsEncoded through options - JackPriceBurns, pull/243
When using
mapRequestToAsset
, it encodes the URL / key and will never check the KV store for the decoded key.This adds the ability to set
pathIsEncoded
to true, which will decode the URL before getting it from the KV.Support ES Modules. - threepointone, pull/261
This PR provides a possible solution for getting Workers Sites working with ES Module workers. This approach is not as invasive as other approaches, so isn't as risky either.
Usage:
const manifest = JSON.parse(manifestJSON);
export default {
fetch(request, env, ctx) {
return await getAssetFromKV(
{
request,
waitUntil(promise) {
return ctx.waitUntil(promise);
},
},
{
ASSET_NAMESPACE: env.ASSET_NAMESPACE,
ASSET_MANIFEST: manifest,
}
);
// ...
},
};
Fixes
fix: default ASSET_MANIFEST to empty object - Cherry, pull/254
As per discussion in Discord and the repo at https://github.com/Erisa-bits/getassetfromkv-undefined-error, allowing
ASSET_MANIFEST
to be optional got lost somewhere along the years and errors when attempted to be used without it. This PR restores this functionality by setting it to an empty object (instead ofundefined
), which allows fall-through to the standardmapRequestToAsset
function.chore: bump dependencies - This updates a few dependencies and also pins
@ types/node
to15.x
since16.x
has some incompatible types.feat: generate more modern code - This removes the unnecessary async/await polyfill added by TypeScript
Maintenance
chore: remove debug logs around
response.body.cancel
support - Cherry, pull/249Fixes issues/248
Performance
Only parse
ASSET_MANIFEST
once on startup - Cherry, pull/185This PR improves performance of the
getAssetFromKV
function by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:Initial work and credit to groenlid in pull/143.
Fixes
ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188
This PR fixes the library from crashing when global environment variables such as
__STATIC_CONTENT
and__STATIC_CONTENT_MANIFEST
are missing, which is currently the case when using the new ESM module syntax.Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.
Maintenance
Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185
This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs
prettier
to maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.Add test for
mapRequestToAsset
asset override - Cherry, pull/186This PR adds a test for the functionality added in pull/159. This tests that when overriding the
mapRequestToAsset
function in its entirety, this function is always run.Dependabot updates
A number of dependabot patch-level updates have been merged:
Features
Support for
defaultDocument
configuration - boemekeld, pull/161This PR adds support for customizing the
defaultDocument
option ingetAssetFromKV
. In situations where a project does not useindex.html
as the default document for a path, this can now be customized to values likeindex.shtm
:Fixes
Fire
mapRequestToAsset
for all requests, if explicitly defined - Cherry, pull/159This PR fixes an issue where a custom
mapRequestToAsset
handler weren't fired if a matching asset path was found inASSET_MANIFEST
data. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in theASSET_MANIFEST
.Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the
ASSET_MANIFEST
. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.Etag logic refactor - shagamemnon, pull/133
This PR refactors a great deal of the Etag functionality introduced in 0.0.11.
kv-asset-handler
will now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.Fix path decoding issue - xiaolanglanglang, pull/142
This PR improves support for non-alphanumeric character paths in
kv-asset-handler
, for instance, if the path requested is in Chinese.Check HTTP method after mapRequestToAsset - oliverpool, pull/178
This PR fixes an issue where the HTTP method for an asset is checked before the
mapRequestToAsset
handler is called. This has caused issues for users in the past, where they need to generate arequestKey
based on an asset path, even if the request method is notGET
. This fixes issue/151.Maintenance
Add Markdown linting workflow to GitHub Actions - jbampton, pull/135
Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other
.md
files in the source code.Dependabot updates
A number of dependabot patch-level updates have been merged since our last release:
Repository maintenance - Cherry, pull/179
New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.
Documentation
Update README.md - signalnerve, pull/177
This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server
Add instructions for updating version in related repos - caass, [pull/171]
This PR adds instructions for updating the
kv-asset-handler
version in related repositories, such as our templates, that usekv-asset-handler
and are exposed to end-users of Wrangler and Workers.Commit messages
Package name: @cloudflare/kv-asset-handler
eslint-plugin-import
cloudflare/workers-sdk#357)--prefer-offline
when runningnpm install
cloudflare/workers-sdk#312 from cloudflare/dependabot/npm_and_yarn/ansi-regex-4.1.1wrangler init
cloudflare/workers-sdk#304 from cloudflare/dependabot/npm_and_yarn/urijs-1.19.11node-fetch
withundici
cloudflare/workers-sdk#348 from cloudflare/dependabot/npm_and_yarn/prettier-2.8.1Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs