[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.2.0

[YajB]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2021-11-16.

Release notes

Package name: @cloudflare/kv-asset-handler

• 0.2.0 - 2021-11-16
  

  • Features

    • Allow changing pathIsEncoded through options - JackPriceBurns, pull/243

      When using mapRequestToAsset, it encodes the URL / key and will never check the KV store for the decoded key.

      This adds the ability to set pathIsEncoded to true, which will decode the URL before getting it from the KV.

    • Support ES Modules. - threepointone, pull/261

      This PR provides a possible solution for getting Workers Sites working with ES Module workers. This approach is not as invasive as other approaches, so isn't as risky either.

      Usage:

      import manifestJSON from "__STATIC_CONTENT_MANIFEST";
      const manifest = JSON.parse(manifestJSON);

      export default {
      fetch(request, env, ctx) {
      return await getAssetFromKV(
      {
      request,
      waitUntil(promise) {
      return ctx.waitUntil(promise);
      },
      },
      {
      ASSET_NAMESPACE: env.ASSET_NAMESPACE,
      ASSET_MANIFEST: manifest,
      }
      );
      // ...
      },
      };

  • Fixes

    • fix: default ASSET_MANIFEST to empty object - Cherry, pull/254

      As per discussion in Discord and the repo at [https://github.com/Erisa-bits/getassetfromkv-undefined-error], allowing ASSET_MANIFEST to be optional got lost somewhere along the years and errors when attempted to be used without it. This PR restores this functionality by setting it to an empty object (instead of undefined), which allows fall-through to the standard mapRequestToAsset function.

      chore: bump dependencies - This updates a few dependencies and also pins @ types/node to 15.x since 16.x has some incompatible types.
      feat: generate more modern code - This removes the unnecessary async/await polyfill added by TypeScript

  • Maintenance

    • chore: remove debug logs around response.body.cancel support - Cherry, pull/249

      Fixes issues/248

• 0.1.3 - 2021-06-18
  

  • Performance

    • Only parse ASSET_MANIFEST once on startup - Cherry, pull/185

      This PR improves performance of the getAssetFromKV function by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:

      Before change:
      100 iterations: Done. Mean kv response time is 16.61
      1000 iterations: Done. Mean kv response time is 17.798
      After change:
      100 iterations: Done. Mean kv response time is 6.62
      1000 iterations: Done. Mean kv response time is 7.296

      Initial work and credit to groenlid in pull/143.

  • Fixes

    • ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188

      This PR fixes the library from crashing when global environment variables such as __STATIC_CONTENT and __STATIC_CONTENT_MANIFEST are missing, which is currently the case when using the new ESM module syntax.

      Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.

  • Maintenance

    • Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185

      This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs prettier to maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.

    • Add test for mapRequestToAsset asset override - Cherry, pull/186

      This PR adds a test for the functionality added in pull/159. This tests that when overriding the mapRequestToAsset function in its entirety, this function is always run.

    • Dependabot updates

      A number of dependabot patch-level updates have been merged:

      • Bump @ types/node from 15.3.1 to 15.6.0 (pull/183)
      • Bump @ types/node from 15.6.0 to 15.6.1 (pull/184)
      • Bump @ types/node from 15.6.1 to 15.9.0 (pull/189)
      • Bump @ types/node from 15.9.0 to 15.12.0 (pull/190)
      • Bump @ types/node from 15.12.0 to 15.12.1 (pull/191)
      • Bump @ types/node from 15.12.1 to 15.12.2 (pull/193)
      • Bump typescript from 4.2.4 to 4.3.2 (pull/187)
      • Bump prettier from 2.3.0 to 2.3.1 (pull/192)
• 0.1.2 - 2021-05-24
  

  • Features

    • Support for defaultDocument configuration - boemekeld, pull/161

      This PR adds support for customizing the defaultDocument option in getAssetFromKV. In situations where a project does not use index.html as the default document for a path, this can now be customized to values like index.shtm:

      return getAssetFromKV(event, { 
        defaultDocument: "index.shtm"
      })

  • Fixes

    • Fire mapRequestToAsset for all requests, if explicitly defined - Cherry, pull/159

      This PR fixes an issue where a custom mapRequestToAsset handler weren't fired if a matching asset path was found in ASSET_MANIFEST data. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in the ASSET_MANIFEST.

      Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the ASSET_MANIFEST. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.

    • Etag logic refactor - shagamemnon, pull/133

      This PR refactors a great deal of the Etag functionality introduced in 0.0.11. kv-asset-handler will now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.

    • Fix path decoding issue - xiaolanglanglang, pull/142

      This PR improves support for non-alphanumeric character paths in kv-asset-handler, for instance, if the path requested is in Chinese.

    • Check HTTP method after mapRequestToAsset - oliverpool, pull/178

      This PR fixes an issue where the HTTP method for an asset is checked before the mapRequestToAsset handler is called. This has caused issues for users in the past, where they need to generate a requestKey based on an asset path, even if the request method is not GET. This fixes issue/151.

  • Maintenance

    • Add Markdown linting workflow to GitHub Actions - jbampton, pull/135

      Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other .md files in the source code.

    • Dependabot updates

      A number of dependabot patch-level updates have been merged since our last release:

      • Bump @ types/node from 15.30.0 to 15.30.1 (pull/180)
      • Bump hosted-git-info from 2.8.8 to 2.8.9 (pull/176)
      • Bump ini from 1.3.5 to 1.3.8 (pull/160)
      • Bump lodash from 4.17.19 to 4.17.21 (pull/175)
      • Bump urijs from 1.19.2 to 1.19.6 (pull/168)
      • Bump y18n from 4.0.0 to 4.0.1 (pull/173)

    • Repository maintenance - Cherry, pull/179

      New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.

  • Documentation

    • Update README.md - signalnerve, pull/177

      This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server

    • Add instructions for updating version in related repos - caass, [pull/171]

      This PR adds instructions for updating the kv-asset-handler version in related repositories, such as our templates, that use kv-asset-handler and are exposed to end-users of Wrangler and Workers.

• 0.1.1 - 2021-03-15
  

  0.1.1

  • Fixes

    • kv-asset-handler can translate 206 responses to 200 - harrishancock, pull/166

      Fixes wrangler#1746

• 0.1.0 - 2020-12-02
  

  0.1.0

• 0.0.12 - 2020-09-02
  

  • Features

    • Add defaultMimeType option to getAssetFromKV - mgrahamjo, pull/121

      Some static website owners prefer not to create all of their web routes as directories containing index.html files. Instead, they prefer to create pages as extensionless HTML files. Providing a defaultMimeType option will allow users to set the Content-Type header for extensionless files to text/html, which will enable this use case.

    • Add defaultMimeType to types - [shagamemnon], pull/132

      Adds the newly added defaultMimeType to the exported types for this package.

  • Fixes

    • Fix text/ charset - EatonZ, pull/130*

      Adds a missing - to the utf-8 charset value in response mime types.

    • Cache handling for HEAD requests - klittlepage, pull/141

      This PR skips caching for incoming HEAD requests, as they should not be able to be edge cached.

  • Maintenance

    • Markdown linting/typos - jbampton, pull/123, pull/125, pull/126, pull/127, pull/128, pull/129, pull/131, pull/134

      These PRs contain various typo fixes and linting of existing Markdown files in our documentation and CHANGELOG.

from @cloudflare/kv-asset-handler GitHub release notes

Commit messages

Package name: @cloudflare/kv-asset-handler

• ff8d3dc Merge pull request [Access] add documentation on testing an IdP  cloudflare/cloudflare-docs#266 from cloudflare/threepointone-patch-1
• c5d735b updating version in package.json to 0.2.0
• e299347 Merge pull request Fix case of GitHub cloudflare/cloudflare-docs#263 from cloudflare/0.2.0
• 953a8c9 Merge pull request lacking 'as=style' in the Link preload header cloudflare/cloudflare-docs#265 from cloudflare/env-static-content
• 129d678 s/`env.ASSET_NAMESPACE`/`env.__STATIC_CONTENT`
• f24b3ca Merge pull request Removing trailing whitespace from Markdown files cloudflare/cloudflare-docs#264 from cloudflare/cass/update-docs-es-modules
• 6c4cd81 Update README to reflect support for ES Modules
• ae7f633 fixup! 0.2.0
• 450a45b 0.2.0
• fd27ccf Merge pull request Fixed data type of response parameter for put cloudflare/cloudflare-docs#261 from cloudflare/es-worker-compat
• 79ebac4 Support ES Modules.
• 25ac88f Merge pull request TUN-3510: Argo Tunnel docs now use ingress rules (not CLI) to configure origins cloudflare/cloudflare-docs#260 from cloudflare/dependabot/npm_and_yarn/mime-3.0.0
• 3558bf3 chore(deps): bump mime from 2.6.0 to 3.0.0
• d338fd4 Merge pull request STREAM-2706 Update TUS docs with 256KiB multiple requirement cloudflare/cloudflare-docs#257 from cloudflare/dependabot/npm_and_yarn/ava/typescript-3.0.0
• dd58e23 Merge pull request WAF announcement 2020-11-09 cloudflare/cloudflare-docs#259 from cloudflare/dependabot/npm_and_yarn/cloudflare/workers-types-3.1.1
• cff33e3 Merge pull request Update list of datasets cloudflare/cloudflare-docs#258 from cloudflare/dependabot/npm_and_yarn/mime-2.6.0
• 90f8c77 chore(deps-dev): bump @ cloudflare/workers-types from 3.0.0 to 3.1.1
• e2851d7 chore(deps): bump mime from 2.5.2 to 2.6.0
• 0918c04 chore(deps-dev): bump @ ava/typescript from 2.0.0 to 3.0.0
• eaf10bd Merge pull request Token.md cloudflare/cloudflare-docs#254 from cloudflare/cherry/fix-undefined-manifest
• 08ebedd chore: bump `@ cloudflare/workers-types`
• 94bf0d9 chore: add test for optional ASSET_MANIFEST
• 2a35a86 docs: fix README anchor links
• 2c608d0 fix: default `ASSET_MANIFEST` to empty object

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs