Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update sirv to 2.0.3 #13057

Merged
merged 4 commits into from
Jun 7, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,8 @@
},
"patchedDependencies": {
"dotenv-expand@9.0.0": "patches/dotenv-expand@9.0.0.patch",
"sirv@2.0.2": "patches/sirv@2.0.2.patch",
"chokidar@3.5.3": "patches/chokidar@3.5.3.patch"
"chokidar@3.5.3": "patches/chokidar@3.5.3.patch",
"sirv@2.0.3": "patches/sirv@2.0.3.patch"
}
},
"stackblitz": {
Expand Down
2 changes: 1 addition & 1 deletion packages/vite/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@
"postcss-modules": "^6.0.0",
"resolve.exports": "^2.0.2",
"rollup-plugin-license": "^3.0.1",
"sirv": "^2.0.2",
"sirv": "^2.0.3",
"source-map-js": "^1.0.2",
"source-map-support": "^0.5.21",
"strip-ansi": "^7.0.1",
Expand Down
8 changes: 4 additions & 4 deletions packages/vite/src/node/server/middlewares/static.ts
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ export function serveStaticMiddleware(
}

const url = new URL(req.url!, 'http://example.com')
const pathname = decodeURIComponent(url.pathname)
const pathname = decodeURI(url.pathname)

// apply aliases to static requests as well
let redirectedPathname: string | undefined
Expand Down Expand Up @@ -135,7 +135,7 @@ export function serveStaticMiddleware(
}

if (redirectedPathname) {
url.pathname = encodeURIComponent(redirectedPathname)
url.pathname = encodeURI(redirectedPathname)
req.url = url.href.slice(url.origin.length)
}

Expand All @@ -159,7 +159,7 @@ export function serveRawFsMiddleware(
// the paths are rewritten to `/@fs/` prefixed paths and must be served by
// searching based from fs root.
if (url.pathname.startsWith(FS_PREFIX)) {
const pathname = decodeURIComponent(url.pathname)
const pathname = decodeURI(url.pathname)
// restrict files outside of `fs.allow`
if (
!ensureServingAccess(
Expand All @@ -175,7 +175,7 @@ export function serveRawFsMiddleware(
let newPathname = pathname.slice(FS_PREFIX.length)
if (isWindows) newPathname = newPathname.replace(/^[A-Z]:/i, '')

url.pathname = encodeURIComponent(newPathname)
url.pathname = encodeURI(newPathname)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part was returning %2Ffoo%2Fbar when url.pathname was /foo/bar. But because lukeed/sirv#149 changed decodeURIComponent to decodeURI, this no longer works.

The reason why this part was using encodeURIComponent is #8979. In that time, we weren't able to use decodeURI in line 162 because of #8804.

req.url = url.href.slice(url.origin.length)
serveFromRoot(req, res, next)
} else {
Expand Down
8 changes: 4 additions & 4 deletions patches/sirv@2.0.2.patch → patches/sirv@2.0.3.patch
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
diff --git a/build.js b/build.js
index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f8c03767c 100644
index 0884d9ffaa24d0ae3ec020a6faff12b3125b2071..85b82c90346e829bbf723e913f282c80096df061 100644
--- a/build.js
+++ b/build.js
@@ -35,7 +35,7 @@ function viaCache(cache, uri, extns) {
Expand All @@ -19,7 +19,7 @@ index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f
headers = toHeaders(name, stats, isEtag);
headers['Cache-Control'] = isEtag ? 'no-cache' : 'no-store';
return { abs, stats, headers };
@@ -172,7 +173,7 @@ module.exports = function (dir, opts={}) {
@@ -176,7 +177,7 @@ module.exports = function (dir, opts={}) {
catch (err) { /* malform uri */ }
}

Expand All @@ -29,7 +29,7 @@ index b046ee138b1f9047c70beaeea7279d3476d7e8cd..574ce1410a1344a4db292803d05c303f

if (isEtag && req.headers['if-none-match'] === data.headers['ETag']) {
diff --git a/build.mjs b/build.mjs
index fe01068d0dd3f788a0978802db1747dd83c5825e..fb099c38cc2cbd59300471e7307625e2fc127f0c 100644
index c93bbe6bdfb7ad13ee20f0c44d80d6aacdd64087..3dc3e22f09abcae51aef7b75c34dc08b1f6e6abd 100644
--- a/build.mjs
+++ b/build.mjs
@@ -35,7 +35,7 @@ function viaCache(cache, uri, extns) {
Expand All @@ -49,7 +49,7 @@ index fe01068d0dd3f788a0978802db1747dd83c5825e..fb099c38cc2cbd59300471e7307625e2
headers = toHeaders(name, stats, isEtag);
headers['Cache-Control'] = isEtag ? 'no-cache' : 'no-store';
return { abs, stats, headers };
@@ -172,7 +173,7 @@ export default function (dir, opts={}) {
@@ -176,7 +177,7 @@ export default function (dir, opts={}) {
catch (err) { /* malform uri */ }
}

Expand Down
10 changes: 4 additions & 6 deletions playground/fs-serve/__tests__/fs-serve.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,12 @@ describe.runIf(isServe)('main', () => {
})

test('unsafe fetch with special characters (#8498)', async () => {
expect(await page.textContent('.unsafe-fetch-8498')).toMatch(
'403 Restricted',
)
expect(await page.textContent('.unsafe-fetch-8498-status')).toBe('403')
expect(await page.textContent('.unsafe-fetch-8498')).toBe('')
expect(await page.textContent('.unsafe-fetch-8498-status')).toBe('404')
})

test('unsafe fetch with special characters 2 (#8498)', async () => {
expect(await page.textContent('.unsafe-fetch-8498-2')).toMatch('')
expect(await page.textContent('.unsafe-fetch-8498-2')).toBe('')
Comment on lines -53 to +51
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC This line wasn't testing anything. 😅 .toMatch('') returns always true.
https://stackblitz.com/edit/vitest-dev-vitest-byvrxk?file=test%2Fbasic.test.ts

expect(await page.textContent('.unsafe-fetch-8498-2-status')).toBe('404')
})

Expand Down Expand Up @@ -78,7 +76,7 @@ describe.runIf(isServe)('main', () => {

test('unsafe fs fetch with special characters (#8498)', async () => {
expect(await page.textContent('.unsafe-fs-fetch-8498')).toBe('')
expect(await page.textContent('.unsafe-fs-fetch-8498-status')).toBe('403')
expect(await page.textContent('.unsafe-fs-fetch-8498-status')).toBe('404')
})

test('unsafe fs fetch with special characters 2 (#8498)', async () => {
Expand Down
3 changes: 3 additions & 0 deletions playground/lib/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,8 @@
"build": "vite build",
"debug": "node --inspect-brk ../../packages/vite/bin/vite",
"preview": "vite preview"
},
"devDependencies": {
"sirv": "^2.0.3"
}
}
3 changes: 1 addition & 2 deletions playground/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
"convert-source-map": "^2.0.0",
"css-color-names": "^1.0.1",
"kill-port": "^1.6.1",
"node-fetch": "^3.3.1",
"sirv": "^2.0.2"
"node-fetch": "^3.3.1"
}
}
23 changes: 12 additions & 11 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.