@lark-apaas/fullstack-rspack-preset 1.0.41 → 1.0.42

package/lib/rspack-plugins/static-assets-plugin.js

@@ -164,7 +164,16 @@ class StaticAssetsPlugin {
             if (!url.startsWith(staticPrefix)) {
                 return next();
             }
-            const relativePath = url.slice(staticPrefix.length).split('?')[0];
+            const rawRelativePath = url.slice(staticPrefix.length).split('?')[0];
+            let relativePath;
+            try {
+                relativePath = decodeURIComponent(rawRelativePath);
+            }
+            catch {
+                res.statusCode = 400;
+                res.end('Bad Request');
+                return;
+            }
             const filePath = path.join(staticDir, relativePath);
             // Security: prevent path traversal
             const normalizedPath = path.normalize(filePath);
@@ -193,7 +202,6 @@ class StaticAssetsPlugin {
         };
     }
     apply(compiler) {
-        const { clientBasePath } = this.options;
         // Create a temporary directory for virtual modules
         const virtualModulesDir = path.join(this.options.rootDir, 'node_modules', '.cache', 'static-assets-virtual');
         // Ensure virtual modules directory exists

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/fullstack-rspack-preset",
-  "version": "1.0.41",
+  "version": "1.0.42",
   "files": [
     "lib",
     "patches",
@@ -32,7 +32,7 @@
     "@babel/traverse": "^7.28.0",
     "@babel/types": "^7.28.2",
     "@lark-apaas/devtool-kits": "^1.2.18",
-    "@lark-apaas/miaoda-inspector-babel-plugin": "^1.0.0",
+    "@lark-apaas/miaoda-inspector-babel-plugin": "^1.0.1",
     "@lark-apaas/miaoda-inspector-jsx-runtime": "^1.0.1",
     "@lark-apaas/styled-jsx": "^1.0.1",
     "@rspack/plugin-react-refresh": "^1.5.1",