astro 5.16.15 → 5.16.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/cli/infra/build-time-astro-version-provider.js +1 -1
  2. package/dist/content/content-layer.js +3 -3
  3. package/dist/core/constants.js +1 -1
  4. package/dist/core/dev/dev.js +1 -1
  5. package/dist/core/errors/dev/utils.js +22 -2
  6. package/dist/core/messages.js +2 -2
  7. package/dist/core/server-islands/endpoint.js +13 -2
  8. package/dist/runtime/server/render/server-islands.js +5 -4
  9. package/dist/types/public/context.d.ts +1 -1
  10. package/package.json +1 -1
package/dist/cli/infra/build-time-astro-version-provider.js CHANGED
@@ -1,6 +1,6 @@
1
1
  class BuildTimeAstroVersionProvider {
2
2
  // Injected during the build through esbuild define
3
- version = "5.16.15";
3
+ version = "5.16.16";
4
4
  }
5
5
  export {
6
6
  BuildTimeAstroVersionProvider
package/dist/content/content-layer.js CHANGED
@@ -164,7 +164,7 @@ ${contentConfig.error.message}`);
164
164
  logger.info("Content config changed");
165
165
  shouldClear = true;
166
166
  }
167
- if (previousAstroVersion && previousAstroVersion !== "5.16.15") {
167
+ if (previousAstroVersion && previousAstroVersion !== "5.16.16") {
168
168
  logger.info("Astro version changed");
169
169
  shouldClear = true;
170
170
  }
@@ -172,8 +172,8 @@ ${contentConfig.error.message}`);
172
172
  logger.info("Clearing content store");
173
173
  this.#store.clearAll();
174
174
  }
175
- if ("5.16.15") {
176
- await this.#store.metaStore().set("astro-version", "5.16.15");
175
+ if ("5.16.16") {
176
+ await this.#store.metaStore().set("astro-version", "5.16.16");
177
177
  }
178
178
  if (currentConfigDigest) {
179
179
  await this.#store.metaStore().set("content-config-digest", currentConfigDigest);
package/dist/core/constants.js CHANGED
@@ -1,4 +1,4 @@
1
- const ASTRO_VERSION = "5.16.15";
1
+ const ASTRO_VERSION = "5.16.16";
2
2
  const REROUTE_DIRECTIVE_HEADER = "X-Astro-Reroute";
3
3
  const REWRITE_DIRECTIVE_HEADER_KEY = "X-Astro-Rewrite";
4
4
  const REWRITE_DIRECTIVE_HEADER_VALUE = "yes";
package/dist/core/dev/dev.js CHANGED
@@ -22,7 +22,7 @@ async function dev(inlineConfig) {
22
22
  await telemetry.record([]);
23
23
  const restart = await createContainerWithAutomaticRestart({ inlineConfig, fs });
24
24
  const logger = restart.container.logger;
25
- const currentVersion = "5.16.15";
25
+ const currentVersion = "5.16.16";
26
26
  const isPrerelease = currentVersion.includes("-");
27
27
  if (!isPrerelease) {
28
28
  try {
package/dist/core/errors/dev/utils.js CHANGED
@@ -154,11 +154,31 @@ const linkRegex = /\[([^[]+)\]\(([^)]*)\)/g;
154
154
  const boldRegex = /\*\*(.+)\*\*/g;
155
155
  const urlRegex = / ((?:https?|ftp):\/\/[-\w+&@#\\/%?=~|!:,.;]*[-\w+&@#\\/%=~|])/gi;
156
156
  const codeRegex = /`([^`]+)`/g;
157
+ function isAllowedUrl(url) {
158
+ const trimmedUrl = url.trim();
159
+ if (!trimmedUrl) return false;
160
+ try {
161
+ const parsedUrl = new URL(trimmedUrl);
162
+ return ["http:", "https:"].includes(parsedUrl.protocol);
163
+ } catch {
164
+ return false;
165
+ }
166
+ }
157
167
  function renderErrorMarkdown(markdown, target) {
158
168
  if (target === "html") {
159
- return escape(markdown).replace(linkRegex, `<a href="$2" target="_blank">$1</a>`).replace(boldRegex, "<b>$1</b>").replace(urlRegex, ' <a href="$1" target="_blank">$1</a>').replace(codeRegex, "<code>$1</code>");
169
+ return escape(markdown).replace(linkRegex, (_match, text, url) => {
170
+ if (!isAllowedUrl(url)) {
171
+ return text;
172
+ }
173
+ return `<a href="${url}" target="_blank">${text}</a>`;
174
+ }).replace(boldRegex, "<b>$1</b>").replace(urlRegex, ' <a href="$1" target="_blank">$1</a>').replace(codeRegex, "<code>$1</code>");
160
175
  } else {
161
- return markdown.replace(linkRegex, (_, m1, m2) => `${colors.bold(m1)} ${colors.underline(m2)}`).replace(urlRegex, (fullMatch) => ` ${colors.underline(fullMatch.trim())}`).replace(boldRegex, (_, m1) => `${colors.bold(m1)}`);
176
+ return markdown.replace(linkRegex, (_, m1, m2) => {
177
+ if (!isAllowedUrl(m2)) {
178
+ return `${colors.bold(m1)} ${m2}`;
179
+ }
180
+ return `${colors.bold(m1)} ${colors.underline(m2)}`;
181
+ }).replace(urlRegex, (fullMatch) => ` ${colors.underline(fullMatch.trim())}`).replace(boldRegex, (_, m1) => `${colors.bold(m1)}`);
162
182
  }
163
183
  }
164
184
  export {
package/dist/core/messages.js CHANGED
@@ -38,7 +38,7 @@ function serverStart({
38
38
  host,
39
39
  base
40
40
  }) {
41
- const version = "5.16.15";
41
+ const version = "5.16.16";
42
42
  const localPrefix = `${dim("\u2503")} Local `;
43
43
  const networkPrefix = `${dim("\u2503")} Network `;
44
44
  const emptyPrefix = " ".repeat(11);
@@ -275,7 +275,7 @@ function printHelp({
275
275
  message.push(
276
276
  linebreak(),
277
277
  ` ${bgGreen(black(` ${commandName} `))} ${green(
278
- `v${"5.16.15"}`
278
+ `v${"5.16.16"}`
279
279
  )} ${headline}`
280
280
  );
281
281
  }
package/dist/core/server-islands/endpoint.js CHANGED
@@ -48,7 +48,7 @@ async function getRequestData(request) {
48
48
  }
49
49
  const encryptedSlots = params.get("s");
50
50
  return {
51
- componentExport: params.get("e"),
51
+ encryptedComponentExport: params.get("e"),
52
52
  encryptedProps: params.get("p"),
53
53
  encryptedSlots
54
54
  };
@@ -60,6 +60,11 @@ async function getRequestData(request) {
60
60
  if ("slots" in data && typeof data.slots === "object") {
61
61
  return badRequest("Plaintext slots are not allowed. Slots must be encrypted.");
62
62
  }
63
+ if ("componentExport" in data && typeof data.componentExport === "string") {
64
+ return badRequest(
65
+ "Plaintext componentExport is not allowed. componentExport must be encrypted."
66
+ );
67
+ }
63
68
  return data;
64
69
  } catch (e) {
65
70
  if (e instanceof SyntaxError) {
@@ -95,6 +100,12 @@ function createEndpoint(manifest) {
95
100
  });
96
101
  }
97
102
  const key = await manifest.key;
103
+ let componentExport;
104
+ try {
105
+ componentExport = await decryptString(key, data.encryptedComponentExport);
106
+ } catch (_e) {
107
+ return badRequest("Encrypted componentExport value is invalid.");
108
+ }
98
109
  const encryptedProps = data.encryptedProps;
99
110
  let props = {};
100
111
  if (encryptedProps !== "") {
@@ -116,7 +127,7 @@ function createEndpoint(manifest) {
116
127
  }
117
128
  }
118
129
  const componentModule = await imp();
119
- let Component = componentModule[data.componentExport];
130
+ let Component = componentModule[componentExport];
120
131
  const slots = {};
121
132
  for (const prop in decryptedSlots) {
122
133
  slots[prop] = createSlotValueFromString(decryptedSlots[prop]);
package/dist/runtime/server/render/server-islands.js CHANGED
@@ -20,9 +20,9 @@ const COMMENT_REPLACER = "\\u003C!--";
20
20
  function safeJsonStringify(obj) {
21
21
  return JSON.stringify(obj).replace(SCRIPT_RE, SCRIPT_REPLACER).replace(COMMENT_RE, COMMENT_REPLACER);
22
22
  }
23
- function createSearchParams(componentExport, encryptedProps, slots) {
23
+ function createSearchParams(encryptedComponentExport, encryptedProps, slots) {
24
24
  const params = new URLSearchParams();
25
- params.set("e", componentExport);
25
+ params.set("e", encryptedComponentExport);
26
26
  params.set("p", encryptedProps);
27
27
  params.set("s", slots);
28
28
  return params;
@@ -124,13 +124,14 @@ class ServerIslandComponent {
124
124
  }
125
125
  }
126
126
  const key = await this.result.key;
127
+ const componentExportEncrypted = await encryptString(key, componentExport);
127
128
  const propsEncrypted = Object.keys(this.props).length === 0 ? "" : await encryptString(key, JSON.stringify(this.props));
128
129
  const slotsEncrypted = Object.keys(renderedSlots).length === 0 ? "" : await encryptString(key, JSON.stringify(renderedSlots));
129
130
  const hostId = await this.getHostId();
130
131
  const slash = this.result.base.endsWith("/") ? "" : "/";
131
132
  let serverIslandUrl = `${this.result.base}${slash}_server-islands/${componentId}${this.result.trailingSlash === "always" ? "/" : ""}`;
132
133
  const potentialSearchParams = createSearchParams(
133
- componentExport,
134
+ componentExportEncrypted,
134
135
  propsEncrypted,
135
136
  slotsEncrypted
136
137
  );
@@ -152,7 +153,7 @@ let response = await fetch('${serverIslandUrl}', { headers });`
152
153
  ) : (
153
154
  // POST request
154
155
  `let data = {
155
- componentExport: ${safeJsonStringify(componentExport)},
156
+ encryptedComponentExport: ${safeJsonStringify(componentExportEncrypted)},
156
157
  encryptedProps: ${safeJsonStringify(propsEncrypted)},
157
158
  encryptedSlots: ${safeJsonStringify(slotsEncrypted)},
158
159
  };
package/dist/types/public/context.d.ts CHANGED
@@ -269,7 +269,7 @@ export interface AstroSharedContext<Props extends Record<string, any> = Record<s
269
269
  * ```astro
270
270
  * import { actions } from 'astro:actions';
271
271
  *
272
- * const result = await Astro.getActionResult(actions.myAction);
272
+ * const result = Astro.getActionResult(actions.myAction);
273
273
  * ```
274
274
  *
275
275
  * [Astro reference](https://docs.astro.build/en/reference/api-reference/#getactionresult)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "astro",
3
- "version": "5.16.15",
3
+ "version": "5.16.16",
4
4
  "description": "Astro is a modern site builder with web best practices, performance, and DX front-of-mind.",
5
5
  "type": "module",
6
6
  "author": "withastro",