h3 1.15.7 → 1.15.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +8 -8
- package/dist/index.mjs +9 -9
- package/package.json +6 -6
package/dist/index.cjs
CHANGED
|
@@ -1500,7 +1500,7 @@ function formatEventStreamMessage(message) {
|
|
|
1500
1500
|
`;
|
|
1501
1501
|
}
|
|
1502
1502
|
const data = typeof message.data === "string" ? message.data : "";
|
|
1503
|
-
for (const line of data.split(
|
|
1503
|
+
for (const line of data.split(/\r\n|\r|\n/)) {
|
|
1504
1504
|
result += `data: ${line}
|
|
1505
1505
|
`;
|
|
1506
1506
|
}
|
|
@@ -1671,10 +1671,10 @@ async function serveStatic(event, options) {
|
|
|
1671
1671
|
}
|
|
1672
1672
|
return false;
|
|
1673
1673
|
}
|
|
1674
|
-
const originalId = ufo.
|
|
1675
|
-
ufo.
|
|
1674
|
+
const originalId = ufo.withLeadingSlash(
|
|
1675
|
+
ufo.withoutTrailingSlash(ufo.parseURL(event.path).pathname)
|
|
1676
1676
|
);
|
|
1677
|
-
if (/(^|[\\/])
|
|
1677
|
+
if (/(^|[\\/])(\.\.|%2e%2e|%2e\.|\.%2e)($|[\\/])/i.test(originalId)) {
|
|
1678
1678
|
if (!options.fallthrough) {
|
|
1679
1679
|
throw createError({ statusCode: 404 });
|
|
1680
1680
|
}
|
|
@@ -2152,10 +2152,10 @@ function cachedFn(fn) {
|
|
|
2152
2152
|
}
|
|
2153
2153
|
function _decodePath(url) {
|
|
2154
2154
|
const qIndex = url.indexOf("?");
|
|
2155
|
-
|
|
2156
|
-
|
|
2157
|
-
|
|
2158
|
-
return
|
|
2155
|
+
const path = qIndex === -1 ? url : url.slice(0, qIndex);
|
|
2156
|
+
const query = qIndex === -1 ? "" : url.slice(qIndex);
|
|
2157
|
+
const decodedPath = path.includes("%25") ? ufo.decodePath(path.replace(/%25/g, "%2525")) : ufo.decodePath(path);
|
|
2158
|
+
return decodedPath + query;
|
|
2159
2159
|
}
|
|
2160
2160
|
function websocketOptions(evResolver, appOptions) {
|
|
2161
2161
|
return {
|
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1, decode,
|
|
1
|
+
import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1, decode, withLeadingSlash, parseURL, joinURL, decodePath } from 'ufo';
|
|
2
2
|
import { parse as parse$1, serialize, parseSetCookie } from 'cookie-es';
|
|
3
3
|
import { createRouter as createRouter$1, toRouteMatcher } from 'radix3';
|
|
4
4
|
import { defu } from 'defu';
|
|
@@ -1493,7 +1493,7 @@ function formatEventStreamMessage(message) {
|
|
|
1493
1493
|
`;
|
|
1494
1494
|
}
|
|
1495
1495
|
const data = typeof message.data === "string" ? message.data : "";
|
|
1496
|
-
for (const line of data.split(
|
|
1496
|
+
for (const line of data.split(/\r\n|\r|\n/)) {
|
|
1497
1497
|
result += `data: ${line}
|
|
1498
1498
|
`;
|
|
1499
1499
|
}
|
|
@@ -1664,10 +1664,10 @@ async function serveStatic(event, options) {
|
|
|
1664
1664
|
}
|
|
1665
1665
|
return false;
|
|
1666
1666
|
}
|
|
1667
|
-
const originalId =
|
|
1668
|
-
|
|
1667
|
+
const originalId = withLeadingSlash(
|
|
1668
|
+
withoutTrailingSlash(parseURL(event.path).pathname)
|
|
1669
1669
|
);
|
|
1670
|
-
if (/(^|[\\/])
|
|
1670
|
+
if (/(^|[\\/])(\.\.|%2e%2e|%2e\.|\.%2e)($|[\\/])/i.test(originalId)) {
|
|
1671
1671
|
if (!options.fallthrough) {
|
|
1672
1672
|
throw createError({ statusCode: 404 });
|
|
1673
1673
|
}
|
|
@@ -2145,10 +2145,10 @@ function cachedFn(fn) {
|
|
|
2145
2145
|
}
|
|
2146
2146
|
function _decodePath(url) {
|
|
2147
2147
|
const qIndex = url.indexOf("?");
|
|
2148
|
-
|
|
2149
|
-
|
|
2150
|
-
|
|
2151
|
-
return
|
|
2148
|
+
const path = qIndex === -1 ? url : url.slice(0, qIndex);
|
|
2149
|
+
const query = qIndex === -1 ? "" : url.slice(qIndex);
|
|
2150
|
+
const decodedPath = path.includes("%25") ? decodePath(path.replace(/%25/g, "%2525")) : decodePath(path);
|
|
2151
|
+
return decodedPath + query;
|
|
2152
2152
|
}
|
|
2153
2153
|
function websocketOptions(evResolver, appOptions) {
|
|
2154
2154
|
return {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "h3",
|
|
3
|
-
"version": "1.15.
|
|
3
|
+
"version": "1.15.9",
|
|
4
4
|
"description": "Minimal H(TTP) framework built for high performance and portability.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": "h3js/h3",
|
|
@@ -45,10 +45,10 @@
|
|
|
45
45
|
"devDependencies": {
|
|
46
46
|
"0x": "^6.0.0",
|
|
47
47
|
"@types/express": "^5.0.6",
|
|
48
|
-
"@types/node": "^25.
|
|
48
|
+
"@types/node": "^25.5.0",
|
|
49
49
|
"@types/supertest": "^7.2.0",
|
|
50
50
|
"@typescript/native-preview": "latest",
|
|
51
|
-
"@vitest/coverage-v8": "^4.0
|
|
51
|
+
"@vitest/coverage-v8": "^4.1.0",
|
|
52
52
|
"autocannon": "^8.0.0",
|
|
53
53
|
"automd": "^0.4.3",
|
|
54
54
|
"changelogen": "^0.6.2",
|
|
@@ -57,7 +57,7 @@
|
|
|
57
57
|
"eslint-config-unjs": "^0.6.2",
|
|
58
58
|
"express": "^5.2.1",
|
|
59
59
|
"get-port": "^7.1.0",
|
|
60
|
-
"h3": "^1.15.
|
|
60
|
+
"h3": "^1.15.8",
|
|
61
61
|
"jiti": "^2.6.1",
|
|
62
62
|
"listhen": "^1.9.0",
|
|
63
63
|
"node-fetch-native": "^1.6.7",
|
|
@@ -67,8 +67,8 @@
|
|
|
67
67
|
"supertest": "^7.2.2",
|
|
68
68
|
"typescript": "^5.9.3",
|
|
69
69
|
"unbuild": "^3.6.1",
|
|
70
|
-
"undici": "^7.
|
|
71
|
-
"vitest": "^4.0
|
|
70
|
+
"undici": "^7.24.4",
|
|
71
|
+
"vitest": "^4.1.0",
|
|
72
72
|
"zod": "^4.3.6"
|
|
73
73
|
},
|
|
74
74
|
"resolutions": {
|