h3 2.0.1-rc.21 → 2.0.1-rc.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,4 @@
1
- import { C as DynamicEventHandler, D as EventHandlerRequest, E as EventHandlerObject, F as Middleware, L as MaybePromise$1, M as HTTPHandler, N as InferEventInput, O as EventHandlerResponse, R as TypedRequest, S as HTTPError, Y as CookieSerializeOptions, a as H3EventContext, b as ErrorDetails, d as H3RouteMeta, f as HTTPMethod, i as HTTPEvent, j as FetchableObject, k as EventHandlerWithFetch, l as H3Plugin, o as H3$1, r as H3Event, s as H3Config, t as H3, w as EventHandler } from "./h3-D76FUMrE.mjs";
1
+ import { CookieSerializeOptions, DynamicEventHandler, ErrorDetails, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResponse, EventHandlerWithFetch, FetchableObject, H3, H3$1, H3Config, H3Event, H3EventContext, H3Plugin, H3RouteMeta, HTTPError, HTTPEvent, HTTPHandler, HTTPMethod, InferEventInput, MaybePromise as MaybePromise$1, Middleware, TypedRequest } from "./h3.mjs";
2
2
  import { NodeServerRequest, NodeServerResponse, ServerRequest, ServerRequestContext } from "srvx";
3
3
  import { Hooks, Hooks as WebSocketHooks, Message as WebSocketMessage, Peer, Peer as WebSocketPeer } from "crossws";
4
4
 
@@ -249,7 +249,7 @@ declare function getValidatedRouterParams<Event extends HTTPEvent, OutputT, Inpu
249
249
  /**
250
250
  * Get a matched route param by name.
251
251
  *
252
- * If `decode` option is `true`, it will decode the matched route param using `decodeURI`.
252
+ * If `decode` option is `true`, it will decode the matched route param using `decodeURIComponent`.
253
253
  *
254
254
  * @example
255
255
  * app.get("/", (event) => {
@@ -308,7 +308,7 @@ declare function getRequestHost(event: HTTPEvent, opts?: {
308
308
  /**
309
309
  * Get the request protocol.
310
310
  *
311
- * If `x-forwarded-proto` header is set to "https", it will return "https". You can disable this behavior by setting `xForwardedProto` to `false`.
311
+ * If `x-forwarded-proto` header is set to "https", it will return "https". If the header contains a comma-separated list of protocols, the first entry is used. You can disable this behavior by setting `xForwardedProto` to `false`.
312
312
  *
313
313
  * If protocol cannot be determined, it will default to "http".
314
314
  *
@@ -493,6 +493,19 @@ interface ProxyOptions {
493
493
  cookieDomainRewrite?: string | Record<string, string>;
494
494
  cookiePathRewrite?: string | Record<string, string>;
495
495
  onResponse?: (event: H3Event, response: Response) => void | Promise<void>;
496
+ /**
497
+ * Control how a client disconnect is handled.
498
+ *
499
+ * The incoming request's abort signal (`event.req.signal`) is always forwarded
500
+ * to the proxied request, so a client disconnect aborts the upstream request
501
+ * and releases its connection. By default the resulting abort is handled
502
+ * quietly with a `499 Client Closed Request` response (never delivered, since
503
+ * the client is already gone) rather than logged as a `502` gateway error.
504
+ *
505
+ * Set this to `true` to instead let the `AbortError` propagate to your handler
506
+ * (e.g. to run cleanup). This also applies to a custom `fetchOptions.signal`.
507
+ */
508
+ propagateAbortError?: boolean;
496
509
  }
497
510
  /**
498
511
  * Proxy the incoming request to a target URL.
@@ -500,11 +513,24 @@ interface ProxyOptions {
500
513
  * If the `target` starts with `/`, the request is handled internally by the app router
501
514
  * via `event.app.fetch()` instead of making an external HTTP request.
502
515
  *
516
+ * The request body is streamed to the target without buffering. Per the Fetch
517
+ * standard, a request body can only be consumed once, so reading it beforehand
518
+ * (e.g. via `readBody()`, `readFormData()`, or body-reading middleware) locks
519
+ * the stream and proxying fails. If you need to inspect the body and still
520
+ * proxy it, read from a clone and leave the original event untouched.
521
+ *
503
522
  * **Security:** Never pass unsanitized user input as the `target`. Callers are
504
523
  * responsible for validating and restricting the target URL (e.g. allowlisting
505
524
  * hosts, blocking internal paths, enforcing protocol). Consider using
506
525
  * `bodyLimit()` middleware to prevent large request bodies from consuming
507
526
  * excessive resources when proxying untrusted input.
527
+ *
528
+ * @example
529
+ * app.all("/proxy", async (event) => {
530
+ * const body = await event.req.clone().json(); // read from the clone
531
+ * // ...inspect body...
532
+ * return proxyRequest(event, "/target"); // original stream still intact
533
+ * });
508
534
  */
509
535
  declare function proxyRequest(event: H3Event, target: string, opts?: ProxyOptions): Promise<HTTPResponse>;
510
536
  /**
@@ -537,20 +563,41 @@ declare function getProxyRequestHeaders(event: H3Event, opts?: {
537
563
  * responsible for validating and restricting the URL.
538
564
  */
539
565
  declare function fetchWithEvent(event: H3Event, url: string, init?: RequestInit): Promise<Response>;
566
+ interface ReadBodyOptions {
567
+ /**
568
+ * Force a parser instead of inferring it from the request `Content-Type`.
569
+ *
570
+ * - `"json"` (default): parse as JSON.
571
+ * - `"text"`: return the raw string body.
572
+ * - `"urlencoded"`: parse as `application/x-www-form-urlencoded`.
573
+ * - `"formData"`: parse as `multipart/form-data` (or url-encoded) form data.
574
+ */
575
+ type?: "json" | "text" | "urlencoded" | "formData";
576
+ }
540
577
  /**
541
578
  * Reads request body and tries to parse using JSON.parse or URLSearchParams.
542
579
  *
580
+ * By default the body is parsed as JSON (falling back to URL-encoded parsing
581
+ * when the `Content-Type` is `application/x-www-form-urlencoded`). Other body
582
+ * types, such as `multipart/form-data`, must be opted into explicitly via
583
+ * `options.type` and are never auto-detected from the request headers.
584
+ *
543
585
  * @example
544
- * app.get("/", async (event) => {
586
+ * app.post("/", async (event) => {
545
587
  * const body = await readBody(event);
546
588
  * });
589
+ * @example
590
+ * app.post("/upload", async (event) => {
591
+ * const body = await readBody(event, { type: "formData" });
592
+ * });
547
593
  *
548
594
  * @param event H3 event passed by h3 handler
549
- * @param encoding The character encoding to use, defaults to 'utf-8'.
595
+ * @param options Parsing options. Set `type` to force a parser instead of
596
+ * inferring it from the request `Content-Type`.
550
597
  *
551
- * @return {*} The `Object`, `Array`, `String`, `Number`, `Boolean`, or `null` value corresponding to the request JSON body
598
+ * @return {*} The `Object`, `Array`, `String`, `Number`, `Boolean`, or `null` value corresponding to the request body
552
599
  */
553
- declare function readBody<T, _Event extends HTTPEvent = HTTPEvent, _T = InferEventInput<"body", _Event, T>>(event: _Event): Promise<undefined | _T>;
600
+ declare function readBody<T, _Event extends HTTPEvent = HTTPEvent, _T = InferEventInput<"body", _Event, T>>(event: _Event, options?: ReadBodyOptions): Promise<undefined | _T>;
554
601
  declare function readValidatedBody<Event extends HTTPEvent, S extends StandardSchemaV1>(event: Event, validate: S, options?: {
555
602
  onError?: (result: FailureResult) => ErrorDetails;
556
603
  }): Promise<InferOutput<S>>;
@@ -675,6 +722,7 @@ declare class EventStream {
675
722
  private _unsentData;
676
723
  private _disposed;
677
724
  private _handled;
725
+ private get _isClosed();
678
726
  constructor(event: H3Event, opts?: EventStreamOptions);
679
727
  /**
680
728
  * Publish new event(s) for the client
@@ -803,6 +851,62 @@ interface CacheConditions {
803
851
  * @returns `true` when cache headers are matching. When `true` is returned, no response should be sent anymore
804
852
  */
805
853
  declare function handleCacheHeaders(event: H3Event, opts: CacheConditions): boolean;
854
+ interface ResolveDotSegmentsOptions {
855
+ /**
856
+ * Also decode percent-encoded path separators (`%2f`, `%5c`) into real `/`
857
+ * segment boundaries before resolving `.`/`..`.
858
+ *
859
+ * `event.url.pathname` never decodes `%2f` on its own, because doing so
860
+ * would change how many segments a path has and therefore which route
861
+ * matches — a correctness concern for dispatch, not just a security one
862
+ * (e.g. `/files/:id` may rely on `%2F` to keep an id with a literal slash
863
+ * as one opaque segment). So never use the result for routing/dispatch.
864
+ *
865
+ * Enable this for any out-of-band scope/security check whose result is
866
+ * later handed to something that collapses `%2f` back to `/` on its own —
867
+ * which is the common case, not an exotic one: an ordinary reverse proxy
868
+ * (e.g. nginx with a trailing-slash `proxy_pass`) decodes `%2f`→`/` on every
869
+ * request, so an encoded separator that dodges a narrower rule at match time
870
+ * then escapes it downstream. If a scope check feeds a proxy or redirect
871
+ * target, you almost certainly want this on.
872
+ *
873
+ * Decoding is pessimistic but bounded: it collapses a separator nested as
874
+ * repeated whole `%25` prefixes (`%252f`, `%25252f`, ...) at any depth, so a
875
+ * downstream that keeps `%25`-re-encoding and decoding cannot smuggle one
876
+ * past. It does NOT catch a separator whose own hex digits are themselves
877
+ * percent-encoded (`%25%32%66` → `%2f` → `/` after two decodes) — and that
878
+ * form can appear even in an already-once-decoded pathname (from wire
879
+ * `%2525%2532%2566`), so once-decoded input is not by itself sufficient.
880
+ * Treat this as covering the common `%25`-nesting case, not as an absolute
881
+ * guarantee against every multi-decode chain. Other escapes (e.g. `%20`) are
882
+ * never decoded.
883
+ *
884
+ * @default false
885
+ */
886
+ decodeSlashes?: boolean;
887
+ }
888
+ /**
889
+ * Resolve `.` and `..` segments in a path, without ever escaping above the
890
+ * root `/`. The result is always an absolute path with a single leading `/`,
891
+ * so it can never be protocol-relative (`//host`).
892
+ *
893
+ * Also decodes percent-encoded dot segments at any `%25`-nesting depth
894
+ * (`%2e`, `%252e`, ...) and normalizes `\` to `/`, so encoded or
895
+ * backslash-based traversal (e.g. `%2e%2e/`, `..\..\`) is caught the same
896
+ * way as a literal `../`.
897
+ *
898
+ * `%2f`/`%5c` (encoded path separators) are left untouched by default — see
899
+ * {@link ResolveDotSegmentsOptions.decodeSlashes}.
900
+ *
901
+ * Only `.`/`..` resolution and the decodes above alter the string; every other
902
+ * percent-encoding (`%20`, non-ASCII, `%3A`, and any `%2e` not forming a whole
903
+ * segment) is left intact, so the result stays in the same representation as an
904
+ * un-decoded `event.url.pathname` and matches routes/rules consistently.
905
+ * Interior empty segments are preserved (`/a//b` stays `/a//b`, per WHATWG URL
906
+ * normalization) — only the leading slash is guaranteed single, so a consumer
907
+ * doing exact prefix matching should normalize its allowlist the same way.
908
+ */
909
+ declare function resolveDotSegments(path: string, opts?: ResolveDotSegmentsOptions): string;
806
910
  interface StaticAssetMeta {
807
911
  type?: string;
808
912
  etag?: string;
@@ -1030,17 +1134,36 @@ interface RequestFingerprintOptions {
1030
1134
  */
1031
1135
  declare function getRequestFingerprint(event: HTTPEvent, opts?: RequestFingerprintOptions): Promise<string | null>;
1032
1136
  /**
1033
- * Define WebSocket hooks.
1137
+ * The `426 Upgrade Required` response returned by `defineWebSocketHandler()`
1138
+ * for WebSocket upgrade requests, augmented with the `crossws` hooks that
1139
+ * were attached to it. Adapters (like the crossws `serve()` plugin) read
1140
+ * `crossws` off this response to wire up the platform-specific WebSocket
1141
+ * upgrade.
1034
1142
  *
1035
- * @see https://h3.dev/guide/websocket
1143
+ * `crossws` is always the resolved hooks object: when the handler is defined
1144
+ * with an async hooks factory, `defineWebSocketHandler()` awaits it before
1145
+ * attaching it to the response.
1036
1146
  */
1037
- declare function defineWebSocket(hooks: Partial<Hooks>): Partial<Hooks>;
1147
+ type WebSocketResponse = Response & {
1148
+ crossws?: Partial<Hooks>;
1149
+ };
1038
1150
  /**
1039
- * Define WebSocket event handler.
1151
+ * Define WebSocket hooks.
1152
+ *
1153
+ * @example
1154
+ * const hooks = defineWebSocket({
1155
+ * open: (peer) => peer.send("Welcome!"),
1156
+ * message: (peer, message) => peer.send(message.text()),
1157
+ * close: (peer) => console.log("closed", peer),
1158
+ * });
1040
1159
  *
1041
1160
  * @see https://h3.dev/guide/websocket
1042
1161
  */
1043
- declare function defineWebSocketHandler(hooks: Partial<Hooks> | ((event: H3Event) => Partial<Hooks> | Promise<Partial<Hooks>>)): EventHandler;
1162
+ declare function defineWebSocket(hooks: Partial<Hooks>): Partial<Hooks>;
1163
+ declare function defineWebSocketHandler(hooks: Partial<Hooks>): EventHandler<EventHandlerRequest, WebSocketResponse>;
1164
+ declare function defineWebSocketHandler(hooks: (event: H3Event) => Partial<Hooks> | Promise<Partial<Hooks>>): EventHandler<EventHandlerRequest, EventHandlerResponse<WebSocketResponse>>;
1165
+ declare function defineWebSocketHandler<Http extends EventHandler>(hooks: Partial<Hooks>, http: Http): EventHandler<EventHandlerRequest, WebSocketResponse | ReturnType<Http>>;
1166
+ declare function defineWebSocketHandler<Http extends EventHandler>(hooks: (event: H3Event) => Partial<Hooks> | Promise<Partial<Hooks>>, http: Http): EventHandler<EventHandlerRequest, EventHandlerResponse<WebSocketResponse> | ReturnType<Http>>;
1044
1167
  /**
1045
1168
  * JSON-RPC 2.0 Interfaces based on the specification.
1046
1169
  * https://www.jsonrpc.org/specification
@@ -1267,4 +1390,4 @@ declare const createApp: (config?: H3Config) => H3;
1267
1390
  declare const createRouter: (config?: H3Config) => H3;
1268
1391
  /** @deprecated Please use `withBase()` */
1269
1392
  declare const useBase: (base: string, input: EventHandler | H3) => EventHandler;
1270
- export { JsonRpcWebSocketMethod as $, noContent as $t, readFormDataBody as A, defineMiddleware as An, createEventStream as At, setHeader as B, mockEvent as Bn, readBody as Bt, getResponseHeader as C, defineNodeMiddleware as Cn, handleCacheHeaders as Ct, isError as D, HTTPResponse as Dn, withServerTiming as Dt, getResponseStatusText as E, toWebHandler as En, setServerTiming as Et, sendNoContent as F, dynamicEventHandler as Fn, getValidatedCookies as Ft, toNodeHandler as G, proxy as Gt, setResponseHeader as H, ProxyOptions as Ht, sendProxy as I, toEventHandler as In, parseCookies as It, JsonRpcError as J, onError as Jt, toNodeListener as K, proxyRequest as Kt, sendRedirect as L, getEventContext as Ln, setChunkedCookie as Lt, readRawBody as M, defineHandler as Mn, deleteCookie as Mt, removeResponseHeader as N, defineLazyEventHandler as Nn, getChunkedCookie as Nt, lazyEventHandler as O, toResponse as On, EventStreamMessage as Ot, sendIterable as P, defineValidatedHandler as Pn, getCookie as Pt, JsonRpcResponse as Q, iterable as Qt, sendStream as R, isEvent as Rn, setCookie as Rt, getRequestWebStream as S, defineNodeHandler as Sn, CacheConditions as St, getResponseStatus as T, fromWebHandler as Tn, sanitizeStatusMessage as Tt, setResponseHeaders as U, fetchWithEvent as Ut, setHeaders as V, readValidatedBody as Vt, setResponseStatus as W, getProxyRequestHeaders as Wt, JsonRpcParams as X, onResponse as Xt, JsonRpcMethod as Y, onRequest as Yt, JsonRpcRequest as Z, html as Zt, getHeaders as _, RouteDefinition as _n, isCorsOriginAllowed as _t, appendResponseHeaders as a, getRequestHost as an, defineWebSocket as at, getRequestHeaders as b, NodeHandler as bn, StaticAssetMeta as bt, createError as c, getRequestURL as cn, getRequestFingerprint as ct, defineEventHandler as d, getValidatedQuery as dn, requireBasicAuth as dt, redirect as en, defineJsonRpcHandler as et, defineNodeListener as f, getValidatedRouterParams as fn, CorsOptions as ft, getHeader as g, toRequest as gn, isPreflightRequest as gt, getBodyStream as h, requestWithURL as hn, handleCors as ht, appendResponseHeader as i, getQuery as in, WebSocketPeer as it, readMultipartFormData as j, toMiddleware as jn, deleteChunkedCookie as jt, readFormData as k, callMiddleware as kn, EventStreamOptions as kt, createRouter as l, getRouterParam as ln, BasicAuthOptions as lt, fromNodeMiddleware as m, requestWithBaseURL as mn, appendCorsPreflightHeaders as mt, appendHeader as n, writeEarlyHints as nn, WebSocketHooks as nt, clearResponseHeaders as o, getRequestIP as on, defineWebSocketHandler as ot, eventHandler as p, isMethod as pn, appendCorsHeaders as pt, useBase as q, bodyLimit as qt, appendHeaders as r, assertMethod as rn, WebSocketMessage as rt, createApp as s, getRequestProtocol as sn, RequestFingerprintOptions as st, H3Error as t, redirectBack as tn, defineJsonRpcWebSocketHandler as tt, defaultContentType as u, getRouterParams as un, basicAuth as ut, getMethod as v, defineRoute as vn, withBase as vt, getResponseHeaders as w, fromNodeHandler as wn, sanitizeStatusCode as wt, getRequestPath as x, NodeMiddleware as xn, serveStatic as xt, getRequestHeader as y, removeRoute as yn, ServeStaticOptions as yt, sendWebResponse as z, isHTTPEvent as zn, assertBodySize as zt };
1393
+ export { BasicAuthOptions, CacheConditions, CorsOptions, EventStreamMessage, EventStreamOptions, H3Error, HTTPResponse, JsonRpcError, JsonRpcMethod, JsonRpcParams, JsonRpcRequest, JsonRpcResponse, JsonRpcWebSocketMethod, NodeHandler, NodeMiddleware, ProxyOptions, ReadBodyOptions, RequestFingerprintOptions, ResolveDotSegmentsOptions, RouteDefinition, ServeStaticOptions, StaticAssetMeta, type WebSocketHooks, type WebSocketMessage, type WebSocketPeer, WebSocketResponse, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertBodySize, assertMethod, basicAuth, bodyLimit, callMiddleware, clearResponseHeaders, createApp, createError, createEventStream, createRouter, defaultContentType, defineEventHandler, defineHandler, defineJsonRpcHandler, defineJsonRpcWebSocketHandler, defineLazyEventHandler, defineMiddleware, defineNodeHandler, defineNodeListener, defineNodeMiddleware, defineRoute, defineValidatedHandler, defineWebSocket, defineWebSocketHandler, deleteChunkedCookie, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeHandler, fromNodeMiddleware, fromWebHandler, getBodyStream, getChunkedCookie, getCookie, getEventContext, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getValidatedCookies, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, html, isCorsOriginAllowed, isError, isEvent, isHTTPEvent, isMethod, isPreflightRequest, iterable, lazyEventHandler, mockEvent, noContent, onError, onRequest, onResponse, parseCookies, proxy, proxyRequest, readBody, readFormData, readFormDataBody, readMultipartFormData, readRawBody, readValidatedBody, redirect, redirectBack, removeResponseHeader, removeRoute, requestWithBaseURL, requestWithURL, requireBasicAuth, resolveDotSegments, sanitizeStatusCode, sanitizeStatusMessage, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setChunkedCookie, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, setServerTiming, toEventHandler, toMiddleware, toNodeHandler, toNodeListener, toRequest, toResponse, toWebHandler, useBase, withBase, withServerTiming, writeEarlyHints };
@@ -1,4 +1,4 @@
1
- import { l as H3Plugin, r as H3Event } from "./h3-D76FUMrE.mjs";
1
+ import { EventHandler, H3Event, H3Plugin } from "./h3.mjs";
2
2
 
3
3
  interface TracingRequestEvent {
4
4
  type: "middleware" | "route";
@@ -21,4 +21,14 @@ interface TracingPluginOptions {
21
21
  * Enables tracing for H3 apps.
22
22
  */
23
23
  declare function tracingPlugin(traceOpts?: TracingPluginOptions): H3Plugin;
24
- export { TracingPluginOptions, TracingRequestEvent, tracingPlugin };
24
+ /**
25
+ * Wraps an event handler so its execution is traced via the `h3.request`
26
+ * diagnostics channel with `type: "route"`. Intended to be called once per
27
+ * handler at initialization time (e.g. during codegen or module load), not
28
+ * per request.
29
+ *
30
+ * Returns the handler unchanged when `diagnostics_channel` is unavailable
31
+ * or the handler is already traced.
32
+ */
33
+ declare function wrapHandlerWithTracing(handler: EventHandler): EventHandler;
34
+ export { TracingPluginOptions, TracingRequestEvent, tracingPlugin, wrapHandlerWithTracing };
package/dist/tracing.mjs CHANGED
@@ -1,4 +1,3 @@
1
- import "./h3-DagAgogP.mjs";
2
1
  function tracingPlugin(traceOpts) {
3
2
  return (h3) => {
4
3
  const { tracingChannel } = globalThis.process?.getBuiltinModule?.("diagnostics_channel") ?? {};
@@ -73,4 +72,18 @@ function tracingPlugin(traceOpts) {
73
72
  return h3;
74
73
  };
75
74
  }
76
- export { tracingPlugin };
75
+ function wrapHandlerWithTracing(handler) {
76
+ const { tracingChannel } = globalThis.process?.getBuiltinModule?.("diagnostics_channel") ?? {};
77
+ if (!tracingChannel) return handler;
78
+ if (handler.__traced__) return handler;
79
+ const channel = tracingChannel("h3.request");
80
+ const wrapped = (...args) => {
81
+ return channel.tracePromise(async () => handler(...args), {
82
+ event: args[0],
83
+ type: "route"
84
+ });
85
+ };
86
+ wrapped.__traced__ = true;
87
+ return wrapped;
88
+ }
89
+ export { tracingPlugin, wrapHandlerWithTracing };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "h3",
3
- "version": "2.0.1-rc.21",
3
+ "version": "2.0.1-rc.23",
4
4
  "description": "Minimal H(TTP) framework built for high performance and portability.",
5
5
  "homepage": "https://h3.dev",
6
6
  "license": "MIT",
@@ -49,51 +49,51 @@
49
49
  "test": "pnpm lint && vitest --run --coverage"
50
50
  },
51
51
  "dependencies": {
52
- "rou3": "^0.8.1",
53
- "srvx": "^0.11.15"
52
+ "rou3": "^0.9.0",
53
+ "srvx": "^0.11.21"
54
54
  },
55
55
  "devDependencies": {
56
- "@happy-dom/global-registrator": "^20.9.0",
56
+ "@happy-dom/global-registrator": "^20.10.6",
57
57
  "@mitata/counters": "^0.0.8",
58
58
  "@types/connect": "^3.4.38",
59
59
  "@types/express": "^5.0.6",
60
- "@types/node": "^25.6.0",
61
- "@types/react": "^19.2.14",
60
+ "@types/node": "^26.1.0",
61
+ "@types/react": "^19.2.17",
62
62
  "@types/react-dom": "^19.2.3",
63
- "@typescript/native-preview": "^7.0.0-dev.20260429.1",
64
- "@vitest/coverage-v8": "^4.1.5",
63
+ "@typescript/native-preview": "latest",
64
+ "@vitest/coverage-v8": "^4.1.9",
65
65
  "automd": "^0.4.3",
66
66
  "changelogen": "^0.6.2",
67
67
  "connect": "^3.7.0",
68
68
  "cookie-es": "^3.1.1",
69
- "crossws": "^0.4.5",
70
- "elysia": "^1.4.28",
71
- "esbuild": "^0.28.0",
69
+ "crossws": "^0.4.9",
70
+ "elysia": "^1.4.29",
71
+ "esbuild": "^0.28.1",
72
72
  "express": "^5.2.1",
73
73
  "fetchdts": "^0.1.7",
74
74
  "get-port-please": "^3.2.0",
75
- "h3": "^2.0.1-rc.20",
76
- "h3-nightly": "^2.0.0-20260429-110804-351b2aa",
77
- "happy-dom": "^20.9.0",
78
- "hono": "^4.12.15",
75
+ "h3": "workspace:*",
76
+ "h3-nightly": "latest",
77
+ "happy-dom": "^20.10.6",
78
+ "hono": "^4.12.27",
79
79
  "magic-string": "^0.30.21",
80
80
  "mdzilla": "^0.2.1",
81
- "memoirist": "^0.4.0",
81
+ "memoirist": "^1.1.0",
82
82
  "mitata": "^1.0.34",
83
- "obuild": "^0.4.33",
84
- "oxc-parser": "^0.128.0",
85
- "oxfmt": "^0.47.0",
86
- "oxlint": "^1.62.0",
87
- "oxlint-tsgolint": "^0.22.1",
88
- "react": "^19.2.5",
89
- "react-dom": "^19.2.5",
83
+ "obuild": "^0.4.37",
84
+ "oxc-parser": "^0.138.0",
85
+ "oxfmt": "^0.57.0",
86
+ "oxlint": "^1.72.0",
87
+ "oxlint-tsgolint": "^0.24.0",
88
+ "react": "^19.2.7",
89
+ "react-dom": "^19.2.7",
90
90
  "typescript": "^6.0.3",
91
- "vite": "^8.0.10",
92
- "vitest": "^4.1.5",
93
- "zod": "^4.3.6"
91
+ "vite": "^8.1.3",
92
+ "vitest": "^4.1.9",
93
+ "zod": "^4.4.3"
94
94
  },
95
95
  "peerDependencies": {
96
- "crossws": "^0.4.1"
96
+ "crossws": "^0.4.9"
97
97
  },
98
98
  "peerDependenciesMeta": {
99
99
  "crossws": {
@@ -107,5 +107,5 @@
107
107
  "engines": {
108
108
  "node": ">=20.11.1"
109
109
  },
110
- "packageManager": "pnpm@10.33.2"
110
+ "packageManager": "pnpm@11.9.0"
111
111
  }
@@ -1,4 +0,0 @@
1
- function definePlugin(def) {
2
- return ((opts) => (h3) => def(h3, opts));
3
- }
4
- export { definePlugin as t };