vite 4.5.12 → 4.5.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/node/chunks/{dep-845e3752.js → dep-42dae6ba.js} +23 -2
  2. package/dist/node/chunks/{dep-faa9987b.js → dep-6e2b5186.js} +1 -1
  3. package/dist/node/chunks/{dep-5215c85e.js → dep-e967375e.js} +1 -1
  4. package/dist/node/cli.js +5 -5
  5. package/dist/node/index.js +2 -2
  6. package/package.json +1 -1
package/dist/node/chunks/{dep-845e3752.js → dep-42dae6ba.js} RENAMED
@@ -38995,8 +38995,8 @@ function createCachedImport(imp) {
38995
38995
  return cached;
38996
38996
  };
38997
38997
  }
38998
- const importPostcssImport = createCachedImport(() => import('./dep-faa9987b.js').then(function (n) { return n.i; }));
38999
- const importPostcssModules = createCachedImport(() => import('./dep-5215c85e.js').then(function (n) { return n.i; }));
38998
+ const importPostcssImport = createCachedImport(() => import('./dep-6e2b5186.js').then(function (n) { return n.i; }));
38999
+ const importPostcssModules = createCachedImport(() => import('./dep-e967375e.js').then(function (n) { return n.i; }));
39000
39000
  const importPostcss = createCachedImport(() => import('postcss'));
39001
39001
  /**
39002
39002
  * @experimental
@@ -65258,6 +65258,25 @@ class ModuleGraph {
65258
65258
  }
65259
65259
  }
65260
65260
 
65261
+ function rejectInvalidRequestMiddleware() {
65262
+ // Keep the named function. The name is visible in debug logs via `DEBUG=connect:dispatcher ...`
65263
+ return function viteRejectInvalidRequestMiddleware(req, res, next) {
65264
+ // HTTP spec does not allow `#` in the request-target
65265
+ // (HTTP 1.1: https://datatracker.ietf.org/doc/html/rfc9112#section-3.2)
65266
+ // (HTTP 2: https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1-2.4.1)
65267
+ // But Node.js allows those requests.
65268
+ // Our middlewares don't expect `#` to be included in `req.url`, especially the `server.fs.deny` checks.
65269
+ if (req.url?.includes('#')) {
65270
+ // HTTP 1.1 spec recommends sending 400 Bad Request
65271
+ // (https://datatracker.ietf.org/doc/html/rfc9112#section-3.2-4)
65272
+ res.writeHead(400);
65273
+ res.end();
65274
+ return;
65275
+ }
65276
+ return next();
65277
+ };
65278
+ }
65279
+
65261
65280
  function createServer(inlineConfig = {}) {
65262
65281
  return _createServer(inlineConfig, { ws: true });
65263
65282
  }
@@ -65473,6 +65492,8 @@ async function _createServer(inlineConfig = {}, options) {
65473
65492
  if (process.env.DEBUG) {
65474
65493
  middlewares.use(timeMiddleware(root));
65475
65494
  }
65495
+ // disallows request that contains `#` in the URL
65496
+ middlewares.use(rejectInvalidRequestMiddleware());
65476
65497
  // cors
65477
65498
  const { cors } = serverConfig;
65478
65499
  if (cors !== false) {
package/dist/node/chunks/{dep-faa9987b.js → dep-6e2b5186.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { E as getDefaultExportFromCjs } from './dep-845e3752.js';
1
+ import { E as getDefaultExportFromCjs } from './dep-42dae6ba.js';
2
2
  import require$$0 from 'path';
3
3
  import require$$0__default from 'fs';
4
4
  import { l as lib } from './dep-c423598f.js';
package/dist/node/chunks/{dep-5215c85e.js → dep-e967375e.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { F as commonjsGlobal, E as getDefaultExportFromCjs } from './dep-845e3752.js';
1
+ import { F as commonjsGlobal, E as getDefaultExportFromCjs } from './dep-42dae6ba.js';
2
2
  import require$$0__default from 'fs';
3
3
  import require$$0 from 'postcss';
4
4
  import require$$0$1 from 'path';
package/dist/node/cli.js CHANGED
@@ -2,7 +2,7 @@ import path from 'node:path';
2
2
  import fs from 'node:fs';
3
3
  import { performance } from 'node:perf_hooks';
4
4
  import { EventEmitter } from 'events';
5
- import { C as colors, D as bindShortcuts, x as createLogger, h as resolveConfig } from './chunks/dep-845e3752.js';
5
+ import { C as colors, D as bindShortcuts, x as createLogger, h as resolveConfig } from './chunks/dep-42dae6ba.js';
6
6
  import { VERSION } from './constants.js';
7
7
  import 'node:fs/promises';
8
8
  import 'node:url';
@@ -759,7 +759,7 @@ cli
759
759
  filterDuplicateOptions(options);
760
760
  // output structure is preserved even after bundling so require()
761
761
  // is ok here
762
- const { createServer } = await import('./chunks/dep-845e3752.js').then(function (n) { return n.I; });
762
+ const { createServer } = await import('./chunks/dep-42dae6ba.js').then(function (n) { return n.I; });
763
763
  try {
764
764
  const server = await createServer({
765
765
  root,
@@ -837,7 +837,7 @@ cli
837
837
  .option('-w, --watch', `[boolean] rebuilds when modules have changed on disk`)
838
838
  .action(async (root, options) => {
839
839
  filterDuplicateOptions(options);
840
- const { build } = await import('./chunks/dep-845e3752.js').then(function (n) { return n.H; });
840
+ const { build } = await import('./chunks/dep-42dae6ba.js').then(function (n) { return n.H; });
841
841
  const buildOptions = cleanOptions(options);
842
842
  try {
843
843
  await build({
@@ -865,7 +865,7 @@ cli
865
865
  .option('--force', `[boolean] force the optimizer to ignore the cache and re-bundle`)
866
866
  .action(async (root, options) => {
867
867
  filterDuplicateOptions(options);
868
- const { optimizeDeps } = await import('./chunks/dep-845e3752.js').then(function (n) { return n.G; });
868
+ const { optimizeDeps } = await import('./chunks/dep-42dae6ba.js').then(function (n) { return n.G; });
869
869
  try {
870
870
  const config = await resolveConfig({
871
871
  root,
@@ -892,7 +892,7 @@ cli
892
892
  .option('--outDir <dir>', `[string] output directory (default: dist)`)
893
893
  .action(async (root, options) => {
894
894
  filterDuplicateOptions(options);
895
- const { preview } = await import('./chunks/dep-845e3752.js').then(function (n) { return n.J; });
895
+ const { preview } = await import('./chunks/dep-42dae6ba.js').then(function (n) { return n.J; });
896
896
  try {
897
897
  const server = await preview({
898
898
  root,
package/dist/node/index.js CHANGED
@@ -1,5 +1,5 @@
1
- import { i as isInNodeModules } from './chunks/dep-845e3752.js';
2
- export { b as build, e as buildErrorMessage, v as createFilter, x as createLogger, c as createServer, g as defineConfig, f as formatPostcssSourceMap, k as getDepOptimizationConfig, m as isDepsOptimizerEnabled, z as isFileServingAllowed, l as loadConfigFromFile, A as loadEnv, u as mergeAlias, q as mergeConfig, n as normalizePath, o as optimizeDeps, a as preprocessCSS, p as preview, j as resolveBaseUrl, h as resolveConfig, B as resolveEnvPrefix, d as resolvePackageData, r as resolvePackageEntry, y as searchForWorkspaceRoot, w as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-845e3752.js';
1
+ import { i as isInNodeModules } from './chunks/dep-42dae6ba.js';
2
+ export { b as build, e as buildErrorMessage, v as createFilter, x as createLogger, c as createServer, g as defineConfig, f as formatPostcssSourceMap, k as getDepOptimizationConfig, m as isDepsOptimizerEnabled, z as isFileServingAllowed, l as loadConfigFromFile, A as loadEnv, u as mergeAlias, q as mergeConfig, n as normalizePath, o as optimizeDeps, a as preprocessCSS, p as preview, j as resolveBaseUrl, h as resolveConfig, B as resolveEnvPrefix, d as resolvePackageData, r as resolvePackageEntry, y as searchForWorkspaceRoot, w as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-42dae6ba.js';
3
3
  export { VERSION as version } from './constants.js';
4
4
  export { version as esbuildVersion } from 'esbuild';
5
5
  export { VERSION as rollupVersion } from 'rollup';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vite",
3
- "version": "4.5.12",
3
+ "version": "4.5.13",
4
4
  "type": "module",
5
5
  "license": "MIT",
6
6
  "author": "Evan You",