Skip to content

[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open

[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3 #1

wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Jul 28, 2021

Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-06-18.
Release notes
Package name: @cloudflare/kv-asset-handler
  • 0.1.3 - 2021-06-18

    • Performance

      • Only parse ASSET_MANIFEST once on startup - Cherry, pull/185

        This PR improves performance of the getAssetFromKV function by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:

        Before change:
        100 iterations: Done. Mean kv response time is 16.61
        1000 iterations: Done. Mean kv response time is 17.798
        After change:
        100 iterations: Done. Mean kv response time is 6.62
        1000 iterations: Done. Mean kv response time is 7.296

        Initial work and credit to groenlid in pull/143.

    • Fixes

      • ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188

        This PR fixes the library from crashing when global environment variables such as __STATIC_CONTENT and __STATIC_CONTENT_MANIFEST are missing, which is currently the case when using the new ESM module syntax.

        Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.

    • Maintenance

      • Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185

        This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs prettier to maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.

      • Add test for mapRequestToAsset asset override - Cherry, pull/186

        This PR adds a test for the functionality added in pull/159. This tests that when overriding the mapRequestToAsset function in its entirety, this function is always run.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged:

        • Bump @ types/node from 15.3.1 to 15.6.0 (pull/183)
        • Bump @ types/node from 15.6.0 to 15.6.1 (pull/184)
        • Bump @ types/node from 15.6.1 to 15.9.0 (pull/189)
        • Bump @ types/node from 15.9.0 to 15.12.0 (pull/190)
        • Bump @ types/node from 15.12.0 to 15.12.1 (pull/191)
        • Bump @ types/node from 15.12.1 to 15.12.2 (pull/193)
        • Bump typescript from 4.2.4 to 4.3.2 (pull/187)
        • Bump prettier from 2.3.0 to 2.3.1 (pull/192)
  • 0.1.2 - 2021-05-24

    • Features

      • Support for defaultDocument configuration - boemekeld, pull/161

        This PR adds support for customizing the defaultDocument option in getAssetFromKV. In situations where a project does not use index.html as the default document for a path, this can now be customized to values like index.shtm:

        return getAssetFromKV(event, { 
  defaultDocument: "index.shtm"
})

    • Fixes

      • Fire mapRequestToAsset for all requests, if explicitly defined - Cherry, pull/159

        This PR fixes an issue where a custom mapRequestToAsset handler weren't fired if a matching asset path was found in ASSET_MANIFEST data. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in the ASSET_MANIFEST.

        Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the ASSET_MANIFEST. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.

      • Etag logic refactor - shagamemnon, pull/133

        This PR refactors a great deal of the Etag functionality introduced in 0.0.11. kv-asset-handler will now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.

      • Fix path decoding issue - xiaolanglanglang, pull/142

        This PR improves support for non-alphanumeric character paths in kv-asset-handler, for instance, if the path requested is in Chinese.

      • Check HTTP method after mapRequestToAsset - oliverpool, pull/178

        This PR fixes an issue where the HTTP method for an asset is checked before the mapRequestToAsset handler is called. This has caused issues for users in the past, where they need to generate a requestKey based on an asset path, even if the request method is not GET. This fixes issue/151.

    • Maintenance

      • Add Markdown linting workflow to GitHub Actions - jbampton, pull/135

        Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other .md files in the source code.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged since our last release:

        • Bump @ types/node from 15.30.0 to 15.30.1 (pull/180)
        • Bump hosted-git-info from 2.8.8 to 2.8.9 (pull/176)
        • Bump ini from 1.3.5 to 1.3.8 (pull/160)
        • Bump lodash from 4.17.19 to 4.17.21 (pull/175)
        • Bump urijs from 1.19.2 to 1.19.6 (pull/168)
        • Bump y18n from 4.0.0 to 4.0.1 (pull/173)

      • Repository maintenance - Cherry, pull/179

        New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.

    • Documentation

      • Update README.md - signalnerve, pull/177

        This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server

      • Add instructions for updating version in related repos - caass, [pull/171]

        This PR adds instructions for updating the kv-asset-handler version in related repositories, such as our templates, that use kv-asset-handler and are exposed to end-users of Wrangler and Workers.

  • 0.1.1 - 2021-03-15

    0.1.1

  • 0.1.0 - 2020-12-02

    0.1.0

  • 0.0.12 - 2020-09-02

    • Features

      • Add defaultMimeType option to getAssetFromKV - mgrahamjo, pull/121

        Some static website owners prefer not to create all of their web routes as directories containing index.html files. Instead, they prefer to create pages as extensionless HTML files. Providing a defaultMimeType option will allow users to set the Content-Type header for extensionless files to text/html, which will enable this use case.

      • Add defaultMimeType to types - [shagamemnon], pull/132

        Adds the newly added defaultMimeType to the exported types for this package.

    • Fixes

      • Fix text/ charset - EatonZ, pull/130*

        Adds a missing - to the utf-8 charset value in response mime types.

      • Cache handling for HEAD requests - klittlepage, pull/141

        This PR skips caching for incoming HEAD requests, as they should not be able to be edge cached.

    • Maintenance

from @cloudflare/kv-asset-handler GitHub release notes
Commit messages
Package name: @cloudflare/kv-asset-handler

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@github-actions
Copy link

github-actions bot commented Nov 3, 2025

Hey there, this pull request has been automatically marked as stale because it has not had recent activity. It will be auto-closed after and additional 10 days of inactivity. If you need it open for longer, add the label stale-exempt.

@github-actions github-actions bot added the Stale label Nov 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot