Update dependency sirv to v0.4.6 - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sirv	0.2.2 -> 0.4.6

---

Release Notes

lukeed/sirv

v0.4.6

Compare Source

NOTICE
This version patches a directory-traversal security vulnerability that exists in dev mode only. All users should update immediately, even if they don't think they're using --dev or opts.dev on live servers. There are no other changes in this release.

Patches

• Fixes dev mode security vulnerability (#​63): 1e0bac5
  Thank you @​marvinhagemeister~!

  As Marvin describes:

  This allows an attacker to traverse the file system outside of the specified directory.

  Let's say sirv was initialized to serve files from /foo/bar:

  sirv("/foo/bar");

  ...and an attacker makes a request to:

  GET /../../etc/passwd
  

  ...then they are able to download the contents of that file.

Chores

• Attach GitHub Actions: ea15d6a

• Update test runner: 2b965cd

• Update lerna version: 0b6de8d

v0.4.2

Compare Source

Patches

• Immediately fix regression for --single flag in "dev" mode: c73fd13

v0.4.1

Compare Source

Patches

• (sirv): Handle files without an extension correctly (#​26): b2e1baf
  Wrongly assumed all extensionless files were pathnames meant to be expanded.

• (sirv): Call return from for-loop directly: c39f0e4

v0.4.0

Compare Source

Breaking

• (sirv) Change opts.onNoMatch from (res) to (req, res): abe9d69
  Allowing the callback to consume the original request & response is more expected and flexible.

Patches

• Fix(sirv-cli) Maintain Range/partial requests during --dev mode: abe9d69
  By sending an empty object, the original request's headers were all lost.

v0.3.1

Compare Source

Patches

• Run custom opts.setHeaders function in dev mode: (#​22): e4b7cc3

v0.3.0

Compare Source

Features

• (sirv) Respond to Range headers/partial requests correctly! (#​19): 135db55

  Now, larger files (video, PDF, etc) will be served correctly. Previously, sirv would ignore the ranged requests and pipe down the entire file at once.

Patches

• (sirv) Running dev mode will also send Last-Modified and Content-Length headers: 135db55

v0.2.5

Compare Source

Patches

• Replace tiny-glob with manual directory traversal: 38ba617

  While tiny-glob is very much a great globbing library, sirv really had no need for a globbing library because it asks for all files within the directory. This makes declaring & responding to filter patterns pointless.

v0.2.4

Compare Source

Patches

• (sirv) Decode incoming URL pathnames (#​20, #​21): 54dde5f
  Thanks @​Seb35!

• (sirv) Allow maxAge option to have 0 value: 9a392f1

• (sirv) Capitalize all outgoing header names: 633644f

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.