[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3#1
Closed
snyk-bot wants to merge 1 commit into
Closed
[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3#1snyk-bot wants to merge 1 commit into
snyk-bot wants to merge 1 commit into
Conversation
Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3. See this package in npm: https://www.npmjs.com/package/@cloudflare/kv-asset-handler See this project in Snyk: https://app.snyk.io/org/maxmood/project/cff11245-40d7-4097-80e8-1d3e170325c6?utm_source=github&utm_medium=upgrade-pr
|
Hey there, this pull request has been automatically marked as stale because it has not had recent activity. It will be auto-closed after and additional 10 days of inactivity. If you need it open for longer, add the label |
|
Hey there, we've closed out this pull request because it's been stale for a while and there's been no additional action on it. If these changes are still relevant, open a new pull request (or flag to us in a GitHub issue). |
pull Bot
pushed a commit
that referenced
this pull request
Mar 9, 2026
…shooting (cloudflare#28780) * [Registrar] Rewrite transfer page and add registration limits troubleshooting Restructure the transfer-domain-to-cloudflare page into two clear phases (add domain to Cloudflare, then transfer registration) instead of the previous flat 10-step list. Inline partials, add DNSSEC/nameserver provider links, explain why each step is needed, and add registration limits content with actionable guidance. Add new troubleshooting section for transfers rejected due to registration period limits (10-year max for most TLDs, 5-year for .co). Clarify vague language throughout: specific WHOIS status explanations, concrete 45-day expiration rule, ICANN contact-change lock details. * [Registrar] Simplify transfer timeline language in opening paragraph * [Registrar] Address PR review feedback and restore grace period transfer scenario - Break opening paragraph into scannable bullet list (#1) - Lead with action instead of comparison to other registrars (#2) - Replace IDN jargon with plain language and example (#3) - Lead with actionable advice in Restrictions block (#5) - Cross-link 'active on Cloudflare' to full-setup docs (#6) - Replace inlined DNSSEC links with dnssec-providers partial (#7) - Slim 'Add your domain' section to cross-link full-setup page (#8) - Reorder unlock section to put action before context (#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (#10) * [Registrar] Simplify transfer page, move details to troubleshooting - Simplify opening: shorter total time bullet, one-line prereq - Move Restrictions block content to troubleshooting page - Move registration limits and 'domain not available' Details blocks to troubleshooting page as standalone sections with full examples - Add 45-day grace period note in Before you begin with FAQ link - Update TLD page to link to troubleshooting instead of removed anchor - Simplify approve-transfer section for non-technical audience - Convert caution to note for Active status requirement - Make authoritative DNS requirement a bullet in Before you begin - Remove redundant 'Go to Transfer Domains page' text (DashButton CTA) * [Registrar] Restore auth code callout in opening note block
github-actions
Bot
deleted the
snyk-upgrade-fc8566074c6b7974a4027e44fa183f8c
branch
March 20, 2026 13:40
pull Bot
pushed a commit
that referenced
this pull request
Mar 24, 2026
* [Registrar] Rewrite transfer page and add registration limits troubleshooting Restructure the transfer-domain-to-cloudflare page into two clear phases (add domain to Cloudflare, then transfer registration) instead of the previous flat 10-step list. Inline partials, add DNSSEC/nameserver provider links, explain why each step is needed, and add registration limits content with actionable guidance. Add new troubleshooting section for transfers rejected due to registration period limits (10-year max for most TLDs, 5-year for .co). Clarify vague language throughout: specific WHOIS status explanations, concrete 45-day expiration rule, ICANN contact-change lock details. * [Registrar] Simplify transfer timeline language in opening paragraph * [Registrar] Address PR review feedback and restore grace period transfer scenario - Break opening paragraph into scannable bullet list (#1) - Lead with action instead of comparison to other registrars (#2) - Replace IDN jargon with plain language and example (#3) - Lead with actionable advice in Restrictions block (#5) - Cross-link 'active on Cloudflare' to full-setup docs (#6) - Replace inlined DNSSEC links with dnssec-providers partial (#7) - Slim 'Add your domain' section to cross-link full-setup page (#8) - Reorder unlock section to put action before context (#9) - Restore 45-day grace period scenario with concrete date example and ICANN refund entitlement, matching FAQ content (#10) * [Registrar] Simplify transfer page, move details to troubleshooting - Simplify opening: shorter total time bullet, one-line prereq - Move Restrictions block content to troubleshooting page - Move registration limits and 'domain not available' Details blocks to troubleshooting page as standalone sections with full examples - Add 45-day grace period note in Before you begin with FAQ link - Update TLD page to link to troubleshooting instead of removed anchor - Simplify approve-transfer section for non-technical audience - Convert caution to note for Active status requirement - Make authoritative DNS requirement a bullet in Before you begin - Remove redundant 'Go to Transfer Domains page' text (DashButton CTA) * [Registrar] Restore auth code callout in opening note block * [Registrar] Address review feedback on auth codes, GoDaddy proxy, and ccTLD transfer pricing * [Registrar] Replace unverified GoDaddy domain forwarding claim with accurate transfer guidance * [Registrar] Simplify 45-day transfer registration language and move detail to FAQ * [Registrar] Address review feedback: restore notes and add email verification section
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: @cloudflare/kv-asset-handler
-
0.1.3 - 2021-06-18
-
-
-
-
-
-
-
-
- Bump @ types/node from 15.3.1 to 15.6.0 (pull/183)
- Bump @ types/node from 15.6.0 to 15.6.1 (pull/184)
- Bump @ types/node from 15.6.1 to 15.9.0 (pull/189)
- Bump @ types/node from 15.9.0 to 15.12.0 (pull/190)
- Bump @ types/node from 15.12.0 to 15.12.1 (pull/191)
- Bump @ types/node from 15.12.1 to 15.12.2 (pull/193)
- Bump typescript from 4.2.4 to 4.3.2 (pull/187)
- Bump prettier from 2.3.0 to 2.3.1 (pull/192)
-
0.1.2 - 2021-05-24
-
-
-
-
-
-
-
-
-
-
- Bump @ types/node from 15.30.0 to 15.30.1 (pull/180)
- Bump hosted-git-info from 2.8.8 to 2.8.9 (pull/176)
- Bump ini from 1.3.5 to 1.3.8 (pull/160)
- Bump lodash from 4.17.19 to 4.17.21 (pull/175)
- Bump urijs from 1.19.2 to 1.19.6 (pull/168)
- Bump y18n from 4.0.0 to 4.0.1 (pull/173)
-
-
-
-
-
0.1.1 - 2021-03-15
-
-
-
0.1.0 - 2020-12-02
-
0.0.12 - 2020-09-02
-
-
-
-
-
-
-
-
from @cloudflare/kv-asset-handler GitHub release notesPerformance
Only parse
ASSET_MANIFESTonce on startup - Cherry, pull/185This PR improves performance of the
getAssetFromKVfunction by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:Initial work and credit to groenlid in pull/143.
Fixes
ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188
This PR fixes the library from crashing when global environment variables such as
__STATIC_CONTENTand__STATIC_CONTENT_MANIFESTare missing, which is currently the case when using the new ESM module syntax.Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.
Maintenance
Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185
This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs
prettierto maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.Add test for
mapRequestToAssetasset override - Cherry, pull/186This PR adds a test for the functionality added in pull/159. This tests that when overriding the
mapRequestToAssetfunction in its entirety, this function is always run.Dependabot updates
A number of dependabot patch-level updates have been merged:
Features
Support for
defaultDocumentconfiguration - boemekeld, pull/161This PR adds support for customizing the
defaultDocumentoption ingetAssetFromKV. In situations where a project does not useindex.htmlas the default document for a path, this can now be customized to values likeindex.shtm:Fixes
Fire
mapRequestToAssetfor all requests, if explicitly defined - Cherry, pull/159This PR fixes an issue where a custom
mapRequestToAssethandler weren't fired if a matching asset path was found inASSET_MANIFESTdata. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in theASSET_MANIFEST.Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the
ASSET_MANIFEST. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.Etag logic refactor - shagamemnon, pull/133
This PR refactors a great deal of the Etag functionality introduced in 0.0.11.
kv-asset-handlerwill now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.Fix path decoding issue - xiaolanglanglang, pull/142
This PR improves support for non-alphanumeric character paths in
kv-asset-handler, for instance, if the path requested is in Chinese.Check HTTP method after mapRequestToAsset - oliverpool, pull/178
This PR fixes an issue where the HTTP method for an asset is checked before the
mapRequestToAssethandler is called. This has caused issues for users in the past, where they need to generate arequestKeybased on an asset path, even if the request method is notGET. This fixes issue/151.Maintenance
Add Markdown linting workflow to GitHub Actions - jbampton, pull/135
Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other
.mdfiles in the source code.Dependabot updates
A number of dependabot patch-level updates have been merged since our last release:
Repository maintenance - Cherry, pull/179
New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.
Documentation
Update README.md - signalnerve, pull/177
This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server
Add instructions for updating version in related repos - caass, [pull/171]
This PR adds instructions for updating the
kv-asset-handlerversion in related repositories, such as our templates, that usekv-asset-handlerand are exposed to end-users of Wrangler and Workers.0.1.1
Fixes
kv-asset-handler can translate 206 responses to 200 - harrishancock, pull/166
Fixes wrangler#1746
0.1.0
Features
Add defaultMimeType option to getAssetFromKV - mgrahamjo, pull/121
Some static website owners prefer not to create all of their web routes as directories containing index.html files. Instead, they prefer to create pages as extensionless HTML files. Providing a defaultMimeType option will allow users to set the Content-Type header for extensionless files to text/html, which will enable this use case.
Add defaultMimeType to types - [shagamemnon], pull/132
Adds the newly added defaultMimeType to the exported types for this package.
Fixes
Fix text/ charset - EatonZ, pull/130*
Adds a missing
-to theutf-8charset value in response mime types.Cache handling for HEAD requests - klittlepage, pull/141
This PR skips caching for incoming HEAD requests, as they should not be able to be edge cached.
Maintenance
Markdown linting/typos - jbampton, pull/123, pull/125, pull/126, pull/127, pull/128, pull/129, pull/131, pull/134
These PRs contain various typo fixes and linting of existing Markdown files in our documentation and CHANGELOG.
Commit messages
Package name: @cloudflare/kv-asset-handler
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs