Skip to content

[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3#1

Closed
snyk-bot wants to merge 1 commit into
productionfrom
snyk-upgrade-fc8566074c6b7974a4027e44fa183f8c
Closed

[Snyk] Upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3#1
snyk-bot wants to merge 1 commit into
productionfrom
snyk-upgrade-fc8566074c6b7974a4027e44fa183f8c

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to upgrade @cloudflare/kv-asset-handler from 0.0.12 to 0.1.3.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-06-18.
Release notes
Package name: @cloudflare/kv-asset-handler
  • 0.1.3 - 2021-06-18
    • Performance

      • Only parse ASSET_MANIFEST once on startup - Cherry, pull/185

        This PR improves performance of the getAssetFromKV function by only parsing the asset manifest once on startup, instead of on each request. This can have a significant improvement in response times for larger sites. An example of the performance improvement with an asset manifest of over 50k files:

        Before change:
        100 iterations: Done. Mean kv response time is 16.61
        1000 iterations: Done. Mean kv response time is 17.798
        After change:
        100 iterations: Done. Mean kv response time is 6.62
        1000 iterations: Done. Mean kv response time is 7.296

        Initial work and credit to groenlid in pull/143.

    • Fixes

      • ESM compatibility: fix crash on missing global environment variables - ttraenkler, pull/188

        This PR fixes the library from crashing when global environment variables such as __STATIC_CONTENT and __STATIC_CONTENT_MANIFEST are missing, which is currently the case when using the new ESM module syntax.

        Note that whilst this partially resolves the issue discussed in issue/174, it does not provide full ESM compatibility yet. Please see issue/174 for further discussion.

    • Maintenance

      • Tweak GitHub Actions Workflow for proper PR testing - Cherry, pull/185

        This PR tweaks the GitHub Actions Workflow to test PRs properly, both in terms of linting and the repository tests. It runs prettier to maintain code quality and style, and all unit tests on every PR to ensure no regressions occur.

      • Add test for mapRequestToAsset asset override - Cherry, pull/186

        This PR adds a test for the functionality added in pull/159. This tests that when overriding the mapRequestToAsset function in its entirety, this function is always run.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged:

        • Bump @ types/node from 15.3.1 to 15.6.0 (pull/183)
        • Bump @ types/node from 15.6.0 to 15.6.1 (pull/184)
        • Bump @ types/node from 15.6.1 to 15.9.0 (pull/189)
        • Bump @ types/node from 15.9.0 to 15.12.0 (pull/190)
        • Bump @ types/node from 15.12.0 to 15.12.1 (pull/191)
        • Bump @ types/node from 15.12.1 to 15.12.2 (pull/193)
        • Bump typescript from 4.2.4 to 4.3.2 (pull/187)
        • Bump prettier from 2.3.0 to 2.3.1 (pull/192)
  • 0.1.2 - 2021-05-24
    • Features

      • Support for defaultDocument configuration - boemekeld, pull/161

        This PR adds support for customizing the defaultDocument option in getAssetFromKV. In situations where a project does not use index.html as the default document for a path, this can now be customized to values like index.shtm:

        return getAssetFromKV(event, { 
          defaultDocument: "index.shtm"
        })
    • Fixes

      • Fire mapRequestToAsset for all requests, if explicitly defined - Cherry, pull/159

        This PR fixes an issue where a custom mapRequestToAsset handler weren't fired if a matching asset path was found in ASSET_MANIFEST data. By correctly checking for this handler, we can conditionally handle any assets with this handler even if they exist in the ASSET_MANIFEST.

        Note that this is a breaking change, as previously, the mapRequestToAsset function was ignored if you set it, and an exact match was found in the ASSET_MANIFEST. That being said, this behavior was a bug, and unexpected behavior, as documented in issue/158.

      • Etag logic refactor - shagamemnon, pull/133

        This PR refactors a great deal of the Etag functionality introduced in 0.0.11. kv-asset-handler will now correctly set strong and weak Etags both to the Cloudflare CDN and to client eyeballs, allowing for higher cache percentages with Workers Sites projects.

      • Fix path decoding issue - xiaolanglanglang, pull/142

        This PR improves support for non-alphanumeric character paths in kv-asset-handler, for instance, if the path requested is in Chinese.

      • Check HTTP method after mapRequestToAsset - oliverpool, pull/178

        This PR fixes an issue where the HTTP method for an asset is checked before the mapRequestToAsset handler is called. This has caused issues for users in the past, where they need to generate a requestKey based on an asset path, even if the request method is not GET. This fixes issue/151.

    • Maintenance

      • Add Markdown linting workflow to GitHub Actions - jbampton, pull/135

        Our GitHub Actions workflow now includes a linting workflow for Markdown in the project, including the README, this CHANGELOG, and any other .md files in the source code.

      • Dependabot updates

        A number of dependabot patch-level updates have been merged since our last release:

        • Bump @ types/node from 15.30.0 to 15.30.1 (pull/180)
        • Bump hosted-git-info from 2.8.8 to 2.8.9 (pull/176)
        • Bump ini from 1.3.5 to 1.3.8 (pull/160)
        • Bump lodash from 4.17.19 to 4.17.21 (pull/175)
        • Bump urijs from 1.19.2 to 1.19.6 (pull/168)
        • Bump y18n from 4.0.0 to 4.0.1 (pull/173)
      • Repository maintenance - Cherry, pull/179

        New project maintainer Cherry did a ton of maintenance in this release, improving workflows, code quality, and more. Check out the full list in the PR.

    • Documentation

      • Update README.md - signalnerve, pull/177

        This PR adds context to our README, with mentions about what this project is, how to use it, and some new things since the last version of this package: namely, Cloudflare Pages and the new Cloudflare Workers Discord server

      • Add instructions for updating version in related repos - caass, [pull/171]

        This PR adds instructions for updating the kv-asset-handler version in related repositories, such as our templates, that use kv-asset-handler and are exposed to end-users of Wrangler and Workers.

  • 0.1.1 - 2021-03-15

    0.1.1

  • 0.1.0 - 2020-12-02

    0.1.0

  • 0.0.12 - 2020-09-02
    • Features

      • Add defaultMimeType option to getAssetFromKV - mgrahamjo, pull/121

        Some static website owners prefer not to create all of their web routes as directories containing index.html files. Instead, they prefer to create pages as extensionless HTML files. Providing a defaultMimeType option will allow users to set the Content-Type header for extensionless files to text/html, which will enable this use case.

      • Add defaultMimeType to types - [shagamemnon], pull/132

        Adds the newly added defaultMimeType to the exported types for this package.

    • Fixes

      • Fix text/ charset - EatonZ, pull/130*

        Adds a missing - to the utf-8 charset value in response mime types.

      • Cache handling for HEAD requests - klittlepage, pull/141

        This PR skips caching for incoming HEAD requests, as they should not be able to be edge cached.

    • Maintenance

from @cloudflare/kv-asset-handler GitHub release notes
Commit messages
Package name: @cloudflare/kv-asset-handler

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@github-actions

github-actions Bot commented Nov 3, 2025

Copy link
Copy Markdown

Hey there, this pull request has been automatically marked as stale because it has not had recent activity. It will be auto-closed after and additional 10 days of inactivity. If you need it open for longer, add the label stale-exempt.

@github-actions github-actions Bot added the Stale label Nov 3, 2025
@github-actions

Copy link
Copy Markdown

Hey there, we've closed out this pull request because it's been stale for a while and there's been no additional action on it. If these changes are still relevant, open a new pull request (or flag to us in a GitHub issue).

@github-actions github-actions Bot closed this Jan 30, 2026
pull Bot pushed a commit that referenced this pull request Mar 9, 2026
…shooting (cloudflare#28780)

* [Registrar] Rewrite transfer page and add registration limits troubleshooting

Restructure the transfer-domain-to-cloudflare page into two clear phases
(add domain to Cloudflare, then transfer registration) instead of the
previous flat 10-step list. Inline partials, add DNSSEC/nameserver
provider links, explain why each step is needed, and add registration
limits content with actionable guidance.

Add new troubleshooting section for transfers rejected due to
registration period limits (10-year max for most TLDs, 5-year for .co).
Clarify vague language throughout: specific WHOIS status explanations,
concrete 45-day expiration rule, ICANN contact-change lock details.

* [Registrar] Simplify transfer timeline language in opening paragraph

* [Registrar] Address PR review feedback and restore grace period transfer scenario

- Break opening paragraph into scannable bullet list (#1)
- Lead with action instead of comparison to other registrars (#2)
- Replace IDN jargon with plain language and example (#3)
- Lead with actionable advice in Restrictions block (#5)
- Cross-link 'active on Cloudflare' to full-setup docs (#6)
- Replace inlined DNSSEC links with dnssec-providers partial (#7)
- Slim 'Add your domain' section to cross-link full-setup page (#8)
- Reorder unlock section to put action before context (#9)
- Restore 45-day grace period scenario with concrete date example
  and ICANN refund entitlement, matching FAQ content (#10)

* [Registrar] Simplify transfer page, move details to troubleshooting

- Simplify opening: shorter total time bullet, one-line prereq
- Move Restrictions block content to troubleshooting page
- Move registration limits and 'domain not available' Details blocks
  to troubleshooting page as standalone sections with full examples
- Add 45-day grace period note in Before you begin with FAQ link
- Update TLD page to link to troubleshooting instead of removed anchor
- Simplify approve-transfer section for non-technical audience
- Convert caution to note for Active status requirement
- Make authoritative DNS requirement a bullet in Before you begin
- Remove redundant 'Go to Transfer Domains page' text (DashButton CTA)

* [Registrar] Restore auth code callout in opening note block
@github-actions
github-actions Bot deleted the snyk-upgrade-fc8566074c6b7974a4027e44fa183f8c branch March 20, 2026 13:40
pull Bot pushed a commit that referenced this pull request Mar 24, 2026
* [Registrar] Rewrite transfer page and add registration limits troubleshooting

Restructure the transfer-domain-to-cloudflare page into two clear phases
(add domain to Cloudflare, then transfer registration) instead of the
previous flat 10-step list. Inline partials, add DNSSEC/nameserver
provider links, explain why each step is needed, and add registration
limits content with actionable guidance.

Add new troubleshooting section for transfers rejected due to
registration period limits (10-year max for most TLDs, 5-year for .co).
Clarify vague language throughout: specific WHOIS status explanations,
concrete 45-day expiration rule, ICANN contact-change lock details.

* [Registrar] Simplify transfer timeline language in opening paragraph

* [Registrar] Address PR review feedback and restore grace period transfer scenario

- Break opening paragraph into scannable bullet list (#1)
- Lead with action instead of comparison to other registrars (#2)
- Replace IDN jargon with plain language and example (#3)
- Lead with actionable advice in Restrictions block (#5)
- Cross-link 'active on Cloudflare' to full-setup docs (#6)
- Replace inlined DNSSEC links with dnssec-providers partial (#7)
- Slim 'Add your domain' section to cross-link full-setup page (#8)
- Reorder unlock section to put action before context (#9)
- Restore 45-day grace period scenario with concrete date example
  and ICANN refund entitlement, matching FAQ content (#10)

* [Registrar] Simplify transfer page, move details to troubleshooting

- Simplify opening: shorter total time bullet, one-line prereq
- Move Restrictions block content to troubleshooting page
- Move registration limits and 'domain not available' Details blocks
  to troubleshooting page as standalone sections with full examples
- Add 45-day grace period note in Before you begin with FAQ link
- Update TLD page to link to troubleshooting instead of removed anchor
- Simplify approve-transfer section for non-technical audience
- Convert caution to note for Active status requirement
- Make authoritative DNS requirement a bullet in Before you begin
- Remove redundant 'Go to Transfer Domains page' text (DashButton CTA)

* [Registrar] Restore auth code callout in opening note block

* [Registrar] Address review feedback on auth codes, GoDaddy proxy, and ccTLD transfer pricing

* [Registrar] Replace unverified GoDaddy domain forwarding claim with accurate transfer guidance

* [Registrar] Simplify 45-day transfer registration language and move detail to FAQ

* [Registrar] Address review feedback: restore notes and add email verification section
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant