From b47dcaa25968ec85ba96fce23381c94a94e389f6 Mon Sep 17 00:00:00 2001 From: Satanshu Mishra Date: Fri, 1 Mar 2024 00:32:22 -0800 Subject: [PATCH 1/8] fix(node): listen on 0.0.0.0 if server.host is set to true (#10282) Co-authored-by: Arsh <69170106+lilnasy@users.noreply.github.com> Co-authored-by: Kevin Zuniga Cuellar <46791833+kevinzunigacuellar@users.noreply.github.com> Co-authored-by: Florian Lefebvre --- .changeset/smooth-singers-kiss.md | 5 +++++ packages/integrations/node/src/standalone.ts | 12 ++++++++--- .../node/test/server-host.test.js | 21 +++++++++++++++++++ 3 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 .changeset/smooth-singers-kiss.md create mode 100644 packages/integrations/node/test/server-host.test.js diff --git a/.changeset/smooth-singers-kiss.md b/.changeset/smooth-singers-kiss.md new file mode 100644 index 0000000000..56d1ea893a --- /dev/null +++ b/.changeset/smooth-singers-kiss.md @@ -0,0 +1,5 @@ +--- +"@astrojs/node": patch +--- + +Fixes the `server.host` option to properly listen on all network interfaces when set to `true` diff --git a/packages/integrations/node/src/standalone.ts b/packages/integrations/node/src/standalone.ts index 35f1ee8d8f..9567e8ab4c 100644 --- a/packages/integrations/node/src/standalone.ts +++ b/packages/integrations/node/src/standalone.ts @@ -9,11 +9,17 @@ import { createAppHandler } from './serve-app.js'; import { createStaticHandler } from './serve-static.js'; import type { Options } from './types.js'; +// Used to get Host Value at Runtime +export const hostOptions = (host: Options["host"]): string => { + if (typeof host === 'boolean') { + return host ? '0.0.0.0' : 'localhost'; + } + return host; +}; + export default function standalone(app: NodeApp, options: Options) { const port = process.env.PORT ? Number(process.env.PORT) : options.port ?? 8080; - // Allow to provide host value at runtime - const hostOptions = typeof options.host === 'boolean' ? 'localhost' : options.host; - const host = process.env.HOST ?? hostOptions; + const host = process.env.HOST ?? hostOptions(options.host); const handler = createStandaloneHandler(app, options); const server = createServer(handler, host, port); server.server.listen(port, host); diff --git a/packages/integrations/node/test/server-host.test.js b/packages/integrations/node/test/server-host.test.js new file mode 100644 index 0000000000..4c987ab23c --- /dev/null +++ b/packages/integrations/node/test/server-host.test.js @@ -0,0 +1,21 @@ +import { describe, it } from 'node:test'; +import * as assert from 'node:assert/strict'; +import { hostOptions } from '../dist/standalone.js'; + +describe('host', () => { + it('returns "0.0.0.0" when host is true', () => { + const options = { host: true }; + assert.equal(hostOptions(options.host), '0.0.0.0'); + }); + + it('returns "localhost" when host is false', () => { + const options = { host: false }; + assert.equal(hostOptions(options.host), 'localhost'); + }); + + it('returns the value of host when host is a string', () => { + const host = "1.1.1.1" + const options = { host }; + assert.equal(hostOptions(options.host), host); + }); +}); From df05138ebe498626ad97d005d9c634d2a9408d38 Mon Sep 17 00:00:00 2001 From: Satanshu Mishra Date: Fri, 1 Mar 2024 08:33:27 +0000 Subject: [PATCH 2/8] [ci] format --- packages/integrations/node/src/standalone.ts | 2 +- .../node/test/server-host.test.js | 28 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/integrations/node/src/standalone.ts b/packages/integrations/node/src/standalone.ts index 9567e8ab4c..843055df3f 100644 --- a/packages/integrations/node/src/standalone.ts +++ b/packages/integrations/node/src/standalone.ts @@ -10,7 +10,7 @@ import { createStaticHandler } from './serve-static.js'; import type { Options } from './types.js'; // Used to get Host Value at Runtime -export const hostOptions = (host: Options["host"]): string => { +export const hostOptions = (host: Options['host']): string => { if (typeof host === 'boolean') { return host ? '0.0.0.0' : 'localhost'; } diff --git a/packages/integrations/node/test/server-host.test.js b/packages/integrations/node/test/server-host.test.js index 4c987ab23c..facd32d471 100644 --- a/packages/integrations/node/test/server-host.test.js +++ b/packages/integrations/node/test/server-host.test.js @@ -1,21 +1,21 @@ -import { describe, it } from 'node:test'; import * as assert from 'node:assert/strict'; +import { describe, it } from 'node:test'; import { hostOptions } from '../dist/standalone.js'; describe('host', () => { - it('returns "0.0.0.0" when host is true', () => { - const options = { host: true }; - assert.equal(hostOptions(options.host), '0.0.0.0'); - }); + it('returns "0.0.0.0" when host is true', () => { + const options = { host: true }; + assert.equal(hostOptions(options.host), '0.0.0.0'); + }); - it('returns "localhost" when host is false', () => { - const options = { host: false }; - assert.equal(hostOptions(options.host), 'localhost'); - }); + it('returns "localhost" when host is false', () => { + const options = { host: false }; + assert.equal(hostOptions(options.host), 'localhost'); + }); - it('returns the value of host when host is a string', () => { - const host = "1.1.1.1" - const options = { host }; - assert.equal(hostOptions(options.host), host); - }); + it('returns the value of host when host is a string', () => { + const host = '1.1.1.1'; + const options = { host }; + assert.equal(hostOptions(options.host), host); + }); }); From 07f89429a1ef5173d3321e0b362a9dc71fc74fe5 Mon Sep 17 00:00:00 2001 From: Erika <3019731+Princesseuh@users.noreply.github.com> Date: Fri, 1 Mar 2024 10:23:07 +0100 Subject: [PATCH 3/8] fix(assets): Solidify Node endpoint (#10284) * fix(assets): Solidify Node endpoint * chore: changeset --- .changeset/soft-boxes-allow.md | 7 ++ packages/astro/src/assets/endpoint/node.ts | 56 +++++++++--- .../astro/src/assets/vite-plugin-assets.ts | 3 +- packages/astro/test/core-image.test.js | 90 +++++++++++++++++++ 4 files changed, 143 insertions(+), 13 deletions(-) create mode 100644 .changeset/soft-boxes-allow.md diff --git a/.changeset/soft-boxes-allow.md b/.changeset/soft-boxes-allow.md new file mode 100644 index 0000000000..54ff50ea85 --- /dev/null +++ b/.changeset/soft-boxes-allow.md @@ -0,0 +1,7 @@ +--- +"astro": patch +--- + +Fixes an issue where in Node SSR, the image endpoint could be used maliciously to reveal unintended information about the underlying system. + +Thanks to Google Security Team for reporting this issue. diff --git a/packages/astro/src/assets/endpoint/node.ts b/packages/astro/src/assets/endpoint/node.ts index cabf02a76e..d06066fae4 100644 --- a/packages/astro/src/assets/endpoint/node.ts +++ b/packages/astro/src/assets/endpoint/node.ts @@ -1,4 +1,7 @@ -import os from 'os'; +/* eslint-disable no-console */ +import os from 'node:os'; +import { isAbsolute } from 'node:path'; +import { fileURLToPath, pathToFileURL } from 'node:url'; import { isRemotePath, removeQueryString } from '@astrojs/internal-helpers/path'; import { readFile } from 'fs/promises'; import mime from 'mime/lite.js'; @@ -7,23 +10,44 @@ import { getConfiguredImageService } from '../internal.js'; import { etag } from '../utils/etag.js'; import { isRemoteAllowed } from '../utils/remotePattern.js'; // @ts-expect-error -import { assetsDir, imageConfig } from 'astro:assets'; +import { assetsDir, outDir, imageConfig } from 'astro:assets'; function replaceFileSystemReferences(src: string) { return os.platform().includes('win32') ? src.replace(/^\/@fs\//, '') : src.replace(/^\/@fs/, ''); } async function loadLocalImage(src: string, url: URL) { - const filePath = import.meta.env.DEV - ? removeQueryString(replaceFileSystemReferences(src)) - : new URL('.' + src, assetsDir); + const assetsDirPath = fileURLToPath(assetsDir); + + let fileUrl; + if (import.meta.env.DEV) { + fileUrl = pathToFileURL(removeQueryString(replaceFileSystemReferences(src))); + } else { + try { + fileUrl = new URL('.' + src, outDir); + const filePath = fileURLToPath(fileUrl); + + if (!isAbsolute(filePath) || !filePath.startsWith(assetsDirPath)) { + return undefined; + } + } catch (err: unknown) { + return undefined; + } + } + let buffer: Buffer | undefined = undefined; try { - buffer = await readFile(filePath); + buffer = await readFile(fileUrl); } catch (e) { - const sourceUrl = new URL(src, url.origin); - buffer = await loadRemoteImage(sourceUrl); + // Fallback to try to load the file using `fetch` + try { + const sourceUrl = new URL(src, url.origin); + buffer = await loadRemoteImage(sourceUrl); + } catch (err: unknown) { + console.error('Could not process image request:', err); + return undefined; + } } return buffer; @@ -58,7 +82,11 @@ export const GET: APIRoute = async ({ request }) => { const transform = await imageService.parseURL(url, imageConfig); if (!transform?.src) { - throw new Error('Incorrect transform returned by `parseURL`'); + const err = new Error( + 'Incorrect transform returned by `parseURL`. Expected a transform with a `src` property.' + ); + console.error('Could not parse image transform from URL:', err); + return new Response('Internal Server Error', { status: 500 }); } let inputBuffer: Buffer | undefined = undefined; @@ -74,7 +102,7 @@ export const GET: APIRoute = async ({ request }) => { } if (!inputBuffer) { - return new Response('Not Found', { status: 404 }); + return new Response('Internal Server Error', { status: 500 }); } const { data, format } = await imageService.transform(inputBuffer, transform, imageConfig); @@ -89,8 +117,12 @@ export const GET: APIRoute = async ({ request }) => { }, }); } catch (err: unknown) { - // eslint-disable-next-line no-console console.error('Could not process image request:', err); - return new Response(`Server Error: ${err}`, { status: 500 }); + return new Response( + import.meta.env.DEV ? `Could not process image request: ${err}` : `Internal Server Error`, + { + status: 500, + } + ); } }; diff --git a/packages/astro/src/assets/vite-plugin-assets.ts b/packages/astro/src/assets/vite-plugin-assets.ts index 5a56e76a68..6afd01c2a6 100644 --- a/packages/astro/src/assets/vite-plugin-assets.ts +++ b/packages/astro/src/assets/vite-plugin-assets.ts @@ -66,13 +66,14 @@ export default function assets({ export { default as Picture } from "astro/components/Picture.astro"; export const imageConfig = ${JSON.stringify(settings.config.image)}; - export const assetsDir = new URL(${JSON.stringify( + export const outDir = new URL(${JSON.stringify( new URL( isServerLikeOutput(settings.config) ? settings.config.build.client : settings.config.outDir ) )}); + export const assetsDir = new URL(${JSON.stringify(settings.config.build.assets)}, outDir); export const getImage = async (options) => await getImageInternal(options, imageConfig); `; } diff --git a/packages/astro/test/core-image.test.js b/packages/astro/test/core-image.test.js index 590e770005..3f53fba961 100644 --- a/packages/astro/test/core-image.test.js +++ b/packages/astro/test/core-image.test.js @@ -1103,6 +1103,96 @@ describe('astro:image', () => { assert.equal(response.status, 200); }); + it('endpoint handle malformed requests', async () => { + const badPaths = [ + '../../../../../../../../../../../../etc/hosts%00', + '../../../../../../../../../../../../etc/hosts', + '../../boot.ini', + '/../../../../../../../../%2A', + '../../../../../../../../../../../../etc/passwd%00', + '../../../../../../../../../../../../etc/passwd', + '../../../../../../../../../../../../etc/shadow%00', + '../../../../../../../../../../../../etc/shadow', + '/../../../../../../../../../../etc/passwd^^', + '/../../../../../../../../../../etc/shadow^^', + '/../../../../../../../../../../etc/passwd', + '/../../../../../../../../../../etc/shadow', + '/./././././././././././etc/passwd', + '/./././././././././././etc/shadow', + '....................etcpasswd', + '....................etcshadow', + '....................etcpasswd', + '....................etcshadow', + '/..../..../..../..../..../..../etc/passwd', + '/..../..../..../..../..../..../etc/shadow', + '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd', + '.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow', + '....................etcpasswd%00', + '....................etcshadow%00', + '....................etcpasswd%00', + '....................etcshadow%00', + '%0a/bin/cat%20/etc/passwd', + '%0a/bin/cat%20/etc/shadow', + '%00/etc/passwd%00', + '%00/etc/shadow%00', + '%00../../../../../../etc/passwd', + '%00../../../../../../etc/shadow', + '/../../../../../../../../../../../etc/passwd%00.jpg', + '/../../../../../../../../../../../etc/passwd%00.html', + '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd', + '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow', + '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd,', + '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow,', + '%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%,25%5c..%25%5c..%25%5c..%25%5c..%00', + '/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..,%25%5c..%25%5c..%25%5c..%25%5c..%00', + '%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%,25%5c..%25%5c..% 25%5c..%25%5c..%00', + '%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%,25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini', + '/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..,%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini', + '\\'/bin/cat%20/etc/passwd\\'', + '\\'/bin/cat%20/etc/shadow\\'', + '../../../../../../../../conf/server.xml', + '/../../../../../../../../bin/id|', + 'C:/inetpub/wwwroot/global.asa', + 'C:inetpubwwwrootglobal.asa', + 'C:/boot.ini', + 'C:\boot.ini', + '../../../../../../../../../../../../localstart.asp%00', + '../../../../../../../../../../../../localstart.asp', + '../../../../../../../../../../../../boot.ini%00', + '../../../../../../../../../../../../boot.ini', + '/./././././././././././boot.ini', + '/../../../../../../../../../../../boot.ini%00', + '/../../../../../../../../../../../boot.ini', + '/..../..../..../..../..../..../boot.ini', + '/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini', + '....................\boot.ini', + '....................\boot.ini%00', + '....................\boot.ini', + '/../../../../../../../../../../../boot.ini%00.html', + '/../../../../../../../../../../../boot.ini%00.jpg', + '/.../.../.../.../.../ ', + '..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini', + '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini', + '../prerender/index.html', + ]; + + const app = await fixture.loadTestAdapterApp(); + + for (const path of badPaths) { + let request = new Request('http://example.com/_image?href=' + path); + let response = await app.render(request); + const body = await response.text(); + + assert.equal(response.status, 500); + assert.equal(body.includes('Internal Server Error'), true); + } + + // Server should still be running + let request = new Request('http://example.com/'); + let response = await app.render(request); + assert.equal(response.status, 200); + }); + it('prerendered routes images are built', async () => { const html = await fixture.readFile('/client/prerender/index.html'); const $ = cheerio.load(html); From a3ebfad0cc812e410f664d58373f77e6cbaeb7aa Mon Sep 17 00:00:00 2001 From: Erika Date: Fri, 1 Mar 2024 09:24:22 +0000 Subject: [PATCH 4/8] [ci] format --- packages/astro/src/assets/endpoint/node.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/astro/src/assets/endpoint/node.ts b/packages/astro/src/assets/endpoint/node.ts index d06066fae4..4d29a7fadd 100644 --- a/packages/astro/src/assets/endpoint/node.ts +++ b/packages/astro/src/assets/endpoint/node.ts @@ -10,7 +10,7 @@ import { getConfiguredImageService } from '../internal.js'; import { etag } from '../utils/etag.js'; import { isRemoteAllowed } from '../utils/remotePattern.js'; // @ts-expect-error -import { assetsDir, outDir, imageConfig } from 'astro:assets'; +import { assetsDir, imageConfig, outDir } from 'astro:assets'; function replaceFileSystemReferences(src: string) { return os.platform().includes('win32') ? src.replace(/^\/@fs\//, '') : src.replace(/^\/@fs/, ''); From afd41cc28bd449e82831e91f6302221945bd6019 Mon Sep 17 00:00:00 2001 From: "Houston (Bot)" <108291165+astrobot-houston@users.noreply.github.com> Date: Fri, 1 Mar 2024 01:31:12 -0800 Subject: [PATCH 5/8] [ci] release (#10265) Co-authored-by: github-actions[bot] --- .changeset/curvy-donkeys-knock.md | 5 -- .changeset/few-worms-rush.md | 5 -- .changeset/smooth-singers-kiss.md | 5 -- .changeset/soft-boxes-allow.md | 7 --- examples/basics/package.json | 2 +- examples/blog/package.json | 2 +- examples/component/package.json | 2 +- examples/framework-alpine/package.json | 2 +- examples/framework-lit/package.json | 2 +- examples/framework-multiple/package.json | 2 +- examples/framework-preact/package.json | 2 +- examples/framework-react/package.json | 2 +- examples/framework-solid/package.json | 2 +- examples/framework-svelte/package.json | 2 +- examples/framework-vue/package.json | 2 +- examples/hackernews/package.json | 4 +- examples/integration/package.json | 2 +- examples/middleware/package.json | 4 +- examples/minimal/package.json | 2 +- examples/non-html-pages/package.json | 2 +- examples/portfolio/package.json | 2 +- examples/ssr/package.json | 4 +- examples/starlog/package.json | 2 +- examples/view-transitions/package.json | 4 +- examples/with-markdoc/package.json | 2 +- examples/with-markdown-plugins/package.json | 2 +- examples/with-markdown-shiki/package.json | 2 +- examples/with-mdx/package.json | 2 +- examples/with-nanostores/package.json | 2 +- examples/with-tailwindcss/package.json | 2 +- examples/with-vitest/package.json | 2 +- packages/astro/CHANGELOG.md | 12 ++++ packages/astro/package.json | 2 +- packages/integrations/node/CHANGELOG.md | 6 ++ packages/integrations/node/package.json | 2 +- pnpm-lock.yaml | 62 ++++++++++----------- 36 files changed, 82 insertions(+), 86 deletions(-) delete mode 100644 .changeset/curvy-donkeys-knock.md delete mode 100644 .changeset/few-worms-rush.md delete mode 100644 .changeset/smooth-singers-kiss.md delete mode 100644 .changeset/soft-boxes-allow.md diff --git a/.changeset/curvy-donkeys-knock.md b/.changeset/curvy-donkeys-knock.md deleted file mode 100644 index 0197a800e0..0000000000 --- a/.changeset/curvy-donkeys-knock.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"astro": patch ---- - -Fixes a regression introduced in v4.4.5 where image optimization did not work in dev mode when a base was configured. diff --git a/.changeset/few-worms-rush.md b/.changeset/few-worms-rush.md deleted file mode 100644 index 3ca708f948..0000000000 --- a/.changeset/few-worms-rush.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"astro": patch ---- - -Adds auto completion for `astro:` event names when adding or removing event listeners on `document`. diff --git a/.changeset/smooth-singers-kiss.md b/.changeset/smooth-singers-kiss.md deleted file mode 100644 index 56d1ea893a..0000000000 --- a/.changeset/smooth-singers-kiss.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@astrojs/node": patch ---- - -Fixes the `server.host` option to properly listen on all network interfaces when set to `true` diff --git a/.changeset/soft-boxes-allow.md b/.changeset/soft-boxes-allow.md deleted file mode 100644 index 54ff50ea85..0000000000 --- a/.changeset/soft-boxes-allow.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"astro": patch ---- - -Fixes an issue where in Node SSR, the image endpoint could be used maliciously to reveal unintended information about the underlying system. - -Thanks to Google Security Team for reporting this issue. diff --git a/examples/basics/package.json b/examples/basics/package.json index 86f892f410..b190f951da 100644 --- a/examples/basics/package.json +++ b/examples/basics/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/blog/package.json b/examples/blog/package.json index c51c8592d4..91cf97616a 100644 --- a/examples/blog/package.json +++ b/examples/blog/package.json @@ -14,6 +14,6 @@ "@astrojs/mdx": "^2.1.1", "@astrojs/rss": "^4.0.5", "@astrojs/sitemap": "^3.1.1", - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/component/package.json b/examples/component/package.json index 1cdb6b3366..4687a572c3 100644 --- a/examples/component/package.json +++ b/examples/component/package.json @@ -15,7 +15,7 @@ ], "scripts": {}, "devDependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" }, "peerDependencies": { "astro": "^4.0.0" diff --git a/examples/framework-alpine/package.json b/examples/framework-alpine/package.json index b203a9e416..10733f4fd0 100644 --- a/examples/framework-alpine/package.json +++ b/examples/framework-alpine/package.json @@ -14,6 +14,6 @@ "@astrojs/alpinejs": "^0.4.0", "@types/alpinejs": "^3.13.5", "alpinejs": "^3.13.3", - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/framework-lit/package.json b/examples/framework-lit/package.json index 6d8d7ff129..216fe53cb2 100644 --- a/examples/framework-lit/package.json +++ b/examples/framework-lit/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/lit": "^4.0.1", "@webcomponents/template-shadowroot": "^0.2.1", - "astro": "^4.4.6", + "astro": "^4.4.7", "lit": "^3.1.2" } } diff --git a/examples/framework-multiple/package.json b/examples/framework-multiple/package.json index 65bb39f7d3..25e2789796 100644 --- a/examples/framework-multiple/package.json +++ b/examples/framework-multiple/package.json @@ -16,7 +16,7 @@ "@astrojs/solid-js": "^4.0.1", "@astrojs/svelte": "^5.2.0", "@astrojs/vue": "^4.0.8", - "astro": "^4.4.6", + "astro": "^4.4.7", "preact": "^10.19.2", "react": "^18.2.0", "react-dom": "^18.2.0", diff --git a/examples/framework-preact/package.json b/examples/framework-preact/package.json index 5f61f5790f..fc9089470e 100644 --- a/examples/framework-preact/package.json +++ b/examples/framework-preact/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/preact": "^3.1.1", "@preact/signals": "^1.2.1", - "astro": "^4.4.6", + "astro": "^4.4.7", "preact": "^10.19.2" } } diff --git a/examples/framework-react/package.json b/examples/framework-react/package.json index ad2b47014a..04f61c34c8 100644 --- a/examples/framework-react/package.json +++ b/examples/framework-react/package.json @@ -14,7 +14,7 @@ "@astrojs/react": "^3.0.10", "@types/react": "^18.2.37", "@types/react-dom": "^18.2.15", - "astro": "^4.4.6", + "astro": "^4.4.7", "react": "^18.2.0", "react-dom": "^18.2.0" } diff --git a/examples/framework-solid/package.json b/examples/framework-solid/package.json index f4a1cd0637..0f98a81772 100644 --- a/examples/framework-solid/package.json +++ b/examples/framework-solid/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/solid-js": "^4.0.1", - "astro": "^4.4.6", + "astro": "^4.4.7", "solid-js": "^1.8.5" } } diff --git a/examples/framework-svelte/package.json b/examples/framework-svelte/package.json index c4b7e3b433..297dd9b4dd 100644 --- a/examples/framework-svelte/package.json +++ b/examples/framework-svelte/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/svelte": "^5.2.0", - "astro": "^4.4.6", + "astro": "^4.4.7", "svelte": "^4.2.5" } } diff --git a/examples/framework-vue/package.json b/examples/framework-vue/package.json index 5864c5a006..3e577afe22 100644 --- a/examples/framework-vue/package.json +++ b/examples/framework-vue/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/vue": "^4.0.8", - "astro": "^4.4.6", + "astro": "^4.4.7", "vue": "^3.3.8" } } diff --git a/examples/hackernews/package.json b/examples/hackernews/package.json index 3560057d1e..b883f6e413 100644 --- a/examples/hackernews/package.json +++ b/examples/hackernews/package.json @@ -11,7 +11,7 @@ "astro": "astro" }, "dependencies": { - "@astrojs/node": "^8.2.1", - "astro": "^4.4.6" + "@astrojs/node": "^8.2.2", + "astro": "^4.4.7" } } diff --git a/examples/integration/package.json b/examples/integration/package.json index bd2cd6879d..f770a92bba 100644 --- a/examples/integration/package.json +++ b/examples/integration/package.json @@ -15,7 +15,7 @@ ], "scripts": {}, "devDependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" }, "peerDependencies": { "astro": "^4.0.0" diff --git a/examples/middleware/package.json b/examples/middleware/package.json index 9ee9f9fa60..112b26151f 100644 --- a/examples/middleware/package.json +++ b/examples/middleware/package.json @@ -12,8 +12,8 @@ "server": "node dist/server/entry.mjs" }, "dependencies": { - "@astrojs/node": "^8.2.1", - "astro": "^4.4.6", + "@astrojs/node": "^8.2.2", + "astro": "^4.4.7", "html-minifier": "^4.0.0" }, "devDependencies": { diff --git a/examples/minimal/package.json b/examples/minimal/package.json index 85580d9cd3..a690ec757c 100644 --- a/examples/minimal/package.json +++ b/examples/minimal/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/non-html-pages/package.json b/examples/non-html-pages/package.json index f00fb4b5b9..1c5a175c26 100644 --- a/examples/non-html-pages/package.json +++ b/examples/non-html-pages/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/portfolio/package.json b/examples/portfolio/package.json index e52d98f04c..015be58aa9 100644 --- a/examples/portfolio/package.json +++ b/examples/portfolio/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/ssr/package.json b/examples/ssr/package.json index 592fc7077b..37861914cc 100644 --- a/examples/ssr/package.json +++ b/examples/ssr/package.json @@ -12,9 +12,9 @@ "server": "node dist/server/entry.mjs" }, "dependencies": { - "@astrojs/node": "^8.2.1", + "@astrojs/node": "^8.2.2", "@astrojs/svelte": "^5.2.0", - "astro": "^4.4.6", + "astro": "^4.4.7", "svelte": "^4.2.5" } } diff --git a/examples/starlog/package.json b/examples/starlog/package.json index 83df3e1f30..ef9962f6ee 100644 --- a/examples/starlog/package.json +++ b/examples/starlog/package.json @@ -10,7 +10,7 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6", + "astro": "^4.4.7", "sass": "^1.69.5", "sharp": "^0.32.6" } diff --git a/examples/view-transitions/package.json b/examples/view-transitions/package.json index a50877a080..6ee02205df 100644 --- a/examples/view-transitions/package.json +++ b/examples/view-transitions/package.json @@ -11,7 +11,7 @@ }, "devDependencies": { "@astrojs/tailwind": "^5.1.0", - "@astrojs/node": "^8.2.1", - "astro": "^4.4.6" + "@astrojs/node": "^8.2.2", + "astro": "^4.4.7" } } diff --git a/examples/with-markdoc/package.json b/examples/with-markdoc/package.json index 2246568f6c..a08d735de8 100644 --- a/examples/with-markdoc/package.json +++ b/examples/with-markdoc/package.json @@ -12,6 +12,6 @@ }, "dependencies": { "@astrojs/markdoc": "^0.9.0", - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/with-markdown-plugins/package.json b/examples/with-markdown-plugins/package.json index 14caff03e5..07e94e6e70 100644 --- a/examples/with-markdown-plugins/package.json +++ b/examples/with-markdown-plugins/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/markdown-remark": "^4.2.1", - "astro": "^4.4.6", + "astro": "^4.4.7", "hast-util-select": "^6.0.2", "rehype-autolink-headings": "^7.1.0", "rehype-slug": "^6.0.0", diff --git a/examples/with-markdown-shiki/package.json b/examples/with-markdown-shiki/package.json index 2a295880e3..decc8acf15 100644 --- a/examples/with-markdown-shiki/package.json +++ b/examples/with-markdown-shiki/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.6" + "astro": "^4.4.7" } } diff --git a/examples/with-mdx/package.json b/examples/with-mdx/package.json index 4ceaf2373c..189c2cf43a 100644 --- a/examples/with-mdx/package.json +++ b/examples/with-mdx/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/mdx": "^2.1.1", "@astrojs/preact": "^3.1.1", - "astro": "^4.4.6", + "astro": "^4.4.7", "preact": "^10.19.2" } } diff --git a/examples/with-nanostores/package.json b/examples/with-nanostores/package.json index 909328a279..84c90742ad 100644 --- a/examples/with-nanostores/package.json +++ b/examples/with-nanostores/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/preact": "^3.1.1", "@nanostores/preact": "^0.5.0", - "astro": "^4.4.6", + "astro": "^4.4.7", "nanostores": "^0.9.5", "preact": "^10.19.2" } diff --git a/examples/with-tailwindcss/package.json b/examples/with-tailwindcss/package.json index 3d9a754967..7439fb66bf 100644 --- a/examples/with-tailwindcss/package.json +++ b/examples/with-tailwindcss/package.json @@ -14,7 +14,7 @@ "@astrojs/mdx": "^2.1.1", "@astrojs/tailwind": "^5.1.0", "@types/canvas-confetti": "^1.6.3", - "astro": "^4.4.6", + "astro": "^4.4.7", "autoprefixer": "^10.4.15", "canvas-confetti": "^1.9.1", "postcss": "^8.4.28", diff --git a/examples/with-vitest/package.json b/examples/with-vitest/package.json index f337edc99d..875e1a16b7 100644 --- a/examples/with-vitest/package.json +++ b/examples/with-vitest/package.json @@ -12,7 +12,7 @@ "test": "vitest" }, "dependencies": { - "astro": "^4.4.6", + "astro": "^4.4.7", "vitest": "^1.3.1" } } diff --git a/packages/astro/CHANGELOG.md b/packages/astro/CHANGELOG.md index 901e49d229..05e54a5a4b 100644 --- a/packages/astro/CHANGELOG.md +++ b/packages/astro/CHANGELOG.md @@ -1,5 +1,17 @@ # astro +## 4.4.7 + +### Patch Changes + +- [#10274](https://github.com/withastro/astro/pull/10274) [`e556151603a2f0173059d0f98fdcbec0610b48ff`](https://github.com/withastro/astro/commit/e556151603a2f0173059d0f98fdcbec0610b48ff) Thanks [@lilnasy](https://github.com/lilnasy)! - Fixes a regression introduced in v4.4.5 where image optimization did not work in dev mode when a base was configured. + +- [#10263](https://github.com/withastro/astro/pull/10263) [`9bdbed723e0aa4243d7d6ee64d1c1df3b75b9aeb`](https://github.com/withastro/astro/commit/9bdbed723e0aa4243d7d6ee64d1c1df3b75b9aeb) Thanks [@martrapp](https://github.com/martrapp)! - Adds auto completion for `astro:` event names when adding or removing event listeners on `document`. + +- [#10284](https://github.com/withastro/astro/pull/10284) [`07f89429a1ef5173d3321e0b362a9dc71fc74fe5`](https://github.com/withastro/astro/commit/07f89429a1ef5173d3321e0b362a9dc71fc74fe5) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Fixes an issue where in Node SSR, the image endpoint could be used maliciously to reveal unintended information about the underlying system. + + Thanks to Google Security Team for reporting this issue. + ## 4.4.6 ### Patch Changes diff --git a/packages/astro/package.json b/packages/astro/package.json index 561ba56dbf..15e4acb8f2 100644 --- a/packages/astro/package.json +++ b/packages/astro/package.json @@ -1,6 +1,6 @@ { "name": "astro", - "version": "4.4.6", + "version": "4.4.7", "description": "Astro is a modern site builder with web best practices, performance, and DX front-of-mind.", "type": "module", "author": "withastro", diff --git a/packages/integrations/node/CHANGELOG.md b/packages/integrations/node/CHANGELOG.md index d95cb355c8..9f5e216ebd 100644 --- a/packages/integrations/node/CHANGELOG.md +++ b/packages/integrations/node/CHANGELOG.md @@ -1,5 +1,11 @@ # @astrojs/node +## 8.2.2 + +### Patch Changes + +- [#10282](https://github.com/withastro/astro/pull/10282) [`b47dcaa25968ec85ba96fce23381c94a94e389f6`](https://github.com/withastro/astro/commit/b47dcaa25968ec85ba96fce23381c94a94e389f6) Thanks [@SatanshuMishra](https://github.com/SatanshuMishra)! - Fixes the `server.host` option to properly listen on all network interfaces when set to `true` + ## 8.2.1 ### Patch Changes diff --git a/packages/integrations/node/package.json b/packages/integrations/node/package.json index fea5c39b1c..95b5601f8e 100644 --- a/packages/integrations/node/package.json +++ b/packages/integrations/node/package.json @@ -1,7 +1,7 @@ { "name": "@astrojs/node", "description": "Deploy your site to a Node.js server", - "version": "8.2.1", + "version": "8.2.2", "type": "module", "types": "./dist/index.d.ts", "author": "withastro", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f0eb28d945..86188e8d72 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -134,7 +134,7 @@ importers: examples/basics: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/blog: @@ -149,13 +149,13 @@ importers: specifier: ^3.1.1 version: link:../../packages/integrations/sitemap astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/component: devDependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/framework-alpine: @@ -170,7 +170,7 @@ importers: specifier: ^3.13.3 version: 3.13.3 astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/framework-lit: @@ -182,7 +182,7 @@ importers: specifier: ^0.2.1 version: 0.2.1 astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro lit: specifier: ^3.1.2 @@ -206,7 +206,7 @@ importers: specifier: ^4.0.8 version: link:../../packages/integrations/vue astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -236,7 +236,7 @@ importers: specifier: ^1.2.1 version: 1.2.1(preact@10.19.3) astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -254,7 +254,7 @@ importers: specifier: ^18.2.15 version: 18.2.18 astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro react: specifier: ^18.2.0 @@ -269,7 +269,7 @@ importers: specifier: ^4.0.1 version: link:../../packages/integrations/solid astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro solid-js: specifier: ^1.8.5 @@ -281,7 +281,7 @@ importers: specifier: ^5.2.0 version: link:../../packages/integrations/svelte astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro svelte: specifier: ^4.2.5 @@ -293,7 +293,7 @@ importers: specifier: ^4.0.8 version: link:../../packages/integrations/vue astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro vue: specifier: ^3.3.8 @@ -302,25 +302,25 @@ importers: examples/hackernews: dependencies: '@astrojs/node': - specifier: ^8.2.1 + specifier: ^8.2.2 version: link:../../packages/integrations/node astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/integration: devDependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/middleware: dependencies: '@astrojs/node': - specifier: ^8.2.1 + specifier: ^8.2.2 version: link:../../packages/integrations/node astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro html-minifier: specifier: ^4.0.0 @@ -333,31 +333,31 @@ importers: examples/minimal: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/non-html-pages: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/portfolio: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/ssr: dependencies: '@astrojs/node': - specifier: ^8.2.1 + specifier: ^8.2.2 version: link:../../packages/integrations/node '@astrojs/svelte': specifier: ^5.2.0 version: link:../../packages/integrations/svelte astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro svelte: specifier: ^4.2.5 @@ -366,7 +366,7 @@ importers: examples/starlog: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro sass: specifier: ^1.69.5 @@ -378,13 +378,13 @@ importers: examples/view-transitions: devDependencies: '@astrojs/node': - specifier: ^8.2.1 + specifier: ^8.2.2 version: link:../../packages/integrations/node '@astrojs/tailwind': specifier: ^5.1.0 version: link:../../packages/integrations/tailwind astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/with-markdoc: @@ -393,7 +393,7 @@ importers: specifier: ^0.9.0 version: link:../../packages/integrations/markdoc astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/with-markdown-plugins: @@ -402,7 +402,7 @@ importers: specifier: ^4.2.1 version: link:../../packages/markdown/remark astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro hast-util-select: specifier: ^6.0.2 @@ -423,7 +423,7 @@ importers: examples/with-markdown-shiki: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro examples/with-mdx: @@ -435,7 +435,7 @@ importers: specifier: ^3.1.1 version: link:../../packages/integrations/preact astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -450,7 +450,7 @@ importers: specifier: ^0.5.0 version: 0.5.0(nanostores@0.9.5)(preact@10.19.3) astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro nanostores: specifier: ^0.9.5 @@ -471,7 +471,7 @@ importers: specifier: ^1.6.3 version: 1.6.4 astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro autoprefixer: specifier: ^10.4.15 @@ -489,7 +489,7 @@ importers: examples/with-vitest: dependencies: astro: - specifier: ^4.4.6 + specifier: ^4.4.7 version: link:../../packages/astro vitest: specifier: ^1.3.1 From d5277df5a4d1e9a8a7b6c8d7b87912e13a163f7f Mon Sep 17 00:00:00 2001 From: Erika <3019731+Princesseuh@users.noreply.github.com> Date: Fri, 1 Mar 2024 11:26:28 +0100 Subject: [PATCH 6/8] fix(node): Safely create requests (#10285) * fix(node): Wrap request creation in try catch * chore: changeset --- .changeset/perfect-poets-teach.md | 5 +++++ packages/integrations/node/src/serve-app.ts | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 .changeset/perfect-poets-teach.md diff --git a/.changeset/perfect-poets-teach.md b/.changeset/perfect-poets-teach.md new file mode 100644 index 0000000000..2e91fb6785 --- /dev/null +++ b/.changeset/perfect-poets-teach.md @@ -0,0 +1,5 @@ +--- +"@astrojs/node": patch +--- + +Fixes an issue where malformed requests could cause the server to error in certain cases. diff --git a/packages/integrations/node/src/serve-app.ts b/packages/integrations/node/src/serve-app.ts index f2fc61f010..a9840b7214 100644 --- a/packages/integrations/node/src/serve-app.ts +++ b/packages/integrations/node/src/serve-app.ts @@ -8,7 +8,15 @@ import type { RequestHandler } from './types.js'; */ export function createAppHandler(app: NodeApp): RequestHandler { return async (req, res, next, locals) => { - const request = NodeApp.createRequest(req); + let request; + try { + request = NodeApp.createRequest(req); + } catch (err) { + res.statusCode = 500; + res.end('Internal Server Error'); + return; + } + const routeData = app.match(request); if (routeData) { const response = await app.render(request, { From 5e3e74b61daa2ba44c761c9ab5745818661a656e Mon Sep 17 00:00:00 2001 From: Erika <3019731+Princesseuh@users.noreply.github.com> Date: Fri, 1 Mar 2024 11:41:43 +0100 Subject: [PATCH 7/8] fix(audits): Don't warn about loading on data URIs (#10275) --- .changeset/warm-buttons-agree.md | 5 +++++ .../astro/src/runtime/client/dev-toolbar/apps/audit/perf.ts | 6 ++++++ 2 files changed, 11 insertions(+) create mode 100644 .changeset/warm-buttons-agree.md diff --git a/.changeset/warm-buttons-agree.md b/.changeset/warm-buttons-agree.md new file mode 100644 index 0000000000..9186f02828 --- /dev/null +++ b/.changeset/warm-buttons-agree.md @@ -0,0 +1,5 @@ +--- +"astro": patch +--- + +Fixes dev toolbar warning about using the proper loading attributes on images using `data:` URIs diff --git a/packages/astro/src/runtime/client/dev-toolbar/apps/audit/perf.ts b/packages/astro/src/runtime/client/dev-toolbar/apps/audit/perf.ts index 197553a25f..4b67fcbf55 100644 --- a/packages/astro/src/runtime/client/dev-toolbar/apps/audit/perf.ts +++ b/packages/astro/src/runtime/client/dev-toolbar/apps/audit/perf.ts @@ -38,6 +38,9 @@ export const perf: AuditRuleWithSelector[] = [ // Ignore elements that are above the fold, they should be loaded eagerly if (htmlElement.offsetTop < window.innerHeight) return false; + // Ignore elements using `data:` URI, the `loading` attribute doesn't do anything for these + if (htmlElement.src.startsWith('data:')) return false; + return true; }, }, @@ -53,6 +56,9 @@ export const perf: AuditRuleWithSelector[] = [ // Ignore elements that are below the fold, they should be loaded lazily if (htmlElement.offsetTop > window.innerHeight) return false; + // Ignore elements using `data:` URI, the `loading` attribute doesn't do anything for these + if (htmlElement.src.startsWith('data:')) return false; + return true; }, }, From 87a3d51f2ca8661babbb76956e54bf389eb86d8f Mon Sep 17 00:00:00 2001 From: "Houston (Bot)" <108291165+astrobot-houston@users.noreply.github.com> Date: Fri, 1 Mar 2024 04:10:51 -0800 Subject: [PATCH 8/8] [ci] release (#10286) Co-authored-by: github-actions[bot] --- .changeset/perfect-poets-teach.md | 5 -- .changeset/warm-buttons-agree.md | 5 -- examples/basics/package.json | 2 +- examples/blog/package.json | 2 +- examples/component/package.json | 2 +- examples/framework-alpine/package.json | 2 +- examples/framework-lit/package.json | 2 +- examples/framework-multiple/package.json | 2 +- examples/framework-preact/package.json | 2 +- examples/framework-react/package.json | 2 +- examples/framework-solid/package.json | 2 +- examples/framework-svelte/package.json | 2 +- examples/framework-vue/package.json | 2 +- examples/hackernews/package.json | 4 +- examples/integration/package.json | 2 +- examples/middleware/package.json | 4 +- examples/minimal/package.json | 2 +- examples/non-html-pages/package.json | 2 +- examples/portfolio/package.json | 2 +- examples/ssr/package.json | 4 +- examples/starlog/package.json | 2 +- examples/view-transitions/package.json | 4 +- examples/with-markdoc/package.json | 2 +- examples/with-markdown-plugins/package.json | 2 +- examples/with-markdown-shiki/package.json | 2 +- examples/with-mdx/package.json | 2 +- examples/with-nanostores/package.json | 2 +- examples/with-tailwindcss/package.json | 2 +- examples/with-vitest/package.json | 2 +- packages/astro/CHANGELOG.md | 6 ++ packages/astro/package.json | 2 +- packages/integrations/node/CHANGELOG.md | 6 ++ packages/integrations/node/package.json | 2 +- pnpm-lock.yaml | 62 ++++++++++----------- 34 files changed, 76 insertions(+), 74 deletions(-) delete mode 100644 .changeset/perfect-poets-teach.md delete mode 100644 .changeset/warm-buttons-agree.md diff --git a/.changeset/perfect-poets-teach.md b/.changeset/perfect-poets-teach.md deleted file mode 100644 index 2e91fb6785..0000000000 --- a/.changeset/perfect-poets-teach.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@astrojs/node": patch ---- - -Fixes an issue where malformed requests could cause the server to error in certain cases. diff --git a/.changeset/warm-buttons-agree.md b/.changeset/warm-buttons-agree.md deleted file mode 100644 index 9186f02828..0000000000 --- a/.changeset/warm-buttons-agree.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"astro": patch ---- - -Fixes dev toolbar warning about using the proper loading attributes on images using `data:` URIs diff --git a/examples/basics/package.json b/examples/basics/package.json index b190f951da..7a0b6444b1 100644 --- a/examples/basics/package.json +++ b/examples/basics/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/blog/package.json b/examples/blog/package.json index 91cf97616a..08ff9cbfe5 100644 --- a/examples/blog/package.json +++ b/examples/blog/package.json @@ -14,6 +14,6 @@ "@astrojs/mdx": "^2.1.1", "@astrojs/rss": "^4.0.5", "@astrojs/sitemap": "^3.1.1", - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/component/package.json b/examples/component/package.json index 4687a572c3..031ca9733a 100644 --- a/examples/component/package.json +++ b/examples/component/package.json @@ -15,7 +15,7 @@ ], "scripts": {}, "devDependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" }, "peerDependencies": { "astro": "^4.0.0" diff --git a/examples/framework-alpine/package.json b/examples/framework-alpine/package.json index 10733f4fd0..e397fa085b 100644 --- a/examples/framework-alpine/package.json +++ b/examples/framework-alpine/package.json @@ -14,6 +14,6 @@ "@astrojs/alpinejs": "^0.4.0", "@types/alpinejs": "^3.13.5", "alpinejs": "^3.13.3", - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/framework-lit/package.json b/examples/framework-lit/package.json index 216fe53cb2..594a709e24 100644 --- a/examples/framework-lit/package.json +++ b/examples/framework-lit/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/lit": "^4.0.1", "@webcomponents/template-shadowroot": "^0.2.1", - "astro": "^4.4.7", + "astro": "^4.4.8", "lit": "^3.1.2" } } diff --git a/examples/framework-multiple/package.json b/examples/framework-multiple/package.json index 25e2789796..12d57d8410 100644 --- a/examples/framework-multiple/package.json +++ b/examples/framework-multiple/package.json @@ -16,7 +16,7 @@ "@astrojs/solid-js": "^4.0.1", "@astrojs/svelte": "^5.2.0", "@astrojs/vue": "^4.0.8", - "astro": "^4.4.7", + "astro": "^4.4.8", "preact": "^10.19.2", "react": "^18.2.0", "react-dom": "^18.2.0", diff --git a/examples/framework-preact/package.json b/examples/framework-preact/package.json index fc9089470e..a7aaa60229 100644 --- a/examples/framework-preact/package.json +++ b/examples/framework-preact/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/preact": "^3.1.1", "@preact/signals": "^1.2.1", - "astro": "^4.4.7", + "astro": "^4.4.8", "preact": "^10.19.2" } } diff --git a/examples/framework-react/package.json b/examples/framework-react/package.json index 04f61c34c8..f8b6117e45 100644 --- a/examples/framework-react/package.json +++ b/examples/framework-react/package.json @@ -14,7 +14,7 @@ "@astrojs/react": "^3.0.10", "@types/react": "^18.2.37", "@types/react-dom": "^18.2.15", - "astro": "^4.4.7", + "astro": "^4.4.8", "react": "^18.2.0", "react-dom": "^18.2.0" } diff --git a/examples/framework-solid/package.json b/examples/framework-solid/package.json index 0f98a81772..e337a67934 100644 --- a/examples/framework-solid/package.json +++ b/examples/framework-solid/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/solid-js": "^4.0.1", - "astro": "^4.4.7", + "astro": "^4.4.8", "solid-js": "^1.8.5" } } diff --git a/examples/framework-svelte/package.json b/examples/framework-svelte/package.json index 297dd9b4dd..986e936e90 100644 --- a/examples/framework-svelte/package.json +++ b/examples/framework-svelte/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/svelte": "^5.2.0", - "astro": "^4.4.7", + "astro": "^4.4.8", "svelte": "^4.2.5" } } diff --git a/examples/framework-vue/package.json b/examples/framework-vue/package.json index 3e577afe22..51dfa0ce76 100644 --- a/examples/framework-vue/package.json +++ b/examples/framework-vue/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/vue": "^4.0.8", - "astro": "^4.4.7", + "astro": "^4.4.8", "vue": "^3.3.8" } } diff --git a/examples/hackernews/package.json b/examples/hackernews/package.json index b883f6e413..4f6b7213fb 100644 --- a/examples/hackernews/package.json +++ b/examples/hackernews/package.json @@ -11,7 +11,7 @@ "astro": "astro" }, "dependencies": { - "@astrojs/node": "^8.2.2", - "astro": "^4.4.7" + "@astrojs/node": "^8.2.3", + "astro": "^4.4.8" } } diff --git a/examples/integration/package.json b/examples/integration/package.json index f770a92bba..aad853c1ef 100644 --- a/examples/integration/package.json +++ b/examples/integration/package.json @@ -15,7 +15,7 @@ ], "scripts": {}, "devDependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" }, "peerDependencies": { "astro": "^4.0.0" diff --git a/examples/middleware/package.json b/examples/middleware/package.json index 112b26151f..849cdf143a 100644 --- a/examples/middleware/package.json +++ b/examples/middleware/package.json @@ -12,8 +12,8 @@ "server": "node dist/server/entry.mjs" }, "dependencies": { - "@astrojs/node": "^8.2.2", - "astro": "^4.4.7", + "@astrojs/node": "^8.2.3", + "astro": "^4.4.8", "html-minifier": "^4.0.0" }, "devDependencies": { diff --git a/examples/minimal/package.json b/examples/minimal/package.json index a690ec757c..b7fa4d9c48 100644 --- a/examples/minimal/package.json +++ b/examples/minimal/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/non-html-pages/package.json b/examples/non-html-pages/package.json index 1c5a175c26..86ca1e0ab7 100644 --- a/examples/non-html-pages/package.json +++ b/examples/non-html-pages/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/portfolio/package.json b/examples/portfolio/package.json index 015be58aa9..b82aa53b52 100644 --- a/examples/portfolio/package.json +++ b/examples/portfolio/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/ssr/package.json b/examples/ssr/package.json index 37861914cc..6e530d7115 100644 --- a/examples/ssr/package.json +++ b/examples/ssr/package.json @@ -12,9 +12,9 @@ "server": "node dist/server/entry.mjs" }, "dependencies": { - "@astrojs/node": "^8.2.2", + "@astrojs/node": "^8.2.3", "@astrojs/svelte": "^5.2.0", - "astro": "^4.4.7", + "astro": "^4.4.8", "svelte": "^4.2.5" } } diff --git a/examples/starlog/package.json b/examples/starlog/package.json index ef9962f6ee..883712151f 100644 --- a/examples/starlog/package.json +++ b/examples/starlog/package.json @@ -10,7 +10,7 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7", + "astro": "^4.4.8", "sass": "^1.69.5", "sharp": "^0.32.6" } diff --git a/examples/view-transitions/package.json b/examples/view-transitions/package.json index 6ee02205df..d74f5ec9ea 100644 --- a/examples/view-transitions/package.json +++ b/examples/view-transitions/package.json @@ -11,7 +11,7 @@ }, "devDependencies": { "@astrojs/tailwind": "^5.1.0", - "@astrojs/node": "^8.2.2", - "astro": "^4.4.7" + "@astrojs/node": "^8.2.3", + "astro": "^4.4.8" } } diff --git a/examples/with-markdoc/package.json b/examples/with-markdoc/package.json index a08d735de8..6e1c487ccb 100644 --- a/examples/with-markdoc/package.json +++ b/examples/with-markdoc/package.json @@ -12,6 +12,6 @@ }, "dependencies": { "@astrojs/markdoc": "^0.9.0", - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/with-markdown-plugins/package.json b/examples/with-markdown-plugins/package.json index 07e94e6e70..8074dfefac 100644 --- a/examples/with-markdown-plugins/package.json +++ b/examples/with-markdown-plugins/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "@astrojs/markdown-remark": "^4.2.1", - "astro": "^4.4.7", + "astro": "^4.4.8", "hast-util-select": "^6.0.2", "rehype-autolink-headings": "^7.1.0", "rehype-slug": "^6.0.0", diff --git a/examples/with-markdown-shiki/package.json b/examples/with-markdown-shiki/package.json index decc8acf15..f1519cc4d8 100644 --- a/examples/with-markdown-shiki/package.json +++ b/examples/with-markdown-shiki/package.json @@ -11,6 +11,6 @@ "astro": "astro" }, "dependencies": { - "astro": "^4.4.7" + "astro": "^4.4.8" } } diff --git a/examples/with-mdx/package.json b/examples/with-mdx/package.json index 189c2cf43a..cd3c57ee06 100644 --- a/examples/with-mdx/package.json +++ b/examples/with-mdx/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/mdx": "^2.1.1", "@astrojs/preact": "^3.1.1", - "astro": "^4.4.7", + "astro": "^4.4.8", "preact": "^10.19.2" } } diff --git a/examples/with-nanostores/package.json b/examples/with-nanostores/package.json index 84c90742ad..e82990cb4a 100644 --- a/examples/with-nanostores/package.json +++ b/examples/with-nanostores/package.json @@ -13,7 +13,7 @@ "dependencies": { "@astrojs/preact": "^3.1.1", "@nanostores/preact": "^0.5.0", - "astro": "^4.4.7", + "astro": "^4.4.8", "nanostores": "^0.9.5", "preact": "^10.19.2" } diff --git a/examples/with-tailwindcss/package.json b/examples/with-tailwindcss/package.json index 7439fb66bf..e9edc6b0ff 100644 --- a/examples/with-tailwindcss/package.json +++ b/examples/with-tailwindcss/package.json @@ -14,7 +14,7 @@ "@astrojs/mdx": "^2.1.1", "@astrojs/tailwind": "^5.1.0", "@types/canvas-confetti": "^1.6.3", - "astro": "^4.4.7", + "astro": "^4.4.8", "autoprefixer": "^10.4.15", "canvas-confetti": "^1.9.1", "postcss": "^8.4.28", diff --git a/examples/with-vitest/package.json b/examples/with-vitest/package.json index 875e1a16b7..7e9e64d9b2 100644 --- a/examples/with-vitest/package.json +++ b/examples/with-vitest/package.json @@ -12,7 +12,7 @@ "test": "vitest" }, "dependencies": { - "astro": "^4.4.7", + "astro": "^4.4.8", "vitest": "^1.3.1" } } diff --git a/packages/astro/CHANGELOG.md b/packages/astro/CHANGELOG.md index 05e54a5a4b..fcc699317d 100644 --- a/packages/astro/CHANGELOG.md +++ b/packages/astro/CHANGELOG.md @@ -1,5 +1,11 @@ # astro +## 4.4.8 + +### Patch Changes + +- [#10275](https://github.com/withastro/astro/pull/10275) [`5e3e74b61daa2ba44c761c9ab5745818661a656e`](https://github.com/withastro/astro/commit/5e3e74b61daa2ba44c761c9ab5745818661a656e) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Fixes dev toolbar warning about using the proper loading attributes on images using `data:` URIs + ## 4.4.7 ### Patch Changes diff --git a/packages/astro/package.json b/packages/astro/package.json index 15e4acb8f2..731033eeb3 100644 --- a/packages/astro/package.json +++ b/packages/astro/package.json @@ -1,6 +1,6 @@ { "name": "astro", - "version": "4.4.7", + "version": "4.4.8", "description": "Astro is a modern site builder with web best practices, performance, and DX front-of-mind.", "type": "module", "author": "withastro", diff --git a/packages/integrations/node/CHANGELOG.md b/packages/integrations/node/CHANGELOG.md index 9f5e216ebd..5d4f27635f 100644 --- a/packages/integrations/node/CHANGELOG.md +++ b/packages/integrations/node/CHANGELOG.md @@ -1,5 +1,11 @@ # @astrojs/node +## 8.2.3 + +### Patch Changes + +- [#10285](https://github.com/withastro/astro/pull/10285) [`d5277df5a4d1e9a8a7b6c8d7b87912e13a163f7f`](https://github.com/withastro/astro/commit/d5277df5a4d1e9a8a7b6c8d7b87912e13a163f7f) Thanks [@Princesseuh](https://github.com/Princesseuh)! - Fixes an issue where malformed requests could cause the server to error in certain cases. + ## 8.2.2 ### Patch Changes diff --git a/packages/integrations/node/package.json b/packages/integrations/node/package.json index 95b5601f8e..0f9d55cc72 100644 --- a/packages/integrations/node/package.json +++ b/packages/integrations/node/package.json @@ -1,7 +1,7 @@ { "name": "@astrojs/node", "description": "Deploy your site to a Node.js server", - "version": "8.2.2", + "version": "8.2.3", "type": "module", "types": "./dist/index.d.ts", "author": "withastro", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 86188e8d72..9e35467d74 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -134,7 +134,7 @@ importers: examples/basics: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/blog: @@ -149,13 +149,13 @@ importers: specifier: ^3.1.1 version: link:../../packages/integrations/sitemap astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/component: devDependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/framework-alpine: @@ -170,7 +170,7 @@ importers: specifier: ^3.13.3 version: 3.13.3 astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/framework-lit: @@ -182,7 +182,7 @@ importers: specifier: ^0.2.1 version: 0.2.1 astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro lit: specifier: ^3.1.2 @@ -206,7 +206,7 @@ importers: specifier: ^4.0.8 version: link:../../packages/integrations/vue astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -236,7 +236,7 @@ importers: specifier: ^1.2.1 version: 1.2.1(preact@10.19.3) astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -254,7 +254,7 @@ importers: specifier: ^18.2.15 version: 18.2.18 astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro react: specifier: ^18.2.0 @@ -269,7 +269,7 @@ importers: specifier: ^4.0.1 version: link:../../packages/integrations/solid astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro solid-js: specifier: ^1.8.5 @@ -281,7 +281,7 @@ importers: specifier: ^5.2.0 version: link:../../packages/integrations/svelte astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro svelte: specifier: ^4.2.5 @@ -293,7 +293,7 @@ importers: specifier: ^4.0.8 version: link:../../packages/integrations/vue astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro vue: specifier: ^3.3.8 @@ -302,25 +302,25 @@ importers: examples/hackernews: dependencies: '@astrojs/node': - specifier: ^8.2.2 + specifier: ^8.2.3 version: link:../../packages/integrations/node astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/integration: devDependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/middleware: dependencies: '@astrojs/node': - specifier: ^8.2.2 + specifier: ^8.2.3 version: link:../../packages/integrations/node astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro html-minifier: specifier: ^4.0.0 @@ -333,31 +333,31 @@ importers: examples/minimal: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/non-html-pages: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/portfolio: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/ssr: dependencies: '@astrojs/node': - specifier: ^8.2.2 + specifier: ^8.2.3 version: link:../../packages/integrations/node '@astrojs/svelte': specifier: ^5.2.0 version: link:../../packages/integrations/svelte astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro svelte: specifier: ^4.2.5 @@ -366,7 +366,7 @@ importers: examples/starlog: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro sass: specifier: ^1.69.5 @@ -378,13 +378,13 @@ importers: examples/view-transitions: devDependencies: '@astrojs/node': - specifier: ^8.2.2 + specifier: ^8.2.3 version: link:../../packages/integrations/node '@astrojs/tailwind': specifier: ^5.1.0 version: link:../../packages/integrations/tailwind astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/with-markdoc: @@ -393,7 +393,7 @@ importers: specifier: ^0.9.0 version: link:../../packages/integrations/markdoc astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/with-markdown-plugins: @@ -402,7 +402,7 @@ importers: specifier: ^4.2.1 version: link:../../packages/markdown/remark astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro hast-util-select: specifier: ^6.0.2 @@ -423,7 +423,7 @@ importers: examples/with-markdown-shiki: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro examples/with-mdx: @@ -435,7 +435,7 @@ importers: specifier: ^3.1.1 version: link:../../packages/integrations/preact astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro preact: specifier: ^10.19.2 @@ -450,7 +450,7 @@ importers: specifier: ^0.5.0 version: 0.5.0(nanostores@0.9.5)(preact@10.19.3) astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro nanostores: specifier: ^0.9.5 @@ -471,7 +471,7 @@ importers: specifier: ^1.6.3 version: 1.6.4 astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro autoprefixer: specifier: ^10.4.15 @@ -489,7 +489,7 @@ importers: examples/with-vitest: dependencies: astro: - specifier: ^4.4.7 + specifier: ^4.4.8 version: link:../../packages/astro vitest: specifier: ^1.3.1