Skip to content

Releases: h3js/h3

v1.15.5

Choose a tag to compare

@pi0 pi0 released this 15 Jan 11:39

compare changes

Important

Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.

In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)

🩹 Fixes

  • readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

v2.0.1-rc.8

Choose a tag to compare

@pi0 pi0 released this 06 Jan 11:19

compare changes

🩹 Fixes

  • fromNodeHandler: Pipe responses once (#1273)

💅 Refactors

  • Avoid unnecessary Error.captureStackTrace (652e883)

v2.0.1-rc.7

Choose a tag to compare

@pi0 pi0 released this 30 Dec 14:07

compare changes

Important

srvx has been updated to v0.10.. Please review the release notes for important information about Node.js compatibility.

🚀 Enhancements

  • Experimental tracing channels support (#1251)
  • Customizable validation errors (#1146)

🩹 Fixes

  • mockEvent: Make sure duplex option is properly set (eb83aad)
  • handleCacheHeaders: Round modifiedTime to seconds (#1262)

📖 Docs

  • Fix typo in jsdocs (#1263)

❤️ Contributors

v2.0.1-rc.6

Choose a tag to compare

@pi0 pi0 released this 08 Dec 13:00

compare changes

🚀 Enhancements

  • defineWebSocketHandler: Support callback with event (#1242)

🩹 Fixes

  • proxy: Strip transfer-encoding header from proxied response (#1248)
  • Clear event.res after prepare (#1259)

📖 Documentation

  • Add H3ravel to the community section (#1239)
  • Add intlify to community integrations (#1244)

❤️ Contributors

v2.0.1-rc.5

Choose a tag to compare

@pi0 pi0 released this 27 Oct 22:21

compare changes

🚀 Enhancements

🩹 Fixes

  • assertBodySize: Disallow both content-length and transfer-encoding headers (9ccd301)
  • Mask .pathname for mounted sub-app routed middleware (#1232)
  • middleware: Allow returning 404 response in middleware (#1231)

💅 Refactors

📦 Build

❤️ Contributors

v2.0.1-rc.4

Choose a tag to compare

@pi0 pi0 released this 25 Oct 13:31

compare changes

🚀 Enhancements

  • Add assertBodySize util and bodyLimit middleware (#1222)

🩹 Fixes

  • Support happy-dom environment (#1230)

❤️ Contributors

v2.0.1-rc.3

Choose a tag to compare

@pi0 pi0 released this 23 Oct 13:38

compare changes

Note

See srvx@0.9 release notes.

🩹 Fixes

  • Freeze default response headers (#1227)
  • response: Do not double merge prepared headers in nested error handler (#1226)
  • ⚠️ Avoid merging prepared headers when a Response is not ok (#1228)

💅 Refactors

  • Update to srvx 0.9 (#1224)
  • proxy: ⚠️ Keep header entries as-is (#1225)

📦 Build

  • Reduce external dependencies (#1219)

🌊 Types

  • Merge custom body in HTTPError.toJSON result (#1216)
  • Fix types for legacy defineEventHandler, eventHandler, lazyEventHandler (f185ce6)

📖 Documentation

  • Remove beta tag (#1223)

❤️ Contributors

v2.0.1-rc.2

Choose a tag to compare

@pi0 pi0 released this 08 Oct 15:21

compare changes

💅 Refactors

  • Deprecate and move toNodeHandler to h3/node (#1215)

v2.0.0-rc.1

Choose a tag to compare

@pi0 pi0 released this 07 Oct 14:42

compare changes

🚀 Enhancements

  • ⚠️ HTTPResponse (#1212)

🔥 Performance

  • Try avoid cloning response for meriging headers (#1214)

🩹 Fixes

  • cors: Use defaults in handleCors (#1161)

💅 Refactors

  • Hide internal event._res and event.res._headers (#1185)

📦 Build

  • Add missing exports (#1211)

⚠️ Breaking Changes

  • ⚠️ HTTPResponse (#1212)

❤️ Contributors

v2.0.0-beta.5

Choose a tag to compare

@pi0 pi0 released this 01 Oct 18:07

compare changes

🚀 Enhancements

  • Support universal { fetch } handlers (#1210)
  • Support fetchable object for dynamic handlers (0da8e4a)
  • toEventHandler and HTTPHandler (38be512)

🔥 Performance

  • Slightly improve getRequestIP performances (#1197)

💅 Refactors

  • Allow overriding middleware resolution (f45dd27, 3f766a5)
  • Move middleware normalization out of core (b2ce1af)
  • Avoid anonymous functions (e4bb27a)

📖 Documentation

  • Correct H3 API usage (#1206)
  • Fix description of handleCors's return value (#1167)

🌊 Types

  • Export websocket related types (#1202)

🏡 Chore

  • Import ProxyOptions separately (#1199)
  • Fix typo in docs (#1201)
  • examples: Fix typo (#1205)

❤️ Contributors