Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency vapor/vapor to from: "4.106.2" #378

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency vapor/vapor to from: "4.106.2" #378

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 20, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
vapor/vapor minor from: "4.102.1" -> from: "4.106.2"

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

vapor/vapor (vapor/vapor)

v4.106.2: - fix HTTPMethod.RAW(value: String) string representation

Compare Source

What's Changed

fix HTTPMethod.RAW(value: String) string representation by @​RandomHashTags in #​3249

Should fix #​3248

New Contributor

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.106.1...4.106.2

v4.106.1: - Omit ACAO header instead of empty value

Compare Source

What's Changed

Omit ACAO header instead of empty value by @​grahamburgsma in #​3243

For context, Vapor currently sends an empty Access-Control-Allow-Origin (ACAO) header when the origin does not match or is set to none.

We recently had a pentest done against our Vapor server and the tester reported the following regarding the empty ACAO header:

When the header is empty, browsers might reject the request without detailed error messages, making it harder for developers to debug or even realize there is a problem. This lack of transparency can lead to extended periods of vulnerability before the issue is discovered.

Looking at some other sources as well, an empty header doesn’t appear to be a valid value and so could result in unexpected behaviour.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#the_http_response_headers
https://fetch.spec.whatwg.org/#http-access-control-allow-origin

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.106.0...4.106.1

v4.106.0: - Drop Support for Swift 5.8

Compare Source

What's Changed

Drop Support for Swift 5.8 by @​0xTim in #​3240

  • Removes support for Swift 5.8, making 5.9 the lowest supported version
  • Updates Swift Crypto dependency to accept 4.0.0 that is about to land
  • Fixes up some warnings in Swift 6
  • Removes code paths from old Swift versions
This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.105.2...4.106.0

v4.105.2: - Raise error when the data expected an array but not parsed as array

Compare Source

What's Changed

Raise error when the data expected an array but not parsed as array by @​sidepelican in #​3222

URLEncodedFormDecoder fails silently without throwing an error when attempting to decode data in the following pattern: array[0]=0&array[1]=1&array[3]=3. Now it is decoded as an empty array.
Typically, a decoder throws an error when data cannot be parsed as the expected structure, so I propose modifying the decoder to throw an error in this case as well.

Reviewers

Thanks to the reviewers for their help:

This patch was released by @​ptoffy

Full Changelog: vapor/vapor@4.105.1...4.105.2

v4.105.1: - Throw an error if unkeyed container is at end

Compare Source

What's Changed

Throw an error if unkeyed container is at end by @​supersonicbyte in #​3226

Throwing an error if the unkeyed container is at end while decoding query params fixes the crash mentioned with this issue:
vapor/vapor#3217

The error being thrown is DecodingError.valueNotFound and it’s matching the error thrown by JSONDecoder.

New Contributor

Reviewers

Thanks to the reviewers for their help:

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.105.0...4.105.1

v4.105.0: - Support Swift 6

Compare Source

What's Changed

Support Swift 6 by @​0xTim in #​3225

  • Drop support for Swift 5.7
  • Fix warnings in Vapor with latest Swift 6 changes
  • Fix tests on Linux nightlies

Reviewers

Thanks to the reviewers for their help:

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.104.0...4.105.0

v4.104.0: - Conditional Content Response Compression

Compare Source

What's Changed

Conditional Content Response Compression by @​dimitribouniol in #​3215

Added support for conditionally compressing responses based on content type or marker headers. This is necessary because some resource types, such as images, don’t compress much, and end up maxing out CPU time on the thread and sometimes block the entire channel while they compress. This results in pipelined resources taking a long time to load even on fast connections.

This change comes with three knobs to control this:

  • A global disabled/enabled by default state for the entire server.
  • Allow and disallow lists of content types for automatic configurations.
  • A marker header for explicitly configuring certain requests or routes to compress or not.

Notably, since the response compression handler now takes a predicate, it is always installed, and the predicate statelessly determines if a response should be compressed based on the server configuration:

  • If a response compression configuration was never set, this continues to be a no-op and no compression will occur, though routes can now explicitly enable it as needed.
This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.103.2...4.104.0

v4.103.2: - Use Configured JSONEncoder in ErrorMiddleware

Compare Source

What's Changed

Use Configured JSONEncoder in ErrorMiddleware by @​0xTim in #​3224

Use the prescribed content encoder for the body of ErrorMiddleware instead of a contained JSONEncoder that can’t be overridden.

You can set the encoder with

ContentConfiguration.global.use(encoder: myCustomEncoder, for: .json)

Resolves #​3218

Reviewers

Thanks to the reviewers for their help:

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.103.1...4.103.2

v4.103.1: - fix: support capital letters in the domain part of email validation

Compare Source

What's Changed

fix: support capital letters in the domain part of email validation by @​Austinpayne in #​3211

Fixes #​2889

New Contributor

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.103.0...4.103.1

v4.103.0: - HTTPHeaders.LastModified Public Initializer

Compare Source

What's Changed

HTTPHeaders.LastModified Public Initializer by @​dimitribouniol in #​3216

Added a public initializer for HTTPHeaders.LastModified, and updated the value property to be readwrite, which would prevent needing to roll your own formatter and header access in application code.

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.102.1...4.103.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (rebase) August 20, 2024 13:15
@renovate renovate bot force-pushed the renovate/vapor-vapor-4.x branch from 415c2be to 60fed4b Compare August 20, 2024 16:51
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.103.0" Update dependency vapor/vapor to from: "4.103.1" Aug 20, 2024
@renovate renovate bot force-pushed the renovate/vapor-vapor-4.x branch from 60fed4b to 0a12c00 Compare August 22, 2024 10:52
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.103.1" Update dependency vapor/vapor to from: "4.103.2" Aug 22, 2024
@renovate renovate bot force-pushed the renovate/vapor-vapor-4.x branch from 0a12c00 to a196c42 Compare August 22, 2024 17:25
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.103.2" Update dependency vapor/vapor to from: "4.104.0" Aug 22, 2024
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.104.0" Update dependency vapor/vapor to from: "4.105.0" Sep 3, 2024
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.105.0" Update dependency vapor/vapor to from: "4.105.1" Sep 8, 2024
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.105.1" Update dependency vapor/vapor to from: "4.105.2" Sep 8, 2024
@renovate renovate bot force-pushed the renovate/vapor-vapor-4.x branch from b385fc2 to c64d010 Compare October 5, 2024 01:36
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.105.2" Update dependency vapor/vapor to from: "4.106.0" Oct 5, 2024
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.106.0" Update dependency vapor/vapor to from: "4.106.1" Oct 24, 2024
@renovate renovate bot changed the title Update dependency vapor/vapor to from: "4.106.1" Update dependency vapor/vapor to from: "4.106.2" Nov 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants