v1.0.2

Patches

• (sirv-cli) Print --host hint when not in use (#70, #71): ec5febc
  Thank you @mhkeller~!
  
  A lot of users are/were unaware that sirv-cli was capable of setting up a network endpoint for your server. The option always existed in the help text's list of options, but it can be easy for things to hide in plain sight! So now the CLI will always show a "Network:" field (to show that it's at least possible) and either the server address if there is one or a short clue about the --host flag.

Chores

• (docs) Add mention of mkcert for alternative SSL certificate generation (#68): 9eea208
  Thank you @longrunningprocess~!

v1.0.1

Patches

• (sirv) Set "br" for content-encoding header value (#65): fa4f7db, 7205446
  Thank you @DaGhostman~!

Chores

• (sirv) Add additional dotfiles tests: d01fe72
• Update badges: 8785b42

v1.0.0

Breaking

Both sirv and sirv-cli now require at least Node v10.x to function (19061be).
This is the oldest LTS version of Node.js that's still possesses the "ACTIVE" label.

Features

• (sirv-cli) Added HTTP/2 support (#2, #64): 36ba734, 8c92751

• (sirv-cli) Added --gzip and --brotli flags (#3)

• (sirv-cli) Allow --single to accept custom fallback: fd55eca

• (sirv-cli) Added --ignores option to escape single: 918102e

• (sirv) Added TypeScript definitions (#61): 05058a2

• (sirv) Support If-None-Match/ETag matching (#56, #46)

• (sirv) Added single option, with customizable fallback: f13fbb8, fd55eca

• (sirv) Allow serving of precompiled gzip and/or brotli files: 3d34763

• (sirv): Ships separate "module" (ESM) and "main" (CJS) entries: 9754302

Patches

• (sirv) Prevent server crash with malformed URLs (#54): 1757b26
• (sirv) Allow dotfiles option in "dev" mode (#51)
• (sirv) Allow requests to /.well-known/* files (#50): 0a04d66
• (sirv) Force Cache-Control: no-store value for "dev" mode (#45): 604f926
• (sirv) Respect any previous Content-Type on response (#38): c08ac50, 5ef168f
• (sirv) Ignore deeply-nested dotfiles (default): 84d4f33

Chores

• (sirv) Refactor: Consolidate "dev" & "prod" handlers: f1bcc43
• (sirv): Refactor: Extract list utility into totalist: 535b2c2
• Update benchmarks, include directly: a346382
• Update documentation: 8e9cb49
• Add multiple test suites for 99% code coverage: cbe0a47, 461b8de, 5953004, 07c65ac, 3cfb51e, 4608c92, b3b89cb, f6b1e72, 5f583e5, bdfc9b0, 3009ae0, 5d555d2

v0.4.6

NOTICE
This version patches a directory-traversal security vulnerability that exists in dev mode only. All users should update immediately, even if they don't think they're using --dev or opts.dev on live servers. There are no other changes in this release.

Patches

• Fixes dev mode security vulnerability (#63): 1e0bac5
  Thank you @marvinhagemeister~!

  As Marvin describes:

  This allows an attacker to traverse the file system outside of the specified directory.

  Let's say sirv was initialized to serve files from /foo/bar:

  sirv("/foo/bar");

  ...and an attacker makes a request to:

  GET /../../etc/passwd
  

  ...then they are able to download the contents of that file.

Chores

• Attach GitHub Actions: ea15d6a

• Update test runner: 2b965cd

• Update lerna version: 0b6de8d

v0.4.4

Patches

• (sirv-cli): Hide network address on non-localhost hostnames: aeb4d72
  Passing --host without a value is an alias for --host 0.0.0.0
  It will be displayed if --host flag is defined

• (sirv-cli): Correct --single 404 handler (#30): 3d27ed1

v0.4.3

Patches

• (sirv-cli): Add missing --host flag to change hostname (#29): 210302e

• (sirv-cli): Add missing support for PORT and HOST environment variables: 04ea942

  $ PORT=3000 sirv public
  $ HOST=0.0.0.0 sirv public
  $ sirv public --host 10.0.0.1

Chores

• Add --dev flag to README docs (#28): 11cc39a
  Thank you @paulocoghi

v0.4.2

Patches

• Immediately fix regression for --single flag in "dev" mode: c73fd13

v0.4.1

Patches

• (sirv): Handle files without an extension correctly (#26): b2e1baf
  Wrongly assumed all extensionless files were pathnames meant to be expanded.

• (sirv): Call return from for-loop directly: c39f0e4

v0.4.0

Breaking

• (sirv) Change opts.onNoMatch from (res) to (req, res): abe9d69
  Allowing the callback to consume the original request & response is more expected and flexible.

Patches

• Fix(sirv-cli) Maintain Range/partial requests during --dev mode: abe9d69
  By sending an empty object, the original request's headers were all lost.

v0.3.2

Patches

• Fix(sirv-cli) Ensure req.headers exists during --single mode (#23): 1f515fe
  Thank you @bryanwood!