From 8ac6299da4fd36dc72c6cf710d4856e491b32fa6 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 14 Jun 2019 20:04:11 -0400 Subject: [PATCH 01/95] build: support Node.js 12.x --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 2be67792..af0d0c3b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ node_js: - "9.11" - "10.15" - "11.10" + - "12.4" sudo: false cache: directories: From b708f605b3f3400816c92cea8ab789401fa8c976 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 15 Jun 2019 01:05:10 -0400 Subject: [PATCH 02/95] build: Node.js@10.16 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index af0d0c3b..537c07a5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,7 @@ node_js: - "7.10" - "8.15" - "9.11" - - "10.15" + - "10.16" - "11.10" - "12.4" sudo: false From b84aee0f59dc41655cd41011eedae51e7e5b8294 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 16 Jun 2019 20:04:17 -0400 Subject: [PATCH 03/95] build: eslint-plugin-import@2.17.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7358c8fb..55a3bd16 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "5.15.1", "eslint-config-standard": "12.0.0", - "eslint-plugin-import": "2.16.0", + "eslint-plugin-import": "2.17.3", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "7.0.1", "eslint-plugin-promise": "4.0.1", From 6e843dfb88bc9005961cebaf44d6e543b4f6b9d6 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 19 Jun 2019 21:42:14 -0400 Subject: [PATCH 04/95] build: Node.js@11.15 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 537c07a5..7c62470a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ node_js: - "8.15" - "9.11" - "10.16" - - "11.10" + - "11.15" - "12.4" sudo: false cache: From 6e82e369cbd823fc63372bcff87571e23322ac9d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 1 Jul 2019 23:54:28 -0400 Subject: [PATCH 05/95] build: eslint-plugin-promise@4.2.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 55a3bd16..b19f8a09 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "eslint-plugin-import": "2.17.3", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "7.0.1", - "eslint-plugin-promise": "4.0.1", + "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", "mocha": "6.0.2", From 167e0191a0f0eb35bdb7778c0a4c59c5775e12f8 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 1 Jul 2019 23:58:22 -0400 Subject: [PATCH 06/95] build: mocha@6.1.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b19f8a09..32b25b84 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", - "mocha": "6.0.2", + "mocha": "6.1.4", "supertest": "4.0.0" }, "files": [ From 1ba1e3909af5e70925ff2d3c9c771fd16c3cd669 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 2 Jul 2019 00:23:29 -0400 Subject: [PATCH 07/95] build: Node.js@8.16 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7c62470a..35e0cfab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ node_js: - "5.12" - "6.16" - "7.10" - - "8.15" + - "8.16" - "9.11" - "10.16" - "11.15" From 7a1f787a2de5ecfeeef8d25194b435711371dd74 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 2 Jul 2019 00:27:36 -0400 Subject: [PATCH 08/95] build: eslint@5.16.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 32b25b84..a97c7dc6 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "5.15.1", + "eslint": "5.16.0", "eslint-config-standard": "12.0.0", "eslint-plugin-import": "2.17.3", "eslint-plugin-markdown": "1.0.0", From d2c6b684538a10bca60c473c94f8ecf61a27d407 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 2 Jul 2019 00:29:05 -0400 Subject: [PATCH 09/95] build: Node.js@6.17 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 35e0cfab..4bd2d191 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ node_js: - "3.3" - "4.9" - "5.12" - - "6.16" + - "6.17" - "7.10" - "8.16" - "9.11" From 65657e31635818ab03d66a4858d77b53889c67e6 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 7 Jul 2019 23:42:48 -0400 Subject: [PATCH 10/95] deps: safe-buffer@5.2.0 --- HISTORY.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index c3e4b92f..27861898 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,8 @@ +unreleased +========== + + * deps: safe-buffer@5.2.0 + 1.7.4 / 2019-03-18 ================== diff --git a/package.json b/package.json index a97c7dc6..801f6f12 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "compressible": "~2.0.16", "debug": "2.6.9", "on-headers": "~1.0.2", - "safe-buffer": "5.1.2", + "safe-buffer": "5.2.0", "vary": "~1.1.2" }, "devDependencies": { From cb724882cb038c53d7a831397f9f3a99eb4f0cfd Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 7 Jul 2019 23:48:05 -0400 Subject: [PATCH 11/95] deps: compressible@~2.0.17 --- HISTORY.md | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 27861898..dbf2f9ac 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,8 @@ unreleased ========== + * deps: compressible@~2.0.17 + - deps: mime-db@'>= 1.40.0 < 2' * deps: safe-buffer@5.2.0 1.7.4 / 2019-03-18 diff --git a/package.json b/package.json index 801f6f12..df0ecb69 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "dependencies": { "accepts": "~1.3.5", "bytes": "3.0.0", - "compressible": "~2.0.16", + "compressible": "~2.0.17", "debug": "2.6.9", "on-headers": "~1.0.2", "safe-buffer": "5.2.0", From d112c3af436597ccf6fa22b9222f12daa443115e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 8 Jul 2019 00:21:09 -0400 Subject: [PATCH 12/95] build: eslint-plugin-import@2.18.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index df0ecb69..ad9f5f87 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "5.16.0", "eslint-config-standard": "12.0.0", - "eslint-plugin-import": "2.17.3", + "eslint-plugin-import": "2.18.0", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "7.0.1", "eslint-plugin-promise": "4.2.1", From b9c4a15c6f00c35027716505bb219dd86ce8812e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 8 Jul 2019 00:29:03 -0400 Subject: [PATCH 13/95] build: Node.js@12.6 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4bd2d191..0276895d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ node_js: - "9.11" - "10.16" - "11.15" - - "12.4" + - "12.6" sudo: false cache: directories: From 31acb81dc4a059694d4e8c619b682f8de5425764 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 14 Jul 2019 20:18:39 -0400 Subject: [PATCH 14/95] tests: remove deprecated APIs from tests --- package.json | 2 +- test/compression.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index ad9f5f87..11c70450 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "eslint-config-standard": "12.0.0", "eslint-plugin-import": "2.18.0", "eslint-plugin-markdown": "1.0.0", - "eslint-plugin-node": "7.0.1", + "eslint-plugin-node": "8.0.1", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", diff --git a/test/compression.js b/test/compression.js index 5c5ed080..6975ea0b 100644 --- a/test/compression.js +++ b/test/compression.js @@ -174,7 +174,7 @@ describe('compression()', function () { pressure() }) - crypto.pseudoRandomBytes(1024 * 128, function (err, chunk) { + crypto.randomBytes(1024 * 128, function (err, chunk) { if (err) return done(err) buf = chunk pressure() @@ -231,7 +231,7 @@ describe('compression()', function () { pressure() }) - crypto.pseudoRandomBytes(1024 * 128, function (err, chunk) { + crypto.randomBytes(1024 * 128, function (err, chunk) { if (err) return done(err) buf = chunk pressure() From 512f8a66967de276a677ca03a038fbbdd5c2a7eb Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 16 Jul 2019 00:47:51 -0400 Subject: [PATCH 15/95] build: supertest@4.0.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 11c70450..1d78d3e5 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", "mocha": "6.1.4", - "supertest": "4.0.0" + "supertest": "4.0.2" }, "files": [ "LICENSE", From 34f0080e6c033b8df6a9df1b3af537206627cb85 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 22 Jul 2019 19:17:31 -0400 Subject: [PATCH 16/95] build: eslint-plugin-import@2.18.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1d78d3e5..4a9136de 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "5.16.0", "eslint-config-standard": "12.0.0", - "eslint-plugin-import": "2.18.0", + "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "8.0.1", "eslint-plugin-promise": "4.2.1", From 78385706c826bae4f4fae4c4ce5540383329b61a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 22 Jul 2019 19:21:19 -0400 Subject: [PATCH 17/95] lint: apply standard 13 style --- .travis.yml | 2 +- package.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0276895d..92f14169 100644 --- a/.travis.yml +++ b/.travis.yml @@ -63,7 +63,7 @@ before_install: fi - | # Configure eslint for linting - if node_version_lt '6.0'; then npm_remove_module_re '^eslint(-|$)' + if node_version_lt '8.0'; then npm_remove_module_re '^eslint(-|$)' fi - | # Configure mocha for testing diff --git a/package.json b/package.json index 4a9136de..525b7035 100644 --- a/package.json +++ b/package.json @@ -19,8 +19,8 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "5.16.0", - "eslint-config-standard": "12.0.0", + "eslint": "6.1.0", + "eslint-config-standard": "13.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "8.0.1", From 3603331a95e6a3c72441ef7b25b670c8feac0a00 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 23 Jul 2019 01:03:04 -0400 Subject: [PATCH 18/95] build: mocha@6.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 525b7035..b957c7a7 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", - "mocha": "6.1.4", + "mocha": "6.2.0", "supertest": "4.0.2" }, "files": [ From d94a147ac4b718b7394a975ae2ddc7ed0917bd51 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 24 Jul 2019 01:32:21 -0400 Subject: [PATCH 19/95] build: eslint-plugin-node@9.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b957c7a7..87c83226 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "eslint-config-standard": "13.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", - "eslint-plugin-node": "8.0.1", + "eslint-plugin-node": "9.1.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", From 659fce44c90cf1a741169765d0ee339e62dadc3d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 28 Jul 2019 20:04:31 -0400 Subject: [PATCH 20/95] build: Node.js@12.7 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 92f14169..88cbf666 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ node_js: - "9.11" - "10.16" - "11.15" - - "12.6" + - "12.7" sudo: false cache: directories: From 3b59578b8829f8f5e0d006c6f0d68526a294bc5a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 28 Jul 2019 20:12:57 -0400 Subject: [PATCH 21/95] deps: accepts@~1.3.7 --- HISTORY.md | 4 ++++ package.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index dbf2f9ac..95703928 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,10 @@ unreleased ========== + * deps: accepts@~1.3.7 + - Fix sorting encoding with extra parameters + - deps: mime-types@~2.1.24 + - deps: negotiator@0.6.2 * deps: compressible@~2.0.17 - deps: mime-db@'>= 1.40.0 < 2' * deps: safe-buffer@5.2.0 diff --git a/package.json b/package.json index 87c83226..4867ffba 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "license": "MIT", "repository": "expressjs/compression", "dependencies": { - "accepts": "~1.3.5", + "accepts": "~1.3.7", "bytes": "3.0.0", "compressible": "~2.0.17", "debug": "2.6.9", From c39f85866f7d75f2b14beab0575535ac2271204d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 21 Aug 2019 21:09:45 -0400 Subject: [PATCH 22/95] build: eslint@6.2.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4867ffba..c261d3cb 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "6.1.0", + "eslint": "6.2.1", "eslint-config-standard": "13.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", From 0072450ee04c271e143da6f9a5287cdadf1e5133 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 21 Aug 2019 21:11:14 -0400 Subject: [PATCH 23/95] build: eslint-plugin-standard@4.0.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c261d3cb..fa0bb748 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "9.1.0", "eslint-plugin-promise": "4.2.1", - "eslint-plugin-standard": "4.0.0", + "eslint-plugin-standard": "4.0.1", "istanbul": "0.4.5", "mocha": "6.2.0", "supertest": "4.0.2" From 9d411dcf57b7252c2b5578a1aad2964f9288341b Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 21 Aug 2019 21:15:05 -0400 Subject: [PATCH 24/95] lint: apply standard 14 style --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fa0bb748..05008e0e 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "devDependencies": { "after": "0.8.2", "eslint": "6.2.1", - "eslint-config-standard": "13.0.1", + "eslint-config-standard": "14.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "9.1.0", From 0746937e768824e24785c56fb5b8f9c3e850c8d7 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 31 Aug 2019 22:42:58 -0400 Subject: [PATCH 25/95] build: eslint-plugin-node@9.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 05008e0e..21389e26 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "eslint-config-standard": "14.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", - "eslint-plugin-node": "9.1.0", + "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", "istanbul": "0.4.5", From 4aac0e8fa3fe7a5da969b5515bcca833a5ecfa8c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 3 Sep 2019 20:04:55 -0400 Subject: [PATCH 26/95] build: Node.js@12.9 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 88cbf666..c1879065 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ node_js: - "9.11" - "10.16" - "11.15" - - "12.7" + - "12.9" sudo: false cache: directories: From 3fea81d0eaed1eb872bf3e0405f20d9e175ab2cf Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 4 Sep 2019 21:22:38 -0400 Subject: [PATCH 27/95] build: eslint@6.3.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 21389e26..30f8422c 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "6.2.1", + "eslint": "6.3.0", "eslint-config-standard": "14.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", From 9712f0cc0e51452fa1c45f107020485aa2686136 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 8 Dec 2021 20:31:33 -0500 Subject: [PATCH 28/95] build: use GitHub Actions instead of Travis CI --- .github/workflows/ci.yml | 163 +++++++++++++++++++++++++++++++++++++++ .travis.yml | 107 ------------------------- README.md | 6 +- package.json | 4 +- 4 files changed, 168 insertions(+), 112 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..063025e7 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,163 @@ +name: ci + +on: +- pull_request +- push + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + name: + - Node.js 0.8 + - Node.js 0.10 + - Node.js 0.12 + - io.js 1.x + - io.js 2.x + - io.js 3.x + - Node.js 4.x + - Node.js 5.x + - Node.js 6.x + - Node.js 7.x + - Node.js 8.x + - Node.js 9.x + - Node.js 10.x + - Node.js 11.x + - Node.js 12.x + + include: + - name: Node.js 0.8 + node-version: "0.8" + npm-i: mocha@2.5.3 supertest@1.1.0 + npm-rm: istanbul + + - name: Node.js 0.10 + node-version: "0.10" + npm-i: mocha@3.5.3 supertest@2.0.0 + + - name: Node.js 0.12 + node-version: "0.12" + npm-i: mocha@3.5.3 supertest@2.0.0 + + - name: io.js 1.x + node-version: "1.8" + npm-i: mocha@3.5.3 supertest@2.0.0 + + - name: io.js 2.x + node-version: "2.5" + npm-i: mocha@3.5.3 supertest@2.0.0 + + - name: io.js 3.x + node-version: "3.3" + npm-i: mocha@3.5.3 supertest@2.0.0 + + - name: Node.js 4.x + node-version: "4.9" + npm-i: mocha@5.2.0 supertest@3.4.2 + + - name: Node.js 5.x + node-version: "5.12" + npm-i: mocha@5.2.0 supertest@3.4.2 + + - name: Node.js 6.x + node-version: "6.17" + + - name: Node.js 7.x + node-version: "7.10" + + - name: Node.js 8.x + node-version: "8.16" + + - name: Node.js 9.x + node-version: "9.11" + + - name: Node.js 10.x + node-version: "10.16" + + - name: Node.js 11.x + node-version: "11.15" + + - name: Node.js 12.x + node-version: "12.9" + + steps: + - uses: actions/checkout@v2 + + - name: Install Node.js ${{ matrix.node-version }} + shell: bash -eo pipefail -l {0} + run: | + nvm install --default ${{ matrix.node-version }} + if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then + nvm install --alias=npm 0.10 + nvm use ${{ matrix.node-version }} + sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" + npm config set strict-ssl false + fi + dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" + + - name: Configure npm + run: npm config set shrinkwrap false + + - name: Remove npm module(s) ${{ matrix.npm-rm }} + run: npm rm --silent --save-dev ${{ matrix.npm-rm }} + if: matrix.npm-rm != '' + + - name: Install npm module(s) ${{ matrix.npm-i }} + run: npm install --save-dev ${{ matrix.npm-i }} + if: matrix.npm-i != '' + + - name: Setup Node.js version-specific dependencies + shell: bash + run: | + # eslint for linting + # - remove on Node.js < 8 + if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then + node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ + grep -E '^eslint(-|$)' | \ + sort -r | \ + xargs -n1 npm rm --silent --save-dev + fi + + - name: Install Node.js dependencies + run: npm install + + - name: List environment + id: list_env + shell: bash + run: | + echo "node@$(node -v)" + echo "npm@$(npm -v)" + npm -s ls ||: + (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print "::set-output name=" $2 "::" $3 }' + + - name: Run tests + shell: bash + run: | + if npm -ps ls istanbul | grep -q istanbul; then + npm run test-ci + else + npm test + fi + + - name: Lint code + if: steps.list_env.outputs.eslint != '' + run: npm run lint + + - name: Collect code coverage + uses: coverallsapp/github-action@master + if: steps.list_env.outputs.istanbul != '' + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + flag-name: run-${{ matrix.test_number }} + parallel: true + + coverage: + needs: test + runs-on: ubuntu-latest + steps: + - name: Uploade code coverage + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.github_token }} + parallel-finished: true diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index c1879065..00000000 --- a/.travis.yml +++ /dev/null @@ -1,107 +0,0 @@ -language: node_js -node_js: - - "0.8" - - "0.10" - - "0.12" - - "1.8" - - "2.5" - - "3.3" - - "4.9" - - "5.12" - - "6.17" - - "7.10" - - "8.16" - - "9.11" - - "10.16" - - "11.15" - - "12.9" -sudo: false -cache: - directories: - - node_modules -before_install: - - | - # Setup utility functions - function node_version_lt () { - [[ "$(v "$TRAVIS_NODE_VERSION")" -lt "$(v "${1}")" ]] - } - function npm_module_installed () { - npm -lsp ls | grep -Fq "$(pwd)/node_modules/${1}:${1}@" - } - function npm_remove_module_re () { - node -e ' - fs = require("fs"); - p = JSON.parse(fs.readFileSync("package.json", "utf8")); - r = RegExp(process.argv[1]); - for (k in p.devDependencies) { - if (r.test(k)) delete p.devDependencies[k]; - } - fs.writeFileSync("package.json", JSON.stringify(p, null, 2) + "\n"); - ' "$@" - } - function npm_use_module () { - node -e ' - fs = require("fs"); - p = JSON.parse(fs.readFileSync("package.json", "utf8")); - p.devDependencies[process.argv[1]] = process.argv[2]; - fs.writeFileSync("package.json", JSON.stringify(p, null, 2) + "\n"); - ' "$@" - } - function v () { - tr '.' '\n' <<< "${1}" \ - | awk '{ printf "%03d", $0 }' \ - | sed 's/^0*//' - } - # Configure npm - - | - # Skip updating shrinkwrap / lock - npm config set shrinkwrap false - # Setup Node.js version-specific dependencies - - | - # Configure istanbul for coverage - if node_version_lt '0.10'; then npm_remove_module_re '^istanbul$' - fi - - | - # Configure eslint for linting - if node_version_lt '8.0'; then npm_remove_module_re '^eslint(-|$)' - fi - - | - # Configure mocha for testing - if node_version_lt '0.10'; then npm_use_module 'mocha' '2.5.3' - elif node_version_lt '4.0' ; then npm_use_module 'mocha' '3.5.3' - elif node_version_lt '6.0' ; then npm_use_module 'mocha' '5.2.0' - fi - - | - # Configure supertest for http calls - if node_version_lt '0.10'; then npm_use_module 'supertest' '1.1.0' - elif node_version_lt '4.0' ; then npm_use_module 'supertest' '2.0.0' - elif node_version_lt '6.0' ; then npm_use_module 'supertest' '3.4.2' - fi - # Update Node.js modules - - | - # Prune & rebuild node_modules - if [[ -d node_modules ]]; then - npm prune - npm rebuild - fi -before_scrpt: - - | - # Contents of node_modules - npm -s ls ||: -script: - - | - # Run test script, depending on istanbul install - if npm_module_installed 'istanbul'; then npm run-script test-travis - else npm test - fi - - | - # Run linting, if eslint exists - if npm_module_installed 'eslint'; then npm run-script lint - fi -after_script: - - | - # Upload coverage to coveralls if exists - if [[ -e ./coverage/lcov.info ]]; then - npm install --save-dev coveralls@2 - coveralls < ./coverage/lcov.info - fi diff --git a/README.md b/README.md index 680ece87..7243307f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] -[![Build Status][travis-image]][travis-url] +[![Build Status][github-actions-ci-image]][github-actions-ci-url] [![Test Coverage][coveralls-image]][coveralls-url] Node.js compression middleware. @@ -232,9 +232,9 @@ app.get('/events', function (req, res) { [npm-image]: https://img.shields.io/npm/v/compression.svg [npm-url]: https://npmjs.org/package/compression -[travis-image]: https://img.shields.io/travis/expressjs/compression/master.svg -[travis-url]: https://travis-ci.org/expressjs/compression [coveralls-image]: https://img.shields.io/coveralls/expressjs/compression/master.svg [coveralls-url]: https://coveralls.io/r/expressjs/compression?branch=master [downloads-image]: https://img.shields.io/npm/dm/compression.svg [downloads-url]: https://npmjs.org/package/compression +[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/compression/master?label=ci +[github-actions-ci-url]: https://github.com/expressjs/compression/actions?query=workflow%3Aci diff --git a/package.json b/package.json index 30f8422c..1fcfa0fa 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "scripts": { "lint": "eslint --plugin markdown --ext js,md .", "test": "mocha --check-leaks --reporter spec --bail", - "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot", - "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec" + "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec", + "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot" } } From f31e8eb5f46999eea77148351935c5573a7e3a66 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 8 Dec 2021 20:38:48 -0500 Subject: [PATCH 29/95] build: Node.js@12.22 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 063025e7..c8b64408 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: node-version: "11.15" - name: Node.js 12.x - node-version: "12.9" + node-version: "12.22" steps: - uses: actions/checkout@v2 From 9866cb0f9761ff095b2cc247dfd771d7d7763a42 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 8 Dec 2021 20:42:00 -0500 Subject: [PATCH 30/95] build: support Node.js 13.x --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8b64408..c6fa1e22 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,7 @@ jobs: - Node.js 10.x - Node.js 11.x - Node.js 12.x + - Node.js 13.x include: - name: Node.js 0.8 @@ -81,6 +82,9 @@ jobs: - name: Node.js 12.x node-version: "12.22" + - name: Node.js 13.x + node-version: "13.13" + steps: - uses: actions/checkout@v2 From c83361e2efee497c7badcaaf81dc3cc2671fb665 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 9 Dec 2021 02:11:00 -0500 Subject: [PATCH 31/95] build: support Node.js 14.x --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6fa1e22..9f7f0edd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,6 +26,7 @@ jobs: - Node.js 11.x - Node.js 12.x - Node.js 13.x + - Node.js 14.x include: - name: Node.js 0.8 @@ -85,6 +86,9 @@ jobs: - name: Node.js 13.x node-version: "13.13" + - name: Node.js 14.x + node-version: "14.18" + steps: - uses: actions/checkout@v2 From 8730bcef4d88958b408455ee10758cf8f17ace13 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 9 Dec 2021 02:16:31 -0500 Subject: [PATCH 32/95] build: eslint@6.8.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1fcfa0fa..860241d6 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "6.3.0", + "eslint": "6.8.0", "eslint-config-standard": "14.0.1", "eslint-plugin-import": "2.18.2", "eslint-plugin-markdown": "1.0.0", From 8bc01305c0fff5c75d2fe8c29ade8ef585492290 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 9 Dec 2021 02:17:17 -0500 Subject: [PATCH 33/95] build: mocha@6.2.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 860241d6..2be7f8ae 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", "istanbul": "0.4.5", - "mocha": "6.2.0", + "mocha": "6.2.3", "supertest": "4.0.2" }, "files": [ From 929ccbc6337996825e22a61cf95916db0fa5ae6e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 12 Dec 2021 23:08:45 -0500 Subject: [PATCH 34/95] deps: safe-buffer@5.2.1 --- HISTORY.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 95703928..ce5ae905 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -7,7 +7,7 @@ unreleased - deps: negotiator@0.6.2 * deps: compressible@~2.0.17 - deps: mime-db@'>= 1.40.0 < 2' - * deps: safe-buffer@5.2.0 + * deps: safe-buffer@5.2.1 1.7.4 / 2019-03-18 ================== diff --git a/package.json b/package.json index 2be7f8ae..8aa26deb 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "compressible": "~2.0.17", "debug": "2.6.9", "on-headers": "~1.0.2", - "safe-buffer": "5.2.0", + "safe-buffer": "5.2.1", "vary": "~1.1.2" }, "devDependencies": { From ae948202f80f8875a23d7fcb6b2a6a3eed340c2f Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 12 Dec 2021 23:11:36 -0500 Subject: [PATCH 35/95] build: support Node.js 15.x --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f7f0edd..a70a1bb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,7 @@ jobs: - Node.js 12.x - Node.js 13.x - Node.js 14.x + - Node.js 15.x include: - name: Node.js 0.8 @@ -89,6 +90,9 @@ jobs: - name: Node.js 14.x node-version: "14.18" + - name: Node.js 14.x + node-version: "15.14" + steps: - uses: actions/checkout@v2 From 69dc4895b58d15a14e1b7fe71a4c1da1eda80108 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 26 Dec 2021 17:50:23 -0500 Subject: [PATCH 36/95] build: eslint-plugin-import@2.25.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8aa26deb..40a7dfce 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "6.8.0", "eslint-config-standard": "14.0.1", - "eslint-plugin-import": "2.18.2", + "eslint-plugin-import": "2.25.3", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", From c97cb775d436ef054a5f6d52c91a24afbdd689ac Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 26 Dec 2021 17:52:39 -0500 Subject: [PATCH 37/95] build: eslint@7.32.0 --- .github/workflows/ci.yml | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a70a1bb6..fecd9317 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,7 +123,7 @@ jobs: shell: bash run: | # eslint for linting - # - remove on Node.js < 8 + # - remove on Node.js < 10 if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ grep -E '^eslint(-|$)' | \ diff --git a/package.json b/package.json index 40a7dfce..ef7d10a1 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "devDependencies": { "after": "0.8.2", - "eslint": "6.8.0", + "eslint": "7.32.0", "eslint-config-standard": "14.0.1", "eslint-plugin-import": "2.25.3", "eslint-plugin-markdown": "1.0.0", From 592936d006814e527debfe4aff202ced04c34c8d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 26 Dec 2021 17:55:49 -0500 Subject: [PATCH 38/95] build: eslint-config-standard@14.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ef7d10a1..9e316c66 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "devDependencies": { "after": "0.8.2", "eslint": "7.32.0", - "eslint-config-standard": "14.0.1", + "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.25.3", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "9.2.0", From b5398f0d4ddf7d3983fc15de01b2c1987897ebb2 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 8 Jan 2022 20:37:03 -0500 Subject: [PATCH 39/95] build: support Node.js 16.x --- .github/workflows/ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fecd9317..07e7b7c0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,6 +28,7 @@ jobs: - Node.js 13.x - Node.js 14.x - Node.js 15.x + - Node.js 16.x include: - name: Node.js 0.8 @@ -90,9 +91,12 @@ jobs: - name: Node.js 14.x node-version: "14.18" - - name: Node.js 14.x + - name: Node.js 15.x node-version: "15.14" + - name: Node.js 16.x + node-version: "16.13" + steps: - uses: actions/checkout@v2 From 020e3a55541c633959b22de224583d7f6d37d893 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 4 Mar 2022 22:40:51 -0500 Subject: [PATCH 40/95] build: ignore package-lock --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index df9af16b..84a48637 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ coverage node_modules npm-debug.log +package-lock.json From 22283946379dc8cca9cba70a402b544bf7322287 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 4 Mar 2022 22:58:42 -0500 Subject: [PATCH 41/95] build: use nyc for test coverage --- .github/workflows/ci.yml | 22 ++++++++++++---------- .gitignore | 1 + package.json | 6 +++--- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 07e7b7c0..07dd8928 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,41 +34,43 @@ jobs: - name: Node.js 0.8 node-version: "0.8" npm-i: mocha@2.5.3 supertest@1.1.0 - npm-rm: istanbul + npm-rm: nyc - name: Node.js 0.10 node-version: "0.10" - npm-i: mocha@3.5.3 supertest@2.0.0 + npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: Node.js 0.12 node-version: "0.12" - npm-i: mocha@3.5.3 supertest@2.0.0 + npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: io.js 1.x node-version: "1.8" - npm-i: mocha@3.5.3 supertest@2.0.0 + npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: io.js 2.x node-version: "2.5" - npm-i: mocha@3.5.3 supertest@2.0.0 + npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: io.js 3.x node-version: "3.3" - npm-i: mocha@3.5.3 supertest@2.0.0 + npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: Node.js 4.x node-version: "4.9" - npm-i: mocha@5.2.0 supertest@3.4.2 + npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - name: Node.js 5.x node-version: "5.12" - npm-i: mocha@5.2.0 supertest@3.4.2 + npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - name: Node.js 6.x node-version: "6.17" + npm-i: nyc@14.1.1 - name: Node.js 7.x node-version: "7.10" + npm-i: nyc@14.1.1 - name: Node.js 8.x node-version: "8.16" @@ -150,7 +152,7 @@ jobs: - name: Run tests shell: bash run: | - if npm -ps ls istanbul | grep -q istanbul; then + if npm -ps ls nyc | grep -q nyc; then npm run test-ci else npm test @@ -162,7 +164,7 @@ jobs: - name: Collect code coverage uses: coverallsapp/github-action@master - if: steps.list_env.outputs.istanbul != '' + if: steps.list_env.outputs.nyc != '' with: github-token: ${{ secrets.GITHUB_TOKEN }} flag-name: run-${{ matrix.test_number }} diff --git a/.gitignore b/.gitignore index 84a48637..32637d0e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.nyc_output/ coverage node_modules npm-debug.log diff --git a/package.json b/package.json index 9e316c66..35c331a5 100644 --- a/package.json +++ b/package.json @@ -26,8 +26,8 @@ "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", - "istanbul": "0.4.5", "mocha": "6.2.3", + "nyc": "15.1.0", "supertest": "4.0.2" }, "files": [ @@ -41,7 +41,7 @@ "scripts": { "lint": "eslint --plugin markdown --ext js,md .", "test": "mocha --check-leaks --reporter spec --bail", - "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec", - "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot" + "test-ci": "nyc --reporter=lcovonly --reporter=text npm test", + "test-cov": "nyc --reporter=html --reporter=text npm test" } } From 42f9acb8d43a41ba31ac3e3ba23c6fdcf85b63d6 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 9 Mar 2022 00:11:29 -0500 Subject: [PATCH 42/95] build: eslint-plugin-import@2.25.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 35c331a5..689a470a 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.25.3", + "eslint-plugin-import": "2.25.4", "eslint-plugin-markdown": "1.0.0", "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", From 88ba108ccebd131f336b7a0fa310f50bcc982992 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 9 Mar 2022 00:15:27 -0500 Subject: [PATCH 43/95] build: eslint-plugin-markdown@2.2.1 --- .eslintrc.yml | 9 ++++++++- README.md | 2 -- package.json | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.eslintrc.yml b/.eslintrc.yml index 1eece14a..cf3015fb 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -1,2 +1,9 @@ root: true -extends: standard +extends: + - standard + - plugin:markdown/recommended +plugins: + - markdown +overrides: + - files: '**/*.md' + processor: 'markdown/markdown' diff --git a/README.md b/README.md index 7243307f..eb4d8878 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,6 @@ $ npm install compression ## API - - ```js var compression = require('compression') ``` diff --git a/package.json b/package.json index 689a470a..b85964a3 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "eslint": "7.32.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.25.4", - "eslint-plugin-markdown": "1.0.0", + "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", @@ -39,7 +39,7 @@ "node": ">= 0.8.0" }, "scripts": { - "lint": "eslint --plugin markdown --ext js,md .", + "lint": "eslint .", "test": "mocha --check-leaks --reporter spec --bail", "test-ci": "nyc --reporter=lcovonly --reporter=text npm test", "test-cov": "nyc --reporter=html --reporter=text npm test" From 60004691af3268d8c2a9828afc51af5fb18bf57e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 24 Mar 2022 19:21:57 -0400 Subject: [PATCH 44/95] build: Node.js@16.14 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 07dd8928..f7624b76 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -97,7 +97,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.13" + node-version: "16.14" steps: - uses: actions/checkout@v2 From d508897c475f0d3dca405d41589dc1c7f9469402 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 24 Mar 2022 19:22:13 -0400 Subject: [PATCH 45/95] build: Node.js@13.14 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f7624b76..0c67d398 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,7 +88,7 @@ jobs: node-version: "12.22" - name: Node.js 13.x - node-version: "13.13" + node-version: "13.14" - name: Node.js 14.x node-version: "14.18" From 17b2bf8414ecb56f35116e563a098a8611911e86 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 24 Mar 2022 19:26:18 -0400 Subject: [PATCH 46/95] build: mocha@7.2.0 --- .github/workflows/ci.yml | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c67d398..e3c80e7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,11 +66,11 @@ jobs: - name: Node.js 6.x node-version: "6.17" - npm-i: nyc@14.1.1 + npm-i: mocha@6.2.3 nyc@14.1.1 - name: Node.js 7.x node-version: "7.10" - npm-i: nyc@14.1.1 + npm-i: mocha@6.2.3 nyc@14.1.1 - name: Node.js 8.x node-version: "8.16" diff --git a/package.json b/package.json index b85964a3..ae16f238 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", - "mocha": "6.2.3", + "mocha": "7.2.0", "nyc": "15.1.0", "supertest": "4.0.2" }, From 6fd0dd34ba957c9b80f32ac3fb1c9ea1ca3e30eb Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 5 Apr 2022 23:18:12 -0400 Subject: [PATCH 47/95] build: Node.js@14.19 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3c80e7d..ea3368e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,7 +91,7 @@ jobs: node-version: "13.14" - name: Node.js 14.x - node-version: "14.18" + node-version: "14.19" - name: Node.js 15.x node-version: "15.14" From 9993776a30d0eaeb50e48800a85e4c01f33680cf Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 5 Apr 2022 23:24:57 -0400 Subject: [PATCH 48/95] build: supertest@6.1.6 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ae16f238..f5a30fa5 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "eslint-plugin-standard": "4.0.1", "mocha": "7.2.0", "nyc": "15.1.0", - "supertest": "4.0.2" + "supertest": "6.1.6" }, "files": [ "LICENSE", From b4473f4da3c7c9810bf7d15b83087f1d18d5317c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 5 Apr 2022 23:38:16 -0400 Subject: [PATCH 49/95] build: mocha@8.4.0 --- .github/workflows/ci.yml | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea3368e7..2b349b47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,9 +74,11 @@ jobs: - name: Node.js 8.x node-version: "8.16" + npm-i: mocha@7.2.0 - name: Node.js 9.x node-version: "9.11" + npm-i: mocha@7.2.0 - name: Node.js 10.x node-version: "10.16" diff --git a/package.json b/package.json index f5a30fa5..1f62f69b 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint-plugin-node": "9.2.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", - "mocha": "7.2.0", + "mocha": "8.4.0", "nyc": "15.1.0", "supertest": "6.1.6" }, From 566c3112550ca48a17bab003670d661e7c01dc91 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 6 Apr 2022 00:07:21 -0400 Subject: [PATCH 50/95] deps: compressible@~2.0.18 --- HISTORY.md | 6 ++++-- package.json | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index ce5ae905..3f5c535c 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -5,8 +5,10 @@ unreleased - Fix sorting encoding with extra parameters - deps: mime-types@~2.1.24 - deps: negotiator@0.6.2 - * deps: compressible@~2.0.17 - - deps: mime-db@'>= 1.40.0 < 2' + * deps: compressible@~2.0.18 + - Mark `font/ttf` as compressible + - Remove compressible from `multipart/mixed` + - deps: mime-db@'>= 1.43.0 < 2' * deps: safe-buffer@5.2.1 1.7.4 / 2019-03-18 diff --git a/package.json b/package.json index 1f62f69b..7fadd766 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "dependencies": { "accepts": "~1.3.7", "bytes": "3.0.0", - "compressible": "~2.0.17", + "compressible": "~2.0.18", "debug": "2.6.9", "on-headers": "~1.0.2", "safe-buffer": "5.2.1", From 4f15e0757b9e4da7b6a7371f8e89be59da911f3b Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 6 Apr 2022 00:12:01 -0400 Subject: [PATCH 51/95] deps: accepts@~1.3.8 --- HISTORY.md | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 3f5c535c..b038e53f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,10 +1,10 @@ unreleased ========== - * deps: accepts@~1.3.7 + * deps: accepts@~1.3.8 - Fix sorting encoding with extra parameters - - deps: mime-types@~2.1.24 - - deps: negotiator@0.6.2 + - deps: mime-types@~2.1.34 + - deps: negotiator@0.6.3 * deps: compressible@~2.0.18 - Mark `font/ttf` as compressible - Remove compressible from `multipart/mixed` diff --git a/package.json b/package.json index 7fadd766..e5d44930 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "license": "MIT", "repository": "expressjs/compression", "dependencies": { - "accepts": "~1.3.7", + "accepts": "~1.3.8", "bytes": "3.0.0", "compressible": "~2.0.18", "debug": "2.6.9", From 300b1288745b44520ba8d282e94a460f6fd3c4cd Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 18 Apr 2022 20:41:46 -0400 Subject: [PATCH 52/95] build: eslint-plugin-node@11.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e5d44930..cca9bcda 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.25.4", "eslint-plugin-markdown": "2.2.1", - "eslint-plugin-node": "9.2.0", + "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "4.2.1", "eslint-plugin-standard": "4.0.1", "mocha": "8.4.0", From 8d9cf5bef0784c16925d1c9cd8a69ee31e3490ed Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 18 Apr 2022 20:44:57 -0400 Subject: [PATCH 53/95] build: eslint-plugin-standard@4.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cca9bcda..965bf6b5 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "4.2.1", - "eslint-plugin-standard": "4.0.1", + "eslint-plugin-standard": "4.1.0", "mocha": "8.4.0", "nyc": "15.1.0", "supertest": "6.1.6" From 40ebf4cfc991f00c9bbf54a638384fdd42055ce5 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 18 Apr 2022 20:46:47 -0400 Subject: [PATCH 54/95] build: eslint-plugin-promise@4.3.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 965bf6b5..88a5a480 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "eslint-plugin-import": "2.25.4", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "4.2.1", + "eslint-plugin-promise": "4.3.1", "eslint-plugin-standard": "4.1.0", "mocha": "8.4.0", "nyc": "15.1.0", From 5f22b8df4c5de734b1e1be850e080a9cc5f78191 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 3 May 2022 21:50:46 -0400 Subject: [PATCH 55/95] build: mocha@9.2.2 --- .github/workflows/ci.yml | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2b349b47..dbdbe118 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,9 +82,11 @@ jobs: - name: Node.js 10.x node-version: "10.16" + npm-i: mocha@8.4.0 - name: Node.js 11.x node-version: "11.15" + npm-i: mocha@8.4.0 - name: Node.js 12.x node-version: "12.22" diff --git a/package.json b/package.json index 88a5a480..d24b9a19 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "4.3.1", "eslint-plugin-standard": "4.1.0", - "mocha": "8.4.0", + "mocha": "9.2.2", "nyc": "15.1.0", "supertest": "6.1.6" }, From a792bc7a59d22f941e8d1581e56cef5bce18e060 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 3 May 2022 21:58:43 -0400 Subject: [PATCH 56/95] build: supertest@6.2.3 --- .github/workflows/ci.yml | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dbdbe118..c3945bd2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -66,11 +66,11 @@ jobs: - name: Node.js 6.x node-version: "6.17" - npm-i: mocha@6.2.3 nyc@14.1.1 + npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6 - name: Node.js 7.x node-version: "7.10" - npm-i: mocha@6.2.3 nyc@14.1.1 + npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6 - name: Node.js 8.x node-version: "8.16" diff --git a/package.json b/package.json index d24b9a19..3a9f4904 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "eslint-plugin-standard": "4.1.0", "mocha": "9.2.2", "nyc": "15.1.0", - "supertest": "6.1.6" + "supertest": "6.2.3" }, "files": [ "LICENSE", From 042ba41eabe2d210300f2da9d1bb9716d5faa234 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 4 May 2022 00:28:18 -0400 Subject: [PATCH 57/95] build: support Node.js 17.x --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3945bd2..eb64a4a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,6 +29,7 @@ jobs: - Node.js 14.x - Node.js 15.x - Node.js 16.x + - Node.js 17.x include: - name: Node.js 0.8 @@ -103,6 +104,9 @@ jobs: - name: Node.js 16.x node-version: "16.14" + - name: Node.js 17.x + node-version: "17.9" + steps: - uses: actions/checkout@v2 From 79b76569eca22ea9921bc1186628475f1ebcf137 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 4 May 2022 00:30:21 -0400 Subject: [PATCH 58/95] build: Node.js@16.15 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eb64a4a6..9ce4a443 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -102,7 +102,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.14" + node-version: "16.15" - name: Node.js 17.x node-version: "17.9" From 7079d0a8fc9427edc3633c437e89bb68497d9954 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 15 May 2022 18:58:11 -0400 Subject: [PATCH 59/95] build: eslint-plugin-import@2.26.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3a9f4904..c622242d 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "after": "0.8.2", "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.25.4", + "eslint-plugin-import": "2.26.0", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "4.3.1", From ad5113b98cafe1382a0ece30bb4673707ac59ce7 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 15 May 2022 19:00:58 -0400 Subject: [PATCH 60/95] build: eslint-plugin-promise@5.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c622242d..41f27fb2 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "eslint-plugin-import": "2.26.0", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "4.3.1", + "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "mocha": "9.2.2", "nyc": "15.1.0", From f0e089b1265a6f4d7b5dedb0d803de0fb3d0d554 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=8D=C3=B1igo=20Marqu=C3=ADnez=20Prado?= <25435858+inigomarquinez@users.noreply.github.com> Date: Tue, 14 May 2024 18:24:34 +0200 Subject: [PATCH 61/95] chore: add support for OSSF scorecard reporting (#186) PR-URL: https://github.com/expressjs/compression/pull/186 --- .github/workflows/scorecard.yml | 70 +++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..0b5ddcc0 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,70 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security + +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '16 21 * * 1' + push: + branches: [ "master" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + with: + sarif_file: results.sarif From f3e6f389cb87e090438e13c04d67cec9e22f8098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=8D=C3=B1igo=20Marqu=C3=ADnez=20Prado?= <25435858+inigomarquinez@users.noreply.github.com> Date: Tue, 14 May 2024 19:29:50 +0200 Subject: [PATCH 62/95] ci: fix errors in ci github action for node 8 and 9 (#187) PR-URL: https://github.com/expressjs/compression/pull/187 --- .github/workflows/ci.yml | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ce4a443..b00df8dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,6 +30,11 @@ jobs: - Node.js 15.x - Node.js 16.x - Node.js 17.x + - Node.js 18.x + - Node.js 19.x + - Node.js 20.x + - Node.js 21.x + - Node.js 22.x include: - name: Node.js 0.8 @@ -75,11 +80,11 @@ jobs: - name: Node.js 8.x node-version: "8.16" - npm-i: mocha@7.2.0 + npm-i: mocha@7.2.0 nyc@14.1.1 - name: Node.js 9.x node-version: "9.11" - npm-i: mocha@7.2.0 + npm-i: mocha@7.2.0 nyc@14.1.1 - name: Node.js 10.x node-version: "10.16" @@ -107,8 +112,23 @@ jobs: - name: Node.js 17.x node-version: "17.9" + - name: Node.js 18.x + node-version: "18.14" + + - name: Node.js 19.x + node-version: "19.6" + + - name: Node.js 20.x + node-version: "20.12" + + - name: Node.js 21.x + node-version: "21.7" + + - name: Node.js 22.x + node-version: "22.0" + steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} @@ -123,7 +143,12 @@ jobs: dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" - name: Configure npm - run: npm config set shrinkwrap false + run: | + if [[ "$(npm config get package-lock)" == "true" ]]; then + npm config set package-lock false + else + npm config set shrinkwrap false + fi - name: Remove npm module(s) ${{ matrix.npm-rm }} run: npm rm --silent --save-dev ${{ matrix.npm-rm }} @@ -182,7 +207,7 @@ jobs: needs: test runs-on: ubuntu-latest steps: - - name: Uploade code coverage + - name: Upload code coverage uses: coverallsapp/github-action@master with: github-token: ${{ secrets.github_token }} From 63b134fd94f0bf3f949f32433eea2144386a3e52 Mon Sep 17 00:00:00 2001 From: "JC (Jonathan Chen)" Date: Sun, 6 Oct 2024 10:57:00 -0400 Subject: [PATCH 63/95] docs: fix spelling (#174) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eb4d8878..55c19bfb 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ var compression = require('compression') ### compression([options]) Returns the compression middleware using the given `options`. The middleware -will attempt to compress response bodies for all request that traverse through +will attempt to compress response bodies for all requests that traverse through the middleware, based on the given `options`. This middleware will never compress responses that include a `Cache-Control` From dd8cbe52d2235dacf1cfbeb474bb262464e92ac0 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Sun, 20 Oct 2024 12:16:01 -0500 Subject: [PATCH 64/95] deps: bytes@3.1.2 (#192) --- HISTORY.md | 4 ++++ package.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index b038e53f..6a2852a3 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -5,6 +5,10 @@ unreleased - Fix sorting encoding with extra parameters - deps: mime-types@~2.1.34 - deps: negotiator@0.6.3 + * deps: bytes@3.1.2 + - Add petabyte (`pb`) support + - Fix "thousandsSeparator" incorrecting formatting fractional part + - Fix return value for un-parsable strings * deps: compressible@~2.0.18 - Mark `font/ttf` as compressible - Remove compressible from `multipart/mixed` diff --git a/package.json b/package.json index 41f27fb2..0c3a7c4c 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "repository": "expressjs/compression", "dependencies": { "accepts": "~1.3.8", - "bytes": "3.0.0", + "bytes": "3.1.2", "compressible": "~2.0.18", "debug": "2.6.9", "on-headers": "~1.0.2", From 7f7e9cfefb3d3c704002dbdb37c6fd664d52d707 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Tue, 22 Oct 2024 06:10:18 -0500 Subject: [PATCH 65/95] test: remove --bail option (#196) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0c3a7c4c..4029fa2e 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ }, "scripts": { "lint": "eslint .", - "test": "mocha --check-leaks --reporter spec --bail", + "test": "mocha --check-leaks --reporter spec", "test-ci": "nyc --reporter=lcovonly --reporter=text npm test", "test-cov": "nyc --reporter=html --reporter=text npm test" } From 5e6ee06a510170088615b11a61cef9faefca06e1 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Tue, 22 Oct 2024 06:11:05 -0500 Subject: [PATCH 66/95] build: Node.js 23.0 (#193) --- .github/workflows/ci.yml | 42 ++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b00df8dc..1f845be9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,7 @@ jobs: - Node.js 20.x - Node.js 21.x - Node.js 22.x + - Node.js 23.x include: - name: Node.js 0.8 @@ -63,69 +64,72 @@ jobs: npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - name: Node.js 4.x - node-version: "4.9" + node-version: "4" npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - name: Node.js 5.x - node-version: "5.12" + node-version: "5" npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - name: Node.js 6.x - node-version: "6.17" + node-version: "6" npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6 - name: Node.js 7.x - node-version: "7.10" + node-version: "7" npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6 - name: Node.js 8.x - node-version: "8.16" + node-version: "8" npm-i: mocha@7.2.0 nyc@14.1.1 - name: Node.js 9.x - node-version: "9.11" + node-version: "9" npm-i: mocha@7.2.0 nyc@14.1.1 - name: Node.js 10.x - node-version: "10.16" + node-version: "10" npm-i: mocha@8.4.0 - name: Node.js 11.x - node-version: "11.15" + node-version: "11" npm-i: mocha@8.4.0 - name: Node.js 12.x - node-version: "12.22" + node-version: "12" - name: Node.js 13.x - node-version: "13.14" + node-version: "13" - name: Node.js 14.x - node-version: "14.19" + node-version: "14" - name: Node.js 15.x - node-version: "15.14" + node-version: "15" - name: Node.js 16.x - node-version: "16.15" + node-version: "16" - name: Node.js 17.x - node-version: "17.9" + node-version: "17" - name: Node.js 18.x - node-version: "18.14" + node-version: "18" - name: Node.js 19.x - node-version: "19.6" + node-version: "19" - name: Node.js 20.x - node-version: "20.12" + node-version: "20" - name: Node.js 21.x - node-version: "21.7" + node-version: "21" - name: Node.js 22.x - node-version: "22.0" + node-version: "22" + + - name: Node.js 23.x + node-version: "23" steps: - uses: actions/checkout@v4 From 1e95836add80aafd08ad7bbaa23ad187a95b6b0a Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Wed, 23 Oct 2024 17:23:23 -0700 Subject: [PATCH 67/95] Replace accepts with negotiator --- index.js | 11 +++-------- package.json | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/index.js b/index.js index 1d089427..4d12bba2 100644 --- a/index.js +++ b/index.js @@ -14,7 +14,7 @@ * @private */ -var accepts = require('accepts') +var Negotiator = require('negotiator') var Buffer = require('safe-buffer').Buffer var bytes = require('bytes') var compressible = require('compressible') @@ -174,13 +174,8 @@ function compression (options) { } // compression method - var accept = accepts(req) - var method = accept.encoding(['gzip', 'deflate', 'identity']) - - // we really don't prefer deflate - if (method === 'deflate' && accept.encoding(['gzip'])) { - method = accept.encoding(['gzip', 'identity']) - } + var negotiator = new Negotiator(req) + var method = negotiator.encoding(['gzip', 'deflate', 'identity'], ['gzip']) // negotiation failed if (!method || method === 'identity') { diff --git a/package.json b/package.json index 4029fa2e..828d0255 100644 --- a/package.json +++ b/package.json @@ -9,10 +9,10 @@ "license": "MIT", "repository": "expressjs/compression", "dependencies": { - "accepts": "~1.3.8", "bytes": "3.1.2", "compressible": "~2.0.18", "debug": "2.6.9", + "negotiator": "~0.6.4", "on-headers": "~1.0.2", "safe-buffer": "5.2.1", "vary": "~1.1.2" From 8626820bd77f94a18b8c2a6c5b4a35e59dd4c5a2 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Sat, 26 Oct 2024 13:10:47 -0500 Subject: [PATCH 68/95] docs: update history (#200) --- HISTORY.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 6a2852a3..f50a9ca7 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,10 +1,8 @@ unreleased ========== - * deps: accepts@~1.3.8 - - Fix sorting encoding with extra parameters - - deps: mime-types@~2.1.34 - - deps: negotiator@0.6.3 + * deps: Replace accepts with negotiator@~0.6.4 + - Add preference option * deps: bytes@3.1.2 - Add petabyte (`pb`) support - Fix "thousandsSeparator" incorrecting formatting fractional part From 2854e7df7f396357ecc6a7d9780d2b1164bc783e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Thu, 31 Oct 2024 16:16:39 +0100 Subject: [PATCH 69/95] 1.7.5 PR-URL: https://github.com/expressjs/compression/pull/195 --- HISTORY.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index f50a9ca7..7f625d08 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,4 +1,4 @@ -unreleased +1.7.5 / 2024-10-31 ========== * deps: Replace accepts with negotiator@~0.6.4 diff --git a/package.json b/package.json index 828d0255..f3d6c0f4 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "compression", "description": "Node.js compression middleware", - "version": "1.7.4", + "version": "1.7.5", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 0a10f23624a83eecaa415f95c17dbcd04522059b Mon Sep 17 00:00:00 2001 From: Ayoub Mabrouk <77799760+Ayoub-Mabrouk@users.noreply.github.com> Date: Fri, 1 Nov 2024 12:37:56 +0100 Subject: [PATCH 70/95] refactor: replaced the negation check with a positive check for clarity PR-URL: https://github.com/expressjs/compression/pull/203 --- index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.js b/index.js index 4d12bba2..dfab0595 100644 --- a/index.js +++ b/index.js @@ -236,9 +236,9 @@ function chunkLength (chunk, encoding) { return 0 } - return !Buffer.isBuffer(chunk) - ? Buffer.byteLength(chunk, encoding) - : chunk.length + return Buffer.isBuffer(chunk) + ? chunk.length + : Buffer.byteLength(chunk, encoding) } /** From 0cd9d8663b216919c23993279cdef5f13353cd1b Mon Sep 17 00:00:00 2001 From: Ayoub Mabrouk <77799760+Ayoub-Mabrouk@users.noreply.github.com> Date: Sat, 2 Nov 2024 01:15:57 +0100 Subject: [PATCH 71/95] Refactor toBuffer function to simplify buffer check logic (#201) The function now directly returns the existing buffer if the input is already a buffer, eliminating the need for a negated condition. This improves code readability and maintains functionality by ensuring that non-buffer inputs are converted to a buffer using the specified encoding. --- index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.js b/index.js index dfab0595..c7494e71 100644 --- a/index.js +++ b/index.js @@ -277,7 +277,7 @@ function shouldTransform (req, res) { */ function toBuffer (chunk, encoding) { - return !Buffer.isBuffer(chunk) - ? Buffer.from(chunk, encoding) - : chunk + return Buffer.isBuffer(chunk) + ? chunk + : Buffer.from(chunk, encoding) } From 7b7f84ba45097a82f05cc007d4d6c146c39ed37e Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Thu, 7 Nov 2024 10:45:35 -0500 Subject: [PATCH 72/95] ci: add CodeQL (SAST) (#204) --- .github/workflows/codeql.yml | 66 ++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..cd411926 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,66 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["master"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["master"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + with: + languages: javascript + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + # - name: Autobuild + # uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + with: + category: "/language:javascript" \ No newline at end of file From 8e5641c188f766750900858da96bf596851f77ca Mon Sep 17 00:00:00 2001 From: maritz Date: Sat, 9 Nov 2024 18:28:00 +0100 Subject: [PATCH 73/95] Use headersSent instead of _header (#129) * fix: change usage of _header to headersSernt * improve logic * update history --------- Co-authored-by: Sebastian Beltran --- HISTORY.md | 4 ++++ index.js | 18 ++++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 7f625d08..3d224eda 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,7 @@ +unreleased +========== + * Use `res.headersSent` when available + 1.7.5 / 2024-10-31 ========== diff --git a/index.js b/index.js index c7494e71..332e4ab5 100644 --- a/index.js +++ b/index.js @@ -80,7 +80,7 @@ function compression (options) { return false } - if (!this._header) { + if (!headersSent(res)) { this._implicitHeader() } @@ -94,7 +94,7 @@ function compression (options) { return false } - if (!this._header) { + if (!headersSent(res)) { // estimate the length if (!this.getHeader('Content-Length')) { length = chunkLength(chunk, encoding) @@ -281,3 +281,17 @@ function toBuffer (chunk, encoding) { ? chunk : Buffer.from(chunk, encoding) } + +/** + * Determine if the response headers have been sent. + * + * @param {object} res + * @returns {boolean} + * @private + */ + +function headersSent (res) { + return typeof res.headersSent !== 'boolean' + ? Boolean(res._header) + : res.headersSent +} From b7d5d77f3cef505959ea0cc0afb12a8999f6dd4d Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Wed, 13 Nov 2024 14:02:48 -0800 Subject: [PATCH 74/95] Bugfix/use write head instead of implicit header (#170) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add failing tests for http2 * Add support for http2 The change just removes the usage of undocumented http API and instead uses the proper writeHead method * Remove arrow function in tests * Conditionally run http2 tests if http2 is available * Fix port in tests to be assigned automatically * Change http2 test usage to describe.skip if no http2 available * Fix closing the http2 connections to prevent possible exceptions * Fix closing the request first, then the client, then the server * Fix closing for v8.x and v9.x * fix tests not draining data for http2 requests, resulting in timeouts in node v10.4 onwards * fix: 🐛 assert.equal error * fix: 🐛 remove console.log's and timeout, let build fail * Apply suggestions from code review Co-authored-by: Lam Wei Li * fixed lint * fix: an issue where test hangs when assertion fails in http2 as http2server is not closed * refactor: use http2.constants instead of hard-coded strings in http2 test * Node.js 0.8 compatible * fix lint issue --------- Co-authored-by: Moritz Peters Co-authored-by: Moritz Peters Co-authored-by: Lam Wei Li Co-authored-by: Sebastian Beltran --- index.js | 4 +-- test/compression.js | 86 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index 332e4ab5..01b15bd5 100644 --- a/index.js +++ b/index.js @@ -81,7 +81,7 @@ function compression (options) { } if (!headersSent(res)) { - this._implicitHeader() + this.writeHead(this.statusCode) } return stream @@ -100,7 +100,7 @@ function compression (options) { length = chunkLength(chunk, encoding) } - this._implicitHeader() + this.writeHead(this.statusCode) } if (!stream) { diff --git a/test/compression.js b/test/compression.js index 6975ea0b..b6166eb1 100644 --- a/test/compression.js +++ b/test/compression.js @@ -7,6 +7,16 @@ var http = require('http') var request = require('supertest') var zlib = require('zlib') +var describeHttp2 = describe.skip +try { + var http2 = require('http2') + describeHttp2 = describe +} catch (err) { + if (err) { + console.log('http2 tests disabled.') + } +} + var compression = require('..') describe('compression()', function () { @@ -305,6 +315,41 @@ describe('compression()', function () { .expect(200, done) }) + describeHttp2('http2', function () { + it('should work with http2 server', function (done) { + var server = createHttp2Server({ threshold: 0 }, function (req, res) { + res.setHeader(http2.constants.HTTP2_HEADER_CONTENT_TYPE, 'text/plain') + res.end('hello, world') + }) + server.on('listening', function () { + var client = createHttp2Client(server.address().port) + // using ES5 as Node.js <=4.0.0 does not have Computed Property Names + var reqHeaders = {} + reqHeaders[http2.constants.HTTP2_HEADER_ACCEPT_ENCODING] = 'gzip' + var request = client.request(reqHeaders) + request.on('response', function (headers) { + assert.strictEqual(headers[http2.constants.HTTP2_HEADER_STATUS], 200) + assert.strictEqual(headers[http2.constants.HTTP2_HEADER_CONTENT_TYPE], 'text/plain') + assert.strictEqual(headers[http2.constants.HTTP2_HEADER_CONTENT_ENCODING], 'gzip') + }) + var chunks = [] + request.on('data', function (chunk) { + chunks.push(chunk) + }) + request.on('end', function () { + closeHttp2(client, server, function () { + zlib.gunzip(Buffer.concat(chunks), function (err, data) { + assert.ok(!err) + assert.strictEqual(data.toString(), 'hello, world') + done() + }) + }) + }) + request.end() + }) + }) + }) + describe('threshold', function () { it('should not compress responses below the threshold size', function (done) { var server = createServer({ threshold: '1kb' }, function (req, res) { @@ -674,6 +719,47 @@ function createServer (opts, fn) { }) } +function createHttp2Server (opts, fn) { + var _compression = compression(opts) + var server = http2.createServer(function (req, res) { + _compression(req, res, function (err) { + if (err) { + res.statusCode = err.status || 500 + res.end(err.message) + return + } + + fn(req, res) + }) + }) + server.listen(0, '127.0.0.1') + return server +} + +function createHttp2Client (port) { + return http2.connect('http://127.0.0.1:' + port) +} + +function closeHttp2 (client, server, callback) { + if (typeof client.shutdown === 'function') { + // this is the node v8.x way of closing the connections + client.shutdown({}, function () { + server.close(function () { + callback() + }) + }) + } else { + // this is the node v9.x onwards way of closing the connections + client.close(function () { + // force existing connections to time out after 1ms. + // this is done to force the server to close in some cases where it wouldn't do it otherwise. + server.close(function () { + callback() + }) + }) + } +} + function shouldHaveBodyLength (length) { return function (res) { assert.strictEqual(res.text.length, length, 'should have body length of ' + length) From f4e596c304ebbae9f61de9984bd89d9c1d4599cd Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Thu, 5 Dec 2024 10:28:42 -0500 Subject: [PATCH 75/95] feat: add default option (#191) * add test for default encoding * add functionality * support * * add docs * fix logic * change defaultEncoding to enforceEnconding * sort conditional --- HISTORY.md | 2 +- README.md | 6 ++++ index.js | 8 +++++ test/compression.js | 80 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 3d224eda..d0c2c595 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,10 +1,10 @@ unreleased ========== * Use `res.headersSent` when available + * Add the enforceEncoding option for requests without `Accept-Encoding` header 1.7.5 / 2024-10-31 ========== - * deps: Replace accepts with negotiator@~0.6.4 - Add preference option * deps: bytes@3.1.2 diff --git a/README.md b/README.md index 55c19bfb..d32645e2 100644 --- a/README.md +++ b/README.md @@ -139,6 +139,12 @@ The default value is `zlib.Z_DEFAULT_WINDOWBITS`, or `15`. See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. +##### enforceEncoding + +This is the default encoding to use when the client does not specify an encoding in the request's [Accept-Encoding](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding) header. + +The default value is `identity`. + #### .filter The default `filter` function. This is used to construct a custom filter diff --git a/index.js b/index.js index 01b15bd5..dcefd817 100644 --- a/index.js +++ b/index.js @@ -37,6 +37,8 @@ module.exports.filter = shouldCompress var cacheControlNoTransformRegExp = /(?:^|,)\s*?no-transform\s*?(?:,|$)/ +var encodingSupported = ['*', 'gzip', 'deflate', 'identity'] + /** * Compress response data with gzip / deflate. * @@ -51,6 +53,7 @@ function compression (options) { // options var filter = opts.filter || shouldCompress var threshold = bytes.parse(opts.threshold) + var enforceEncoding = opts.enforceEncoding || 'identity' if (threshold == null) { threshold = 1024 @@ -177,6 +180,11 @@ function compression (options) { var negotiator = new Negotiator(req) var method = negotiator.encoding(['gzip', 'deflate', 'identity'], ['gzip']) + // if no method is found, use the default encoding + if (!req.headers['accept-encoding'] && encodingSupported.indexOf(enforceEncoding) !== -1) { + method = enforceEncoding === '*' ? 'gzip' : enforceEncoding + } + // negotiation failed if (!method || method === 'identity') { nocompress('not acceptable') diff --git a/test/compression.js b/test/compression.js index b6166eb1..61debb4a 100644 --- a/test/compression.js +++ b/test/compression.js @@ -702,6 +702,86 @@ describe('compression()', function () { .end() }) }) + + describe('enforceEncoding', function () { + it('should compress the provided encoding and not the default encoding', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'deflate' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip') + .expect('Content-Encoding', 'gzip') + .expect(200, 'hello, world', done) + }) + + it('should not compress when enforceEncoding is identity', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'identity' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect(shouldNotHaveHeader('Content-Encoding')) + .expect(200, 'hello, world', done) + }) + + it('should compress when enforceEncoding is gzip', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'gzip' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect('Content-Encoding', 'gzip') + .expect(200, 'hello, world', done) + }) + + it('should compress when enforceEncoding is deflate', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'deflate' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect('Content-Encoding', 'deflate') + .expect(200, 'hello, world', done) + }) + + it('should not compress when enforceEncoding is unknown', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'bogus' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect(shouldNotHaveHeader('Content-Encoding')) + .expect(200, 'hello, world', done) + }) + + it('should be gzip if no accept-encoding is sent when enforceEncoding is *', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: '*' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect('Content-Encoding', 'gzip') + .expect(200, 'hello, world', done) + }) + }) }) function createServer (opts, fn) { From 96df7c5a638f17eb4725f6d31a393cdcd449b6e5 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Fri, 20 Dec 2024 10:03:39 -0500 Subject: [PATCH 76/95] improve ci workflow (#206) --- .github/workflows/ci.yml | 76 ++++++++++++++++++++++++++++++++-------- package.json | 2 +- 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f845be9..d03534f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,10 +1,41 @@ name: ci on: -- pull_request -- push + pull_request: + branches: + - master + paths-ignore: + - '*.md' + push: + paths-ignore: + - '*.md' + +permissions: + contents: read + +# Cancel in progress workflows +# in the scenario where we already had a run going for that PR/branch/tag but then triggered a new run +concurrency: + group: "${{ github.workflow }} ✨ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" + cancel-in-progress: true jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 'lts/*' + + - name: Install dependencies + run: npm install --ignore-scripts --only=dev + + - name: Run lint + run: npm run lint + test: runs-on: ubuntu-latest strategy: @@ -195,24 +226,39 @@ jobs: npm test fi - - name: Lint code - if: steps.list_env.outputs.eslint != '' - run: npm run lint - - - name: Collect code coverage - uses: coverallsapp/github-action@master + - name: Upload code coverage if: steps.list_env.outputs.nyc != '' + uses: actions/upload-artifact@v4 with: - github-token: ${{ secrets.GITHUB_TOKEN }} - flag-name: run-${{ matrix.test_number }} - parallel: true + name: coverage-node-${{ matrix.node-version }} + path: ./coverage/lcov.info + retention-days: 1 coverage: needs: test runs-on: ubuntu-latest + permissions: + contents: read + checks: write steps: - - name: Upload code coverage - uses: coverallsapp/github-action@master + - uses: actions/checkout@v4 + + - name: Install lcov + shell: bash + run: sudo apt-get -y install lcov + + - name: Collect coverage reports + uses: actions/download-artifact@v4 with: - github-token: ${{ secrets.github_token }} - parallel-finished: true + path: ./coverage + pattern: coverage-node-* + + - name: Merge coverage reports + shell: bash + run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./lcov.info + + - name: Upload coverage report + uses: coverallsapp/github-action@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + file: ./lcov.info \ No newline at end of file diff --git a/package.json b/package.json index f3d6c0f4..0fe4ed30 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "scripts": { "lint": "eslint .", "test": "mocha --check-leaks --reporter spec", - "test-ci": "nyc --reporter=lcovonly --reporter=text npm test", + "test-ci": "nyc --reporter=lcov --reporter=text npm test", "test-cov": "nyc --reporter=html --reporter=text npm test" } } From d272132acbbe916e7f81174430008a6f5b093f15 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Wed, 8 Jan 2025 14:46:32 -0500 Subject: [PATCH 77/95] feat: support for brotli (#194) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added support for brotli ('br') content-encoding * Update README.md * Update README.md * Update README.md * Apply default value also when params is specified * Increase coverage for specifying params * Updated brotli detection method * Prefer br over gzip and deflate * feat: use "koa-compress" logic to determine the preferred encoding * test: adding one more test case br/gzip with quality params * chore: fix linting errors * fix: hand write encodings lib to be compatible with node 0.8 * Fix: fixing lint errors in new lib * Fix: fixing lint errors in new lib * implemented required encoding negotiator without 3rd party dependency * fix * use negotiator * improve negotiateEnconding * fix support * update history * add new test * add new test * Update test/compression.js Co-authored-by: Wes Todd * improve parse options * don't directly manipulate the object. * remove .npmrc * use object assign in params * test: add test for enforceEnconding * deps: remove object-assign --------- Co-authored-by: Daniel Cohen Gindi Co-authored-by: Nick Randall Co-authored-by: Ulises Gascón Co-authored-by: Wes Todd --- HISTORY.md | 1 + README.md | 11 ++- index.js | 28 ++++++- test/compression.js | 194 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 5 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index d0c2c595..80833d74 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== * Use `res.headersSent` when available + * add brotli support for versions of node that support it * Add the enforceEncoding option for requests without `Accept-Encoding` header 1.7.5 / 2024-10-31 diff --git a/README.md b/README.md index d32645e2..c2a9df65 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,9 @@ The following compression codings are supported: - deflate - gzip + - br (brotli) + +**Note** Brotli is supported only since Node.js versions v11.7.0 and v10.16.0. ## Install @@ -42,7 +45,8 @@ as compressing will transform the body. `compression()` accepts these properties in the options object. In addition to those listed below, [zlib](http://nodejs.org/api/zlib.html) options may be -passed in to the options object. +passed in to the options object or +[brotli](https://nodejs.org/api/zlib.html#zlib_class_brotlioptions) options. ##### chunkSize @@ -99,6 +103,11 @@ The default value is `zlib.Z_DEFAULT_MEMLEVEL`, or `8`. See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. +##### brotli + +This specifies the options for configuring Brotli. See [Node.js documentation](https://nodejs.org/api/zlib.html#class-brotlioptions) for a complete list of available options. + + ##### strategy This is used to tune the compression algorithm. This value only affects the diff --git a/index.js b/index.js index dcefd817..198c85b4 100644 --- a/index.js +++ b/index.js @@ -30,14 +30,21 @@ var zlib = require('zlib') module.exports = compression module.exports.filter = shouldCompress +/** + * @const + * whether current node version has brotli support + */ +var hasBrotliSupport = 'createBrotliCompress' in zlib + /** * Module variables. * @private */ - var cacheControlNoTransformRegExp = /(?:^|,)\s*?no-transform\s*?(?:,|$)/ +var SUPPORTED_ENCODING = hasBrotliSupport ? ['br', 'gzip', 'deflate', 'identity'] : ['gzip', 'deflate', 'identity'] +var PREFERRED_ENCODING = hasBrotliSupport ? ['br', 'gzip'] : ['gzip'] -var encodingSupported = ['*', 'gzip', 'deflate', 'identity'] +var encodingSupported = ['*', 'gzip', 'deflate', 'identity', 'br'] /** * Compress response data with gzip / deflate. @@ -49,6 +56,17 @@ var encodingSupported = ['*', 'gzip', 'deflate', 'identity'] function compression (options) { var opts = options || {} + var optsBrotli = {} + + if (hasBrotliSupport) { + Object.assign(optsBrotli, opts.brotli) + + var brotliParams = {} + brotliParams[zlib.constants.BROTLI_PARAM_QUALITY] = 4 + + // set the default level to a reasonable value with balanced speed/ratio + optsBrotli.params = Object.assign(brotliParams, optsBrotli.params) + } // options var filter = opts.filter || shouldCompress @@ -178,7 +196,7 @@ function compression (options) { // compression method var negotiator = new Negotiator(req) - var method = negotiator.encoding(['gzip', 'deflate', 'identity'], ['gzip']) + var method = negotiator.encoding(SUPPORTED_ENCODING, PREFERRED_ENCODING) // if no method is found, use the default encoding if (!req.headers['accept-encoding'] && encodingSupported.indexOf(enforceEncoding) !== -1) { @@ -195,7 +213,9 @@ function compression (options) { debug('%s compression', method) stream = method === 'gzip' ? zlib.createGzip(opts) - : zlib.createDeflate(opts) + : method === 'br' + ? zlib.createBrotliCompress(optsBrotli) + : zlib.createDeflate(opts) // add buffered listeners to stream addListeners(stream, stream.on, listeners) diff --git a/test/compression.js b/test/compression.js index 61debb4a..c2c11153 100644 --- a/test/compression.js +++ b/test/compression.js @@ -19,6 +19,13 @@ try { var compression = require('..') +/** + * @const + * whether current node version has brotli support + */ +var hasBrotliSupport = 'createBrotliCompress' in zlib +var brotli = hasBrotliSupport ? it : it.skip + describe('compression()', function () { it('should skip HEAD', function (done) { var server = createServer({ threshold: 0 }, function (req, res) { @@ -510,6 +517,52 @@ describe('compression()', function () { }) }) + describe('when "Accept-Encoding: br"', function () { + brotli('should respond with br', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'br') + .expect('Content-Encoding', 'br', done) + }) + }) + + describe('when "Accept-Encoding: br" and passing compression level', function () { + brotli('should respond with br', function (done) { + var params = {} + params[zlib.constants.BROTLI_PARAM_QUALITY] = 11 + + var server = createServer({ threshold: 0, brotli: { params: params } }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'br') + .expect('Content-Encoding', 'br', done) + }) + + brotli('shouldn\'t break compression when gzip is requested', function (done) { + var params = {} + params[zlib.constants.BROTLI_PARAM_QUALITY] = 8 + + var server = createServer({ threshold: 0, brotli: { params: params } }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip') + .expect('Content-Encoding', 'gzip', done) + }) + }) + describe('when "Accept-Encoding: gzip, deflate"', function () { it('should respond with gzip', function (done) { var server = createServer({ threshold: 0 }, function (req, res) { @@ -538,6 +591,105 @@ describe('compression()', function () { }) }) + describe('when "Accept-Encoding: gzip, br"', function () { + var brotli = hasBrotliSupport ? it : it.skip + brotli('should respond with br', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip, br') + .expect('Content-Encoding', 'br', done) + }) + + brotli = hasBrotliSupport ? it.skip : it + + brotli('should respond with gzip', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'br, gzip') + .expect('Content-Encoding', 'gzip', done) + }) + }) + + describe('when "Accept-Encoding: deflate, gzip, br"', function () { + brotli('should respond with br', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'deflate, gzip, br') + .expect('Content-Encoding', 'br', done) + }) + }) + + describe('when "Accept-Encoding: gzip;q=1, br;q=0.3"', function () { + brotli('should respond with gzip', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip;q=1, br;q=0.3') + .expect('Content-Encoding', 'gzip', done) + }) + }) + + describe('when "Accept-Encoding: gzip, br;q=0.8"', function () { + brotli('should respond with gzip', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip, br;q=0.8') + .expect('Content-Encoding', 'gzip', done) + }) + }) + + describe('when "Accept-Encoding: gzip;q=0.001"', function () { + brotli('should respond with gzip', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'gzip;q=0.001') + .expect('Content-Encoding', 'gzip', done) + }) + }) + + describe('when "Accept-Encoding: deflate, br"', function () { + brotli('should respond with br', function (done) { + var server = createServer({ threshold: 0 }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', 'deflate, br') + .expect('Content-Encoding', 'br', done) + }) + }) + describe('when "Cache-Control: no-transform" response header', function () { it('should not compress response', function (done) { var server = createServer({ threshold: 0 }, function (req, res) { @@ -676,6 +828,32 @@ describe('compression()', function () { .end() }) + brotli('should flush small chunks for brotli', function (done) { + var chunks = 0 + var next + var server = createServer({ threshold: 0 }, function (req, res) { + next = writeAndFlush(res, 2, Buffer.from('..')) + res.setHeader('Content-Type', 'text/plain') + next() + }) + + function onchunk (chunk) { + assert.ok(chunks++ < 20) + assert.strictEqual(chunk.toString(), '..') + next() + } + + request(server) + .get('/') + .set('Accept-Encoding', 'br') + .request() + .on('response', unchunk('br', onchunk, function (err) { + if (err) return done(err) + server.close(done) + })) + .end() + }) + it('should flush small chunks for deflate', function (done) { var chunks = 0 var next @@ -756,6 +934,19 @@ describe('compression()', function () { .expect(200, 'hello, world', done) }) + brotli('should compress when enforceEncoding is brotli', function (done) { + var server = createServer({ threshold: 0, enforceEncoding: 'br' }, function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello, world') + }) + + request(server) + .get('/') + .set('Accept-Encoding', '') + .expect('Content-Encoding', 'br') + .expect(200, done) + }) + it('should not compress when enforceEncoding is unknown', function (done) { var server = createServer({ threshold: 0, enforceEncoding: 'bogus' }, function (req, res) { res.setHeader('Content-Type', 'text/plain') @@ -876,6 +1067,9 @@ function unchunk (encoding, onchunk, onend) { case 'gzip': stream = res.pipe(zlib.createGunzip()) break + case 'br': + stream = res.pipe(zlib.createBrotliDecompress()) + break } stream.on('data', onchunk) From 0cf7d3ffcf7f6bacb64ee099d9a53e03ccfcc565 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Fri, 10 Jan 2025 12:26:32 -0500 Subject: [PATCH 78/95] fix(docs): improve readme (#209) * docs: improve readme * funding? * some work * remove some things --- README.md | 120 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 89 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index c2a9df65..16bde0ad 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,9 @@ [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Build Status][github-actions-ci-image]][github-actions-ci-url] -[![Test Coverage][coveralls-image]][coveralls-url] +[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer] +[![Funding][funding-image]][funding-url] + Node.js compression middleware. @@ -50,13 +52,16 @@ passed in to the options object or ##### chunkSize -The default value is `zlib.Z_DEFAULT_CHUNK`, or `16384`. +Type: `Number`
+Default: `zlib.constants.Z_DEFAULT_CHUNK`, or `16384`. See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### filter +Type: `Function` + A function to decide if the response should be considered for compression. This function is called as `filter(req, res)` and is expected to return `true` to consider the response for compression, or `false` to not compress @@ -67,6 +72,9 @@ module to determine if `res.getHeader('Content-Type')` is compressible. ##### level +Type: `Number`
+Default: `zlib.constants.Z_DEFAULT_COMPRESSION`, or `-1` + The level of zlib compression to apply to responses. A higher level will result in better compression, but will take longer to complete. A lower level will result in less compression, but will be much faster. @@ -76,64 +84,71 @@ compression). The special value `-1` can be used to mean the "default compression level", which is a default compromise between speed and compression (currently equivalent to level 6). - - `-1` Default compression level (also `zlib.Z_DEFAULT_COMPRESSION`). - - `0` No compression (also `zlib.Z_NO_COMPRESSION`). - - `1` Fastest compression (also `zlib.Z_BEST_SPEED`). + - `-1` Default compression level (also `zlib.constants.Z_DEFAULT_COMPRESSION`). + - `0` No compression (also `zlib.constants.Z_NO_COMPRESSION`). + - `1` Fastest compression (also `zlib.constants.Z_BEST_SPEED`). - `2` - `3` - `4` - `5` - - `6` (currently what `zlib.Z_DEFAULT_COMPRESSION` points to). + - `6` (currently what `zlib.constants.Z_DEFAULT_COMPRESSION` points to). - `7` - `8` - - `9` Best compression (also `zlib.Z_BEST_COMPRESSION`). - -The default value is `zlib.Z_DEFAULT_COMPRESSION`, or `-1`. + - `9` Best compression (also `zlib.constants.Z_BEST_COMPRESSION`). **Note** in the list above, `zlib` is from `zlib = require('zlib')`. ##### memLevel +Type: `Number`
+Default: `zlib.constants.Z_DEFAULT_MEMLEVEL`, or `8` + This specifies how much memory should be allocated for the internal compression state and is an integer in the range of `1` (minimum level) and `9` (maximum level). -The default value is `zlib.Z_DEFAULT_MEMLEVEL`, or `8`. - See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### brotli +Type: `Object` + This specifies the options for configuring Brotli. See [Node.js documentation](https://nodejs.org/api/zlib.html#class-brotlioptions) for a complete list of available options. ##### strategy +Type: `Number`
+Default: `zlib.constants.Z_DEFAULT_STRATEGY` + This is used to tune the compression algorithm. This value only affects the compression ratio, not the correctness of the compressed output, even if it is not set appropriately. - - `zlib.Z_DEFAULT_STRATEGY` Use for normal data. - - `zlib.Z_FILTERED` Use for data produced by a filter (or predictor). + - `zlib.constants.Z_DEFAULT_STRATEGY` Use for normal data. + - `zlib.constants.Z_FILTERED` Use for data produced by a filter (or predictor). Filtered data consists mostly of small values with a somewhat random distribution. In this case, the compression algorithm is tuned to compress them better. The effect is to force more Huffman coding and less - string matching; it is somewhat intermediate between `zlib.Z_DEFAULT_STRATEGY` - and `zlib.Z_HUFFMAN_ONLY`. - - `zlib.Z_FIXED` Use to prevent the use of dynamic Huffman codes, allowing + string matching; it is somewhat intermediate between `zlib.constants.Z_DEFAULT_STRATEGY` + and `zlib.constants.Z_HUFFMAN_ONLY`. + - `zlib.constants.Z_FIXED` Use to prevent the use of dynamic Huffman codes, allowing for a simpler decoder for special applications. - - `zlib.Z_HUFFMAN_ONLY` Use to force Huffman encoding only (no string match). - - `zlib.Z_RLE` Use to limit match distances to one (run-length encoding). - This is designed to be almost as fast as `zlib.Z_HUFFMAN_ONLY`, but give + - `zlib.constants.Z_HUFFMAN_ONLY` Use to force Huffman encoding only (no string match). + - `zlib.constants.Z_RLE` Use to limit match distances to one (run-length encoding). + This is designed to be almost as fast as `zlib.constants.Z_HUFFMAN_ONLY`, but give better compression for PNG image data. **Note** in the list above, `zlib` is from `zlib = require('zlib')`. ##### threshold +Type: `Number` or `String`
+Default: `1kb` + The byte threshold for the response body size before compression is considered -for the response, defaults to `1kb`. This is a number of bytes or any string +for the response. This is a number of bytes or any string accepted by the [bytes](https://www.npmjs.com/package/bytes) module. **Note** this is only an advisory setting; if the response size cannot be determined @@ -143,16 +158,18 @@ set a `Content-Length` response header. ##### windowBits -The default value is `zlib.Z_DEFAULT_WINDOWBITS`, or `15`. +Type: `Number`
+Default: `zlib.constants.Z_DEFAULT_WINDOWBITS`, or `15` See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### enforceEncoding -This is the default encoding to use when the client does not specify an encoding in the request's [Accept-Encoding](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding) header. +Type: `String`
+Default: `identity` -The default value is `identity`. +This is the default encoding to use when the client does not specify an encoding in the request's [Accept-Encoding](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding) header. #### .filter @@ -164,6 +181,7 @@ var compression = require('compression') var express = require('express') var app = express() + app.use(compression({ filter: shouldCompress })) function shouldCompress (req, res) { @@ -184,9 +202,9 @@ response to be flushed to the client. ## Examples -### express/connect +### express -When using this module with express or connect, simply `app.use` the module as +When using this module with express, simply `app.use` the module as high as you like. Requests that pass through the middleware will be compressed. ```js @@ -201,6 +219,36 @@ app.use(compression()) // add all routes ``` +### Node.js HTTP server + +```js +var compression = require('compression')({ threshold: 0 }) +var http = require('http') + +function createServer (fn) { + return http.createServer(function (req, res) { + compression(req, res, function (err) { + if (err) { + res.statusCode = err.status || 500 + res.end(err.message) + return + } + + fn(req, res) + }) + }) +} + +var server = createServer(function (req, res) { + res.setHeader('Content-Type', 'text/plain') + res.end('hello world!') +}) + +server.listen(3000, () => { + console.log('> Listening at http://localhost:3000') +}) +``` + ### Server-Sent Events Because of the nature of compression this module does not work out of the box @@ -239,15 +287,25 @@ app.get('/events', function (req, res) { }) ``` +## Contributing + +The Express.js project welcomes all constructive contributions. Contributions take many forms, +from code for bug fixes and enhancements, to additions and fixes to documentation, additional +tests, triaging incoming pull requests and issues, and more! + +See the [Contributing Guide](https://github.com/expressjs/express/blob/master/Contributing.md) for more technical details on contributing. + ## License [MIT](LICENSE) -[npm-image]: https://img.shields.io/npm/v/compression.svg +[npm-image]: https://badgen.net/npm/v/compression [npm-url]: https://npmjs.org/package/compression -[coveralls-image]: https://img.shields.io/coveralls/expressjs/compression/master.svg -[coveralls-url]: https://coveralls.io/r/expressjs/compression?branch=master -[downloads-image]: https://img.shields.io/npm/dm/compression.svg -[downloads-url]: https://npmjs.org/package/compression -[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/compression/master?label=ci +[downloads-image]: https://badgen.net/npm/dm/compression +[downloads-url]: https://npmcharts.com/compare/compression?minimal=true +[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/compression/master?label=CI [github-actions-ci-url]: https://github.com/expressjs/compression/actions?query=workflow%3Aci +[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/compression/badge +[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/compression +[funding-url]: https://opencollective.com/express +[funding-image]: https://badgen.net/badge/icon/sponsor/pink?icon=github&label=Open%20Collective \ No newline at end of file From 82c9cb5290ce590a3ce7324545aa8ef3d8ea5a8a Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Fri, 10 Jan 2025 12:27:13 -0500 Subject: [PATCH 79/95] fix(docs): keywords field (#210) * docs: add funding and keywork field * remove funding --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 0fe4ed30..eb432a0d 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ ], "license": "MIT", "repository": "expressjs/compression", + "keywords": ["compression", "gzip", "deflate", "middleware", "express", "brotli", "http", "stream"], "dependencies": { "bytes": "3.1.2", "compressible": "~2.0.18", From 0af2a9aebcd12861b7c75ae68b54851944ffb9e5 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Tue, 21 Jan 2025 10:18:02 -0500 Subject: [PATCH 80/95] fix: don't handle * in enforceEncoding (#213) --- .github/workflows/ci.yml | 1 + index.js | 4 ++-- test/compression.js | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d03534f4..45655c24 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,6 +39,7 @@ jobs: test: runs-on: ubuntu-latest strategy: + fail-fast: false matrix: name: - Node.js 0.8 diff --git a/index.js b/index.js index 198c85b4..c0638e08 100644 --- a/index.js +++ b/index.js @@ -44,7 +44,7 @@ var cacheControlNoTransformRegExp = /(?:^|,)\s*?no-transform\s*?(?:,|$)/ var SUPPORTED_ENCODING = hasBrotliSupport ? ['br', 'gzip', 'deflate', 'identity'] : ['gzip', 'deflate', 'identity'] var PREFERRED_ENCODING = hasBrotliSupport ? ['br', 'gzip'] : ['gzip'] -var encodingSupported = ['*', 'gzip', 'deflate', 'identity', 'br'] +var encodingSupported = ['gzip', 'deflate', 'identity', 'br'] /** * Compress response data with gzip / deflate. @@ -200,7 +200,7 @@ function compression (options) { // if no method is found, use the default encoding if (!req.headers['accept-encoding'] && encodingSupported.indexOf(enforceEncoding) !== -1) { - method = enforceEncoding === '*' ? 'gzip' : enforceEncoding + method = enforceEncoding } // negotiation failed diff --git a/test/compression.js b/test/compression.js index c2c11153..8107def0 100644 --- a/test/compression.js +++ b/test/compression.js @@ -960,7 +960,7 @@ describe('compression()', function () { .expect(200, 'hello, world', done) }) - it('should be gzip if no accept-encoding is sent when enforceEncoding is *', function (done) { + it('should not compress when enforceEnconding is *', function (done) { var server = createServer({ threshold: 0, enforceEncoding: '*' }, function (req, res) { res.setHeader('Content-Type', 'text/plain') res.end('hello, world') @@ -969,8 +969,8 @@ describe('compression()', function () { request(server) .get('/') .set('Accept-Encoding', '') - .expect('Content-Encoding', 'gzip') - .expect(200, 'hello, world', done) + .expect(shouldNotHaveHeader('Content-Encoding')) + .expect(200, done) }) }) }) From c7ace2c9343a51065bf7ce03891cec113f351bc3 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Wed, 8 Jan 2025 17:03:51 -0500 Subject: [PATCH 81/95] v1.8.0 --- HISTORY.md | 9 ++++++--- package.json | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 80833d74..5fa84f6d 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,11 +1,14 @@ -unreleased -========== +1.8.0 / 2025-02-10 +================== + * Use `res.headersSent` when available + * Replace `_implicitHeader` with `writeHead` property * add brotli support for versions of node that support it * Add the enforceEncoding option for requests without `Accept-Encoding` header 1.7.5 / 2024-10-31 -========== +================== + * deps: Replace accepts with negotiator@~0.6.4 - Add preference option * deps: bytes@3.1.2 diff --git a/package.json b/package.json index eb432a0d..a898cd56 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "compression", "description": "Node.js compression middleware", - "version": "1.7.5", + "version": "1.8.0", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 28f046c5e4b09e1e31af3d3a22048f32594463ec Mon Sep 17 00:00:00 2001 From: Phillip Barta Date: Tue, 18 Feb 2025 00:22:47 +0100 Subject: [PATCH 82/95] fix(docs): update multiple links from http to https (#222) --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 16bde0ad..df1bd789 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ as compressing will transform the body. #### Options `compression()` accepts these properties in the options object. In addition to -those listed below, [zlib](http://nodejs.org/api/zlib.html) options may be +those listed below, [zlib](https://nodejs.org/api/zlib.html) options may be passed in to the options object or [brotli](https://nodejs.org/api/zlib.html#zlib_class_brotlioptions) options. @@ -55,7 +55,7 @@ passed in to the options object or Type: `Number`
Default: `zlib.constants.Z_DEFAULT_CHUNK`, or `16384`. -See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) +See [Node.js documentation](https://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### filter @@ -107,7 +107,7 @@ This specifies how much memory should be allocated for the internal compression state and is an integer in the range of `1` (minimum level) and `9` (maximum level). -See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) +See [Node.js documentation](https://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### brotli @@ -161,7 +161,7 @@ set a `Content-Length` response header. Type: `Number`
Default: `zlib.constants.Z_DEFAULT_WINDOWBITS`, or `15` -See [Node.js documentation](http://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) +See [Node.js documentation](https://nodejs.org/api/zlib.html#zlib_memory_usage_tuning) regarding the usage. ##### enforceEncoding From 5bfed2bc218de272004b2ff6d42e6be28abd3212 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Wed, 16 Apr 2025 13:43:37 -0500 Subject: [PATCH 83/95] ci: add dependabot for github actions (#207) * ci: add dependabot for github actions * chore: update dependabot configuration for monthly updates and add npm support --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..a6096a49 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + + - package-ecosystem: npm + directory: / + schedule: + interval: monthly + time: "23:00" + timezone: Europe/London + open-pull-requests-limit: 10 + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] \ No newline at end of file From c1d7d6d81e4659d410bdd09512c19d979ef24a8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Apr 2025 16:10:39 -0500 Subject: [PATCH 84/95] build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 (#228) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.23.2 to 3.28.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.23.2...45775bd8235c68ba998cffa5171334d58593da47) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.15 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cd411926..0d65ca20 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: languages: javascript # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,6 +61,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: category: "/language:javascript" \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0b5ddcc0..e4914ef7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: results.sarif From dea3c9c9311b4a3ce8ea331a2ea34ea01ed0a986 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Apr 2025 16:10:59 -0500 Subject: [PATCH 85/95] build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 (#229) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e4914ef7..a7ab1540 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif From ae6ee809dc0cb40febaf2a5bff298465bd5a207f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Apr 2025 16:11:21 -0500 Subject: [PATCH 86/95] build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 (#230) Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-version: 2.31.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a898cd56..7894cd00 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "after": "0.8.2", "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.26.0", + "eslint-plugin-import": "2.31.0", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "5.2.0", From 76e094548125afbf8089a482d5982dc96c7ce398 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Apr 2025 07:42:43 +0200 Subject: [PATCH 87/95] build(deps-dev): bump supertest from 6.2.3 to 6.3.4 (#231) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7894cd00..542d6747 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "eslint-plugin-standard": "4.1.0", "mocha": "9.2.2", "nyc": "15.1.0", - "supertest": "6.2.3" + "supertest": "6.3.4" }, "files": [ "LICENSE", From 5f13b148d2a1a2daaa8647e03592214bb240bf18 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sat, 17 May 2025 10:17:51 -0700 Subject: [PATCH 88/95] [StepSecurity] ci: Harden GitHub Actions (#235) * [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot * ping supertest in ci Signed-off-by: Sebastian Beltran --------- Signed-off-by: StepSecurity Bot Signed-off-by: Sebastian Beltran Co-authored-by: Sebastian Beltran --- .github/workflows/ci.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 45655c24..69305611 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,9 +24,9 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 'lts/*' @@ -113,31 +113,34 @@ jobs: - name: Node.js 8.x node-version: "8" - npm-i: mocha@7.2.0 nyc@14.1.1 + npm-i: mocha@7.2.0 nyc@14.1.1 supertest@6.1.6 - name: Node.js 9.x node-version: "9" - npm-i: mocha@7.2.0 nyc@14.1.1 + npm-i: mocha@7.2.0 nyc@14.1.1 supertest@6.1.6 - name: Node.js 10.x node-version: "10" - npm-i: mocha@8.4.0 + npm-i: mocha@8.4.0 supertest@6.1.6 - name: Node.js 11.x node-version: "11" - npm-i: mocha@8.4.0 + npm-i: mocha@8.4.0 supertest@6.1.6 - name: Node.js 12.x node-version: "12" + npm-i: "supertest@6.1.6" - name: Node.js 13.x node-version: "13" + npm-i: "supertest@6.1.6" - name: Node.js 14.x node-version: "14" - name: Node.js 15.x node-version: "15" + npm-i: "supertest@6.1.6" - name: Node.js 16.x node-version: "16" @@ -164,7 +167,7 @@ jobs: node-version: "23" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} @@ -229,7 +232,7 @@ jobs: - name: Upload code coverage if: steps.list_env.outputs.nyc != '' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: coverage-node-${{ matrix.node-version }} path: ./coverage/lcov.info @@ -242,14 +245,14 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install lcov shell: bash run: sudo apt-get -y install lcov - name: Collect coverage reports - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: path: ./coverage pattern: coverage-node-* @@ -259,7 +262,7 @@ jobs: run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./lcov.info - name: Upload coverage report - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: github-token: ${{ secrets.GITHUB_TOKEN }} file: ./lcov.info \ No newline at end of file From 2f9f5726751ecf12f7c46a9d1493bcd1966e09a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 20:29:05 -0500 Subject: [PATCH 89/95] build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 (#243) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.15 to 3.29.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/45775bd8235c68ba998cffa5171334d58593da47...181d5eefc20863364f96762470ba6f862bdef56b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d65ca20..0b9ac029 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: languages: javascript # If you wish to specify custom queries, you can do so here or in a config file. @@ -61,6 +61,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: category: "/language:javascript" \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a7ab1540..1a5a0c89 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: sarif_file: results.sarif From bc436b26283c2f85a9711085dd0e4a580de50ba7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 20:29:59 -0500 Subject: [PATCH 90/95] build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (#239) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.1...ea165f8d65b6e75b540449e92b4886f43607fa02) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1a5a0c89..fe123144 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif From 37e062312fd270f84b5f50f7c6f88312609633f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 20:30:45 -0500 Subject: [PATCH 91/95] build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#240) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fe123144..c089122d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif From 6eaebe63f2ecac191d402c570bde140488435c4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 20:31:49 -0500 Subject: [PATCH 92/95] build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (#241) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.1...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c089122d..9b328ebc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,7 +30,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.1.2 with: persist-credentials: false From f4acb23985fa345318d34d4a96acf555a883efeb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Jul 2025 20:32:30 -0500 Subject: [PATCH 93/95] build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 (#244) Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.31.0 to 2.32.0. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.31.0...v2.32.0) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 542d6747..096f506e 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "after": "0.8.2", "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.31.0", + "eslint-plugin-import": "2.32.0", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "5.2.0", From ce62713129f4b33eac4b833e1722410091646395 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Thu, 17 Jul 2025 19:24:56 +0200 Subject: [PATCH 94/95] deps: on-headers@1.1.0 (#246) --- HISTORY.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 5fa84f6d..19aa34b1 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,9 @@ +unreleased +========== + + * deps: on-headers@~1.1.0 + - Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](https://github.com/expressjs/on-headers/security/advisories/GHSA-76c9-3jph-rj3q)) + 1.8.0 / 2025-02-10 ================== diff --git a/package.json b/package.json index 096f506e..d20b14d0 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "compressible": "~2.0.18", "debug": "2.6.9", "negotiator": "~0.6.4", - "on-headers": "~1.0.2", + "on-headers": "~1.1.0", "safe-buffer": "5.2.1", "vary": "~1.1.2" }, From 83a0c45fe190f4fcb8b515c18065db9cb9029dd1 Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Thu, 17 Jul 2025 19:28:34 +0200 Subject: [PATCH 95/95] 1.8.1 --- HISTORY.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 19aa34b1..0678bf2a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,4 +1,4 @@ -unreleased +1.8.1 / 2025-07-17 ========== * deps: on-headers@~1.1.0 diff --git a/package.json b/package.json index d20b14d0..918b82b2 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "compression", "description": "Node.js compression middleware", - "version": "1.8.0", + "version": "1.8.1", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)"