New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@alterior/express
Advanced tools
@alterior/express - npm Package Versions
Changelog
v3.12.0
@/web-server- It is now possible to access
WebEvent.currentwithin custom log formatters and request reporters. - It is now possible to subclass
HttpErrorand have Alterior handle it as expected. This was not possible prior due to issues long since solved with how extended Error works (when Alterior targeted ES5, this was not possible in Typescript 2.1 or later). Since this is no longer an issue, this restriction has been lifted.
- It is now possible to access
Changelog
v3.11.2
@/web-server- [(!!) Potential security issue / denial of service] Fixed a crash when the server receives invalid JSON during body parsing or other
errors raised by Connect middleware. Please update to this patch or higher. Issue existed between v3.8.0 and v3.11.1.
Fix has been backported to affected series with the following patch releases:
- Backported as v3.10.3
- Backported as v3.9.5
- Backported as v3.8.1
- Add
middlewarerequest reporting event (currently unused by the default request reporter)
- [(!!) Potential security issue / denial of service] Fixed a crash when the server receives invalid JSON during body parsing or other
errors raised by Connect middleware. Please update to this patch or higher. Issue existed between v3.8.0 and v3.11.1.
Fix has been backported to affected series with the following patch releases:
Changelog
v3.11.1
@/web-server- Adds
globalMiddlewareoption to@Controller(). This has the same semantics asmiddlewarein previous releases, but with clarified naming. - The
middlewareoption of@Controller()is now deprecated in favor ofglobalMiddleware. - Fixes a problem where JSON strings cannot be used with the new
@Body({ type: 'json' })feature because ofbody-parser's "strict mode". Disabled "strict mode" when using the JSON mode of thebody-parsermiddleware internally.
- Adds
Changelog
v3.11.0
@/annotations- Improves the return type of
Annotation.decorator()so that it is dependent on the providedvalueTargets(when possible). Issue
- Improves the return type of
@/web-server- Adds ability to override the body parser in use via the
@Body()decorator. This is useful for cases like trying to accept JSON strings (sincestringnormally causes atextbody parser to be used).
- Adds ability to override the body parser in use via the
Changelog
v3.10.2
@/web-server- Fixes an issue where a request's body will be unparsed if the
Content-Typepassed does not match the typical content type associated with the expected body format. For instance, when expecting JSON (the default), the body would only be parsed when theContent-Typeheader wasapplication/json. When expecting text (ie when@Body()has typestring), the body would only be parsed when theContent-Typeheader wastext/plain. This is unexpected, since Alterior provides no manner to validate theContent-Typefield without using custom middleware. Now the body is parsed as the expected type regardless ofContent-Type.
- Fixes an issue where a request's body will be unparsed if the