Comparing version 4.14.1 to 4.15.0
@@ -31,2 +31,3 @@ /*! | ||
var resolve = require('path').resolve; | ||
var setPrototyeOf = require('setprototypeof') | ||
var slice = Array.prototype.slice; | ||
@@ -98,6 +99,6 @@ | ||
// inherit protos | ||
this.request.__proto__ = parent.request; | ||
this.response.__proto__ = parent.response; | ||
this.engines.__proto__ = parent.engines; | ||
this.settings.__proto__ = parent.settings; | ||
setPrototyeOf(this.request, parent.request) | ||
setPrototyeOf(this.response, parent.response) | ||
setPrototyeOf(this.engines, parent.engines) | ||
setPrototyeOf(this.settings, parent.settings) | ||
}); | ||
@@ -232,4 +233,4 @@ | ||
fn.handle(req, res, function (err) { | ||
req.__proto__ = orig.request; | ||
res.__proto__ = orig.response; | ||
setPrototyeOf(req, orig.request) | ||
setPrototyeOf(res, orig.response) | ||
next(err); | ||
@@ -236,0 +237,0 @@ }); |
@@ -44,4 +44,12 @@ /*! | ||
app.request = { __proto__: req, app: app }; | ||
app.response = { __proto__: res, app: app }; | ||
// expose the prototype that will get set on requests | ||
app.request = Object.create(req, { | ||
app: { configurable: true, enumerable: true, writable: true, value: app } | ||
}) | ||
// expose the prototype that will get set on responses | ||
app.response = Object.create(res, { | ||
app: { configurable: true, enumerable: true, writable: true, value: app } | ||
}) | ||
app.init(); | ||
@@ -48,0 +56,0 @@ return app; |
@@ -12,2 +12,9 @@ /*! | ||
/** | ||
* Module dependencies. | ||
* @private | ||
*/ | ||
var setPrototyeOf = require('setprototypeof') | ||
/** | ||
* Initialization middleware, exposing the | ||
@@ -29,4 +36,4 @@ * request and response to each other, as well | ||
req.__proto__ = app.request; | ||
res.__proto__ = app.response; | ||
setPrototyeOf(req, app.request) | ||
setPrototyeOf(res, app.response) | ||
@@ -33,0 +40,0 @@ res.locals = res.locals || Object.create(null); |
@@ -28,9 +28,15 @@ /*! | ||
* Request prototype. | ||
* @public | ||
*/ | ||
var req = exports = module.exports = { | ||
__proto__: http.IncomingMessage.prototype | ||
}; | ||
var req = Object.create(http.IncomingMessage.prototype) | ||
/** | ||
* Module exports. | ||
* @public | ||
*/ | ||
module.exports = req | ||
/** | ||
* Return request header. | ||
@@ -360,3 +366,8 @@ * | ||
var addrs = proxyaddr.all(this, trust); | ||
return addrs.slice(1).reverse(); | ||
// reverse the order (to farthest -> closest) | ||
// and remove socket address | ||
addrs.reverse().pop() | ||
return addrs | ||
}); | ||
@@ -452,3 +463,4 @@ | ||
var method = this.method; | ||
var s = this.res.statusCode; | ||
var res = this.res | ||
var status = res.statusCode | ||
@@ -459,4 +471,7 @@ // GET or HEAD for weak freshness validation only | ||
// 2xx or 304 as per rfc2616 14.26 | ||
if ((s >= 200 && s < 300) || 304 === s) { | ||
return fresh(this.headers, (this.res._headers || {})); | ||
if ((status >= 200 && status < 300) || 304 === status) { | ||
return fresh(this.headers, { | ||
'etag': res.get('ETag'), | ||
'last-modified': res.get('Last-Modified') | ||
}) | ||
} | ||
@@ -506,2 +521,2 @@ | ||
}); | ||
}; | ||
} |
@@ -23,2 +23,3 @@ /*! | ||
var path = require('path'); | ||
var statuses = require('statuses') | ||
var merge = require('utils-merge'); | ||
@@ -29,3 +30,2 @@ var sign = require('cookie-signature').sign; | ||
var setCharset = require('./utils').setCharset; | ||
var statusCodes = http.STATUS_CODES; | ||
var cookie = require('cookie'); | ||
@@ -40,9 +40,15 @@ var send = require('send'); | ||
* Response prototype. | ||
* @public | ||
*/ | ||
var res = module.exports = { | ||
__proto__: http.ServerResponse.prototype | ||
}; | ||
var res = Object.create(http.ServerResponse.prototype) | ||
/** | ||
* Module exports. | ||
* @public | ||
*/ | ||
module.exports = res | ||
/** | ||
* Module variables. | ||
@@ -135,3 +141,3 @@ * @private | ||
this.statusCode = chunk; | ||
chunk = statusCodes[chunk]; | ||
chunk = statuses[chunk] | ||
} | ||
@@ -341,3 +347,3 @@ | ||
res.sendStatus = function sendStatus(statusCode) { | ||
var body = statusCodes[statusCode] || String(statusCode); | ||
var body = statuses[statusCode] || String(statusCode) | ||
@@ -884,3 +890,3 @@ this.statusCode = statusCode; | ||
text: function(){ | ||
body = statusCodes[status] + '. Redirecting to ' + address; | ||
body = statuses[status] + '. Redirecting to ' + address | ||
}, | ||
@@ -890,3 +896,3 @@ | ||
var u = escapeHtml(address); | ||
body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'; | ||
body = '<p>' + statuses[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>' | ||
}, | ||
@@ -893,0 +899,0 @@ |
@@ -24,2 +24,3 @@ /*! | ||
var parseUrl = require('parseurl'); | ||
var setPrototypeOf = require('setprototypeof') | ||
@@ -51,3 +52,3 @@ /** | ||
// mixin Router class functions | ||
router.__proto__ = proto; | ||
setPrototypeOf(router, proto) | ||
@@ -142,7 +143,4 @@ router.params = {}; | ||
var search = 1 + req.url.indexOf('?'); | ||
var pathlength = search ? search - 1 : req.url.length; | ||
var fqdn = req.url[0] !== '/' && 1 + req.url.substr(0, pathlength).indexOf('://'); | ||
var protohost = fqdn ? req.url.substr(0, req.url.indexOf('/', 2 + fqdn)) : ''; | ||
var idx = 0; | ||
var protohost = getProtohost(req.url) || '' | ||
var removed = ''; | ||
@@ -199,2 +197,8 @@ var slashAdded = false; | ||
// signal to exit router | ||
if (layerError === 'router') { | ||
setImmediate(done, null) | ||
return | ||
} | ||
// no more matching layers | ||
@@ -289,8 +293,9 @@ if (idx >= stack.length) { | ||
function trim_prefix(layer, layerError, layerPath, path) { | ||
var c = path[layerPath.length]; | ||
if (c && '/' !== c && '.' !== c) return next(layerError); | ||
if (layerPath.length !== 0) { | ||
// Validate path breaks on a path separator | ||
var c = path[layerPath.length] | ||
if (c && c !== '/' && c !== '.') return next(layerError) | ||
// Trim off the part of the url that matches the route | ||
// middleware (.use stuff) needs to have the path stripped | ||
if (layerPath.length !== 0) { | ||
// Trim off the part of the url that matches the route | ||
// middleware (.use stuff) needs to have the path stripped | ||
debug('trim prefix (%s) from url %s', layerPath, req.url); | ||
@@ -301,3 +306,3 @@ removed = layerPath; | ||
// Ensure leading slash | ||
if (!fqdn && req.url[0] !== '/') { | ||
if (!protohost && req.url[0] !== '/') { | ||
req.url = '/' + req.url; | ||
@@ -360,7 +365,2 @@ slashAdded = true; | ||
key = keys[i++]; | ||
if (!key) { | ||
return done(); | ||
} | ||
name = key.name; | ||
@@ -469,3 +469,3 @@ paramVal = req.params[name]; | ||
// add the middleware | ||
debug('use %s %s', path, fn.name || '<anonymous>'); | ||
debug('use %o %s', path, fn.name || '<anonymous>') | ||
@@ -542,2 +542,19 @@ var layer = new Layer(path, { | ||
// Get get protocol + host for a URL | ||
function getProtohost(url) { | ||
if (typeof url !== 'string' || url.length === 0 || url[0] === '/') { | ||
return undefined | ||
} | ||
var searchIndex = url.indexOf('?') | ||
var pathLength = searchIndex !== -1 | ||
? searchIndex | ||
: url.length | ||
var fqdnIndex = url.substr(0, pathLength).indexOf('://') | ||
return fqdnIndex !== -1 | ||
? url.substr(0, url.indexOf('/', 3 + fqdnIndex)) | ||
: undefined | ||
} | ||
// get type for error message | ||
@@ -544,0 +561,0 @@ function gettype(obj) { |
@@ -38,3 +38,3 @@ /*! | ||
debug('new %s', path); | ||
debug('new %o', path) | ||
var opts = options || {}; | ||
@@ -48,5 +48,5 @@ | ||
if (path === '/' && opts.end === false) { | ||
this.regexp.fast_slash = true; | ||
} | ||
// set fast path flags | ||
this.regexp.fast_star = path === '*' | ||
this.regexp.fast_slash = path === '/' && opts.end === false | ||
} | ||
@@ -113,19 +113,24 @@ | ||
Layer.prototype.match = function match(path) { | ||
if (path == null) { | ||
// no path, nothing matches | ||
this.params = undefined; | ||
this.path = undefined; | ||
return false; | ||
} | ||
var match | ||
if (this.regexp.fast_slash) { | ||
// fast path non-ending match for / (everything matches) | ||
this.params = {}; | ||
this.path = ''; | ||
return true; | ||
if (path != null) { | ||
// fast path non-ending match for / (any path matches) | ||
if (this.regexp.fast_slash) { | ||
this.params = {} | ||
this.path = '' | ||
return true | ||
} | ||
// fast path for * (everything matched in a param) | ||
if (this.regexp.fast_star) { | ||
this.params = {'0': decode_param(path)} | ||
this.path = path | ||
return true | ||
} | ||
// match the path | ||
match = this.regexp.exec(path) | ||
} | ||
var m = this.regexp.exec(path); | ||
if (!m) { | ||
if (!match) { | ||
this.params = undefined; | ||
@@ -138,3 +143,3 @@ this.path = undefined; | ||
this.params = {}; | ||
this.path = m[0]; | ||
this.path = match[0] | ||
@@ -144,6 +149,6 @@ var keys = this.keys; | ||
for (var i = 1; i < m.length; i++) { | ||
for (var i = 1; i < match.length; i++) { | ||
var key = keys[i - 1]; | ||
var prop = key.name; | ||
var val = decode_param(m[i]); | ||
var val = decode_param(match[i]) | ||
@@ -150,0 +155,0 @@ if (val !== undefined || !(hasOwnProperty.call(params, prop))) { |
@@ -47,3 +47,3 @@ /*! | ||
debug('new %s', path); | ||
debug('new %o', path) | ||
@@ -116,2 +116,3 @@ // route handlers for various http methods | ||
function next(err) { | ||
// signal to exit route | ||
if (err && err === 'route') { | ||
@@ -121,2 +122,7 @@ return done(); | ||
// signal to exit router | ||
if (err && err === 'router') { | ||
return done(err) | ||
} | ||
var layer = stack[idx++]; | ||
@@ -202,3 +208,3 @@ if (!layer) { | ||
debug('%s %s', method, this.path); | ||
debug('%s %o', method, this.path) | ||
@@ -205,0 +211,0 @@ var layer = Layer('/', {}, handle); |
@@ -78,3 +78,5 @@ /*! | ||
// load engine | ||
opts.engines[this.ext] = require(this.ext.substr(1)).__express; | ||
var mod = this.ext.substr(1) | ||
debug('require "%s"', mod) | ||
opts.engines[this.ext] = require(mod).__express | ||
} | ||
@@ -81,0 +83,0 @@ |
{ | ||
"name": "express", | ||
"description": "Fast, unopinionated, minimalist web framework", | ||
"version": "4.14.1", | ||
"version": "4.15.0", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -36,9 +36,9 @@ "contributors": [ | ||
"cookie-signature": "1.0.6", | ||
"debug": "~2.2.0", | ||
"debug": "2.6.1", | ||
"depd": "~1.1.0", | ||
"encodeurl": "~1.0.1", | ||
"escape-html": "~1.0.3", | ||
"etag": "~1.7.0", | ||
"finalhandler": "0.5.1", | ||
"fresh": "0.3.0", | ||
"etag": "~1.8.0", | ||
"finalhandler": "~1.0.0", | ||
"fresh": "0.5.0", | ||
"merge-descriptors": "1.0.1", | ||
@@ -50,6 +50,8 @@ "methods": "~1.1.2", | ||
"proxy-addr": "~1.1.3", | ||
"qs": "6.2.0", | ||
"qs": "6.3.1", | ||
"range-parser": "~1.2.0", | ||
"send": "0.14.2", | ||
"serve-static": "~1.11.2", | ||
"send": "0.15.0", | ||
"serve-static": "1.12.0", | ||
"setprototypeof": "1.0.3", | ||
"statuses": "~1.3.1", | ||
"type-is": "~1.6.14", | ||
@@ -61,12 +63,13 @@ "utils-merge": "1.0.0", | ||
"after": "0.8.2", | ||
"body-parser": "1.16.0", | ||
"body-parser": "1.17.0", | ||
"cookie-parser": "~1.4.3", | ||
"ejs": "2.5.5", | ||
"express-session": "1.15.0", | ||
"ejs": "2.5.6", | ||
"express-session": "1.15.1", | ||
"istanbul": "0.4.5", | ||
"marked": "0.3.6", | ||
"method-override": "~2.3.6", | ||
"method-override": "2.3.7", | ||
"mocha": "3.2.0", | ||
"morgan": "~1.7.0", | ||
"morgan": "1.8.1", | ||
"multiparty": "4.1.3", | ||
"pbkdf2-password": "1.2.1", | ||
"should": "11.2.0", | ||
@@ -73,0 +76,0 @@ "supertest": "1.2.0", |
@@ -40,3 +40,3 @@ [![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/) | ||
* [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/strongloop/expressjs.com)] | ||
* [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)] | ||
* [#express](https://webchat.freenode.net/?channels=express) on freenode IRC | ||
@@ -43,0 +43,0 @@ * [Github Organization](https://github.com/expressjs) for Official Middleware & Modules |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
197797
3327
28
18
+ Addedsetprototypeof@1.0.3
+ Addedstatuses@~1.3.1
+ Addeddebug@2.6.12.6.9(transitive)
+ Addedetag@1.8.1(transitive)
+ Addedfinalhandler@1.0.6(transitive)
+ Addedfresh@0.5.0(transitive)
+ Addedhttp-errors@1.6.3(transitive)
+ Addedms@2.0.0(transitive)
+ Addedqs@6.3.1(transitive)
+ Addedsend@0.15.0(transitive)
+ Addedserve-static@1.12.0(transitive)
+ Addedsetprototypeof@1.0.31.1.0(transitive)
+ Addedstatuses@1.5.0(transitive)
- Removeddebug@2.2.0(transitive)
- Removedetag@1.7.0(transitive)
- Removedfinalhandler@0.5.1(transitive)
- Removedfresh@0.3.0(transitive)
- Removedhttp-errors@1.5.1(transitive)
- Removedms@0.7.1(transitive)
- Removedqs@6.2.0(transitive)
- Removedsend@0.14.2(transitive)
- Removedserve-static@1.11.2(transitive)
- Removedsetprototypeof@1.0.2(transitive)
Updateddebug@2.6.1
Updatedetag@~1.8.0
Updatedfinalhandler@~1.0.0
Updatedfresh@0.5.0
Updatedqs@6.3.1
Updatedsend@0.15.0
Updatedserve-static@1.12.0