New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

miniflare

Package Overview
Dependencies
Maintainers
2
Versions
809
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

miniflare - npm Package Compare versions

Comparing version 3.20231030.2 to 3.20231030.3

14

dist/src/workers/core/entry.worker.js

@@ -586,3 +586,3 @@ // ../../node_modules/.pnpm/kleur@4.1.5/node_modules/kleur/colors.mjs

// src/workers/core/proxy.worker.ts
var ENCODER = new TextEncoder(), DECODER = new TextDecoder(), WORKERS_PLATFORM_IMPL = {
var ENCODER = new TextEncoder(), DECODER = new TextDecoder(), ALLOWED_HOSTNAMES = ["127.0.0.1", "[::1]", "localhost"], WORKERS_PLATFORM_IMPL = {
Blob,

@@ -656,2 +656,12 @@ File,

async #fetch(request) {
let hostHeader = request.headers.get("Host");
if (hostHeader == null)
return new Response(null, { status: 400 });
try {
let host = new URL(`http://${hostHeader}`);
if (!ALLOWED_HOSTNAMES.includes(host.hostname))
return new Response(null, { status: 401 });
} catch {
return new Response(null, { status: 400 });
}
let secretHex = request.headers.get(CoreHeaders.OP_SECRET);

@@ -661,3 +671,3 @@ if (secretHex == null)

let expectedSecret = this.env[CoreBindings.DATA_PROXY_SECRET], secretBuffer = Buffer2.from(secretHex, "hex");
if (!crypto.subtle.timingSafeEqual(secretBuffer, expectedSecret))
if (secretBuffer.byteLength !== expectedSecret.byteLength || !crypto.subtle.timingSafeEqual(secretBuffer, expectedSecret))
return new Response(null, { status: 401 });

@@ -664,0 +674,0 @@ let opHeader = request.headers.get(CoreHeaders.OP), targetHeader = request.headers.get(CoreHeaders.OP_TARGET), keyHeader = request.headers.get(CoreHeaders.OP_KEY), allowAsync = request.headers.get(CoreHeaders.OP_SYNC) === null, argsSizeHeader = request.headers.get(CoreHeaders.OP_STRINGIFIED_SIZE), contentLengthHeader = request.headers.get("Content-Length");

2

dist/src/workers/shared/index.worker.js

@@ -231,3 +231,3 @@ // src/workers/shared/blob.worker.ts

let stmtGetBlobIdByKey = db.stmt(
"SELECT blob_id FROM _mf_entries WHERE :key"
"SELECT blob_id FROM _mf_entries WHERE key = :key"
), stmtPut = db.stmt(

@@ -234,0 +234,0 @@ `INSERT OR REPLACE INTO _mf_entries (key, blob_id, expiration, metadata)

2

package.json
{
"name": "miniflare",
"version": "3.20231030.2",
"version": "3.20231030.3",
"description": "Fun, full-featured, fully-local simulator for Cloudflare Workers",

@@ -5,0 +5,0 @@ "keywords": [

dist/src/workers/core/entry.worker.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc