http://git-wip-us.apache.org/repos/asf/incubator-griffin-site/blob/ca1c37a7/node_modules/connect/HISTORY.md ---------------------------------------------------------------------- diff --git a/node_modules/connect/HISTORY.md b/node_modules/connect/HISTORY.md deleted file mode 100644 index 3c48e26..0000000 --- a/node_modules/connect/HISTORY.md +++ /dev/null @@ -1,2443 +0,0 @@ -3.6.0 / 2017-02-17 -================== - - * deps: debug@2.6.1 - - Allow colors in workers - - Deprecated `DEBUG_FD` environment variable set to `3` or higher - - Fix error when running under React Native - - Use same color for same namespace - - deps: ms@0.7.2 - * deps: finalhandler@1.0.0 - - Fix exception when `err` cannot be converted to a string - - Fully URL-encode the pathname in the 404 - - Only include the pathname in the 404 message - - Send complete HTML document - - Set `Content-Security-Policy: default-src 'self'` header - - deps: debug@2.6.1 - -3.5.1 / 2017-02-12 -================== - - * deps: finalhandler@0.5.1 - - Fix exception when `err.headers` is not an object - - deps: statuses@~1.3.1 - - perf: hoist regular expressions - - perf: remove duplicate validation path - -3.5.0 / 2016-09-09 -================== - - * deps: finalhandler@0.5.0 - - Change invalid or non-numeric status code to 500 - - Overwrite status message to match set status code - - Prefer `err.statusCode` if `err.status` is invalid - - Set response headers from `err.headers` object - - Use `statuses` instead of `http` module for status messages - -3.4.1 / 2016-01-23 -================== - - * deps: finalhandler@0.4.1 - - deps: escape-html@~1.0.3 - * deps: parseurl@~1.3.1 - - perf: enable strict mode - -3.4.0 / 2015-06-18 -================== - - * deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: finalhandler@0.4.0 - - Fix a false-positive when unpiping in Node.js 0.8 - - Support `statusCode` property on `Error` objects - - Use `unpipe` module for unpiping requests - - deps: debug@~2.2.0 - - deps: escape-html@1.0.2 - - deps: on-finished@~2.3.0 - - perf: enable strict mode - - perf: remove argument reassignment - * perf: enable strict mode - * perf: remove argument reassignments - -3.3.5 / 2015-03-16 -================== - - * deps: debug@~2.1.3 - - Fix high intensity foreground color for bold - - deps: ms@0.7.0 - * deps: finalhandler@0.3.4 - - deps: debug@~2.1.3 - -3.3.4 / 2015-01-07 -================== - - * deps: debug@~2.1.1 - * deps: finalhandler@0.3.3 - - deps: debug@~2.1.1 - - deps: on-finished@~2.2.0 - -3.3.3 / 2014-11-09 -================== - - * Correctly invoke async callback asynchronously - -3.3.2 / 2014-10-28 -================== - - * Fix handling of URLs containing `://` in the path - -3.3.1 / 2014-10-22 -================== - - * deps: finalhandler@0.3.2 - - deps: on-finished@~2.1.1 - -3.3.0 / 2014-10-17 -================== - - * deps: debug@~2.1.0 - - Implement `DEBUG_FD` env variable support - * deps: finalhandler@0.3.1 - - Terminate in progress response only on error - - Use `on-finished` to determine request status - - deps: debug@~2.1.0 - -3.2.0 / 2014-09-08 -================== - - * deps: debug@~2.0.0 - * deps: finalhandler@0.2.0 - - Set `X-Content-Type-Options: nosniff` header - - deps: debug@~2.0.0 - -3.1.1 / 2014-08-10 -================== - - * deps: parseurl@~1.3.0 - -3.1.0 / 2014-07-22 -================== - - * deps: debug@1.0.4 - * deps: finalhandler@0.1.0 - - Respond after request fully read - - deps: debug@1.0.4 - * deps: parseurl@~1.2.0 - - Cache URLs based on original value - - Remove no-longer-needed URL mis-parse work-around - - Simplify the "fast-path" `RegExp` - * perf: reduce executed logic in routing - * perf: refactor location of `try` block - -3.0.2 / 2014-07-10 -================== - - * deps: debug@1.0.3 - - Add support for multiple wildcards in namespaces - * deps: parseurl@~1.1.3 - - faster parsing of href-only URLs - -3.0.1 / 2014-06-19 -================== - - * use `finalhandler` for final response handling - * deps: debug@1.0.2 - -3.0.0 / 2014-05-29 -================== - - * No changes - -3.0.0-rc.2 / 2014-05-04 -======================= - - * Call error stack even when response has been sent - * Prevent default 404 handler after response sent - * dep: debug@0.8.1 - * encode stack in HTML for default error handler - * remove `proto` export - -3.0.0-rc.1 / 2014-03-06 -======================= - - * move middleware to separate repos - * remove docs - * remove node patches - * remove connect(middleware...) - * remove the old `connect.createServer()` method - * remove various private `connect.utils` functions - * drop node.js 0.8 support - -2.30.2 / 2015-07-31 -=================== - - * deps: body-parser@~1.13.3 - - deps: type-is@~1.6.6 - * deps: compression@~1.5.2 - - deps: accepts@~1.2.12 - - deps: compressible@~2.0.5 - - deps: vary@~1.0.1 - * deps: errorhandler@~1.4.2 - - deps: accepts@~1.2.12 - * deps: method-override@~2.3.5 - - deps: vary@~1.0.1 - - perf: enable strict mode - * deps: serve-index@~1.7.2 - - deps: accepts@~1.2.12 - - deps: mime-types@~2.1.4 - * deps: type-is@~1.6.6 - - deps: mime-types@~2.1.4 - * deps: vhost@~3.0.1 - - perf: enable strict mode - -2.30.1 / 2015-07-05 -=================== - - * deps: body-parser@~1.13.2 - - deps: iconv-lite@0.4.11 - - deps: qs@4.0.0 - - deps: raw-body@~2.1.2 - - deps: type-is@~1.6.4 - * deps: compression@~1.5.1 - - deps: accepts@~1.2.10 - - deps: compressible@~2.0.4 - * deps: errorhandler@~1.4.1 - - deps: accepts@~1.2.10 - * deps: qs@4.0.0 - - Fix dropping parameters like `hasOwnProperty` - - Fix various parsing edge cases - * deps: morgan@~1.6.1 - - deps: basic-auth@~1.0.3 - * deps: pause@0.1.0 - - Re-emit events with all original arguments - - Refactor internals - - perf: enable strict mode - * deps: serve-index@~1.7.1 - - deps: accepts@~1.2.10 - - deps: mime-types@~2.1.2 - * deps: type-is@~1.6.4 - - deps: mime-types@~2.1.2 - - perf: enable strict mode - - perf: remove argument reassignment - -2.30.0 / 2015-06-18 -=================== - - * deps: body-parser@~1.13.1 - - Add `statusCode` property on `Error`s, in addition to `status` - - Change `type` default to `application/json` for JSON parser - - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser - - Provide static `require` analysis - - Use the `http-errors` module to generate errors - - deps: bytes@2.1.0 - - deps: iconv-lite@0.4.10 - - deps: on-finished@~2.3.0 - - deps: raw-body@~2.1.1 - - deps: type-is@~1.6.3 - - perf: enable strict mode - - perf: remove argument reassignment - - perf: remove delete call - * deps: bytes@2.1.0 - - Slight optimizations - - Units no longer case sensitive when parsing - * deps: compression@~1.5.0 - - Fix return value from `.end` and `.write` after end - - Improve detection of zero-length body without `Content-Length` - - deps: accepts@~1.2.9 - - deps: bytes@2.1.0 - - deps: compressible@~2.0.3 - - perf: enable strict mode - - perf: remove flush reassignment - - perf: simplify threshold detection - * deps: cookie@0.1.3 - - Slight optimizations - * deps: cookie-parser@~1.3.5 - - deps: cookie@0.1.3 - * deps: csurf@~1.8.3 - - Add `sessionKey` option - - deps: cookie@0.1.3 - - deps: csrf@~3.0.0 - * deps: errorhandler@~1.4.0 - - Add charset to the `Content-Type` header - - Support `statusCode` property on `Error` objects - - deps: accepts@~1.2.9 - - deps: escape-html@1.0.2 - * deps: express-session@~1.11.3 - - Support an array in `secret` option for key rotation - - deps: cookie@0.1.3 - - deps: crc@3.3.0 - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: uid-safe@~2.0.0 - * deps: finalhandler@0.4.0 - - Fix a false-positive when unpiping in Node.js 0.8 - - Support `statusCode` property on `Error` objects - - Use `unpipe` module for unpiping requests - - deps: escape-html@1.0.2 - - deps: on-finished@~2.3.0 - - perf: enable strict mode - - perf: remove argument reassignment - * deps: fresh@0.3.0 - - Add weak `ETag` matching support - * deps: morgan@~1.6.0 - - Add `morgan.compile(format)` export - - Do not color 1xx status codes in `dev` format - - Fix `response-time` token to not include response latency - - Fix `status` token incorrectly displaying before response in `dev` format - - Fix token return values to be `undefined` or a string - - Improve representation of multiple headers in `req` and `res` tokens - - Use `res.getHeader` in `res` token - - deps: basic-auth@~1.0.2 - - deps: on-finished@~2.3.0 - - pref: enable strict mode - - pref: reduce function closure scopes - - pref: remove dynamic compile on every request for `dev` format - - pref: remove an argument reassignment - - pref: skip function call without `skip` option - * deps: serve-favicon@~2.3.0 - - Send non-chunked response for `OPTIONS` - - deps: etag@~1.7.0 - - deps: fresh@0.3.0 - - perf: enable strict mode - - perf: remove argument reassignment - - perf: remove bitwise operations - * deps: serve-index@~1.7.0 - - Accept `function` value for `template` option - - Send non-chunked response for `OPTIONS` - - Stat parent directory when necessary - - Use `Date.prototype.toLocaleDateString` to format date - - deps: accepts@~1.2.9 - - deps: escape-html@1.0.2 - - deps: mime-types@~2.1.1 - - perf: enable strict mode - - perf: remove argument reassignment - * deps: serve-static@~1.10.0 - - Add `fallthrough` option - - Fix reading options from options prototype - - Improve the default redirect response headers - - Malformed URLs now `next()` instead of 400 - - deps: escape-html@1.0.2 - - deps: send@0.13.0 - - perf: enable strict mode - - perf: remove argument reassignment - * deps: type-is@~1.6.3 - - deps: mime-types@~2.1.1 - - perf: reduce try block size - - perf: remove bitwise operations - -2.29.2 / 2015-05-14 -=================== - - * deps: body-parser@~1.12.4 - - Slight efficiency improvement when not debugging - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: iconv-lite@0.4.8 - - deps: on-finished@~2.2.1 - - deps: qs@2.4.2 - - deps: raw-body@~2.0.1 - - deps: type-is@~1.6.2 - * deps: compression@~1.4.4 - - deps: accepts@~1.2.7 - - deps: debug@~2.2.0 - * deps: connect-timeout@~1.6.2 - - deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: depd@~1.0.1 - * deps: errorhandler@~1.3.6 - - deps: accepts@~1.2.7 - * deps: finalhandler@0.3.6 - - deps: debug@~2.2.0 - - deps: on-finished@~2.2.1 - * deps: method-override@~2.3.3 - - deps: debug@~2.2.0 - * deps: morgan@~1.5.3 - - deps: basic-auth@~1.0.1 - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: on-finished@~2.2.1 - * deps: qs@2.4.2 - - Fix allowing parameters like `constructor` - * deps: response-time@~2.3.1 - - deps: depd@~1.0.1 - * deps: serve-favicon@~2.2.1 - - deps: etag@~1.6.0 - - deps: ms@0.7.1 - * deps: serve-index@~1.6.4 - - deps: accepts@~1.2.7 - - deps: debug@~2.2.0 - - deps: mime-types@~2.0.11 - * deps: serve-static@~1.9.3 - - deps: send@0.12.3 - * deps: type-is@~1.6.2 - - deps: mime-types@~2.0.11 - -2.29.1 / 2015-03-16 -=================== - - * deps: body-parser@~1.12.2 - - deps: debug@~2.1.3 - - deps: qs@2.4.1 - - deps: type-is@~1.6.1 - * deps: compression@~1.4.3 - - Fix error when code calls `res.end(str, encoding)` - - deps: accepts@~1.2.5 - - deps: debug@~2.1.3 - * deps: connect-timeout@~1.6.1 - - deps: debug@~2.1.3 - * deps: debug@~2.1.3 - - Fix high intensity foreground color for bold - - deps: ms@0.7.0 - * deps: errorhandler@~1.3.5 - - deps: accepts@~1.2.5 - * deps: express-session@~1.10.4 - - deps: debug@~2.1.3 - * deps: finalhandler@0.3.4 - - deps: debug@~2.1.3 - * deps: method-override@~2.3.2 - - deps: debug@~2.1.3 - * deps: morgan@~1.5.2 - - deps: debug@~2.1.3 - * deps: qs@2.4.1 - - Fix error when parameter `hasOwnProperty` is present - * deps: serve-index@~1.6.3 - - Properly escape file names in HTML - - deps: accepts@~1.2.5 - - deps: debug@~2.1.3 - - deps: escape-html@1.0.1 - - deps: mime-types@~2.0.10 - * deps: serve-static@~1.9.2 - - deps: send@0.12.2 - * deps: type-is@~1.6.1 - - deps: mime-types@~2.0.10 - -2.29.0 / 2015-02-17 -=================== - - * Use `content-type` to parse `Content-Type` headers - * deps: body-parser@~1.12.0 - - add `debug` messages - - accept a function for the `type` option - - make internal `extended: true` depth limit infinity - - use `content-type` to parse `Content-Type` headers - - deps: iconv-lite@0.4.7 - - deps: raw-body@1.3.3 - - deps: type-is@~1.6.0 - * deps: compression@~1.4.1 - - Prefer `gzip` over `deflate` on the server - - deps: accepts@~1.2.4 - * deps: connect-timeout@~1.6.0 - - deps: http-errors@~1.3.1 - * deps: cookie-parser@~1.3.4 - - deps: cookie-signature@1.0.6 - * deps: cookie-signature@1.0.6 - * deps: csurf@~1.7.0 - - Accept `CSRF-Token` and `XSRF-Token` request headers - - Default `cookie.path` to `'/'`, if using cookies - - deps: cookie-signature@1.0.6 - - deps: csrf@~2.0.6 - - deps: http-errors@~1.3.1 - * deps: errorhandler@~1.3.4 - - deps: accepts@~1.2.4 - * deps: express-session@~1.10.3 - - deps: cookie-signature@1.0.6 - - deps: uid-safe@1.1.0 - * deps: http-errors@~1.3.1 - - Construct errors using defined constructors from `createError` - - Fix error names that are not identifiers - - Set a meaningful `name` property on constructed errors - * deps: response-time@~2.3.0 - - Add function argument to support recording of response time - * deps: serve-index@~1.6.2 - - deps: accepts@~1.2.4 - - deps: http-errors@~1.3.1 - - deps: mime-types@~2.0.9 - * deps: serve-static@~1.9.1 - - deps: send@0.12.1 - * deps: type-is@~1.6.0 - - fix argument reassignment - - fix false-positives in `hasBody` `Transfer-Encoding` check - - support wildcard for both type and subtype (`*/*`) - - deps: mime-types@~2.0.9 - -2.28.3 / 2015-01-31 -=================== - - * deps: compression@~1.3.1 - - deps: accepts@~1.2.3 - - deps: compressible@~2.0.2 - * deps: csurf@~1.6.6 - - deps: csrf@~2.0.5 - * deps: errorhandler@~1.3.3 - - deps: accepts@~1.2.3 - * deps: express-session@~1.10.2 - - deps: uid-safe@1.0.3 - * deps: serve-index@~1.6.1 - - deps: accepts@~1.2.3 - - deps: mime-types@~2.0.8 - * deps: type-is@~1.5.6 - - deps: mime-types@~2.0.8 - -2.28.2 / 2015-01-20 -=================== - - * deps: body-parser@~1.10.2 - - deps: iconv-lite@0.4.6 - - deps: raw-body@1.3.2 - * deps: serve-static@~1.8.1 - - Fix redirect loop in Node.js 0.11.14 - - Fix root path disclosure - - deps: send@0.11.1 - -2.28.1 / 2015-01-08 -=================== - - * deps: csurf@~1.6.5 - - deps: csrf@~2.0.4 - * deps: express-session@~1.10.1 - - deps: uid-safe@~1.0.2 - -2.28.0 / 2015-01-05 -=================== - - * deps: body-parser@~1.10.1 - - Make internal `extended: true` array limit dynamic - - deps: on-finished@~2.2.0 - - deps: type-is@~1.5.5 - * deps: compression@~1.3.0 - - Export the default `filter` function for wrapping - - deps: accepts@~1.2.2 - - deps: debug@~2.1.1 - * deps: connect-timeout@~1.5.0 - - deps: debug@~2.1.1 - - deps: http-errors@~1.2.8 - - deps: ms@0.7.0 - * deps: csurf@~1.6.4 - - deps: csrf@~2.0.3 - - deps: http-errors@~1.2.8 - * deps: debug@~2.1.1 - * deps: errorhandler@~1.3.2 - - Add `log` option - - Fix heading content to not include stack - - deps: accepts@~1.2.2 - * deps: express-session@~1.10.0 - - Add `store.touch` interface for session stores - - Fix `MemoryStore` expiration with `resave: false` - - deps: debug@~2.1.1 - * deps: finalhandler@0.3.3 - - deps: debug@~2.1.1 - - deps: on-finished@~2.2.0 - * deps: method-override@~2.3.1 - - deps: debug@~2.1.1 - - deps: methods@~1.1.1 - * deps: morgan@~1.5.1 - - Add multiple date formats `clf`, `iso`, and `web` - - Deprecate `buffer` option - - Fix date format in `common` and `combined` formats - - Fix token arguments to accept values with `"` - - deps: debug@~2.1.1 - - deps: on-finished@~2.2.0 - * deps: serve-favicon@~2.2.0 - - Support query string in the URL - - deps: etag@~1.5.1 - - deps: ms@0.7.0 - * deps: serve-index@~1.6.0 - - Add link to root directory - - deps: accepts@~1.2.2 - - deps: batch@0.5.2 - - deps: debug@~2.1.1 - - deps: mime-types@~2.0.7 - * deps: serve-static@~1.8.0 - - Fix potential open redirect when mounted at root - - deps: send@0.11.0 - * deps: type-is@~1.5.5 - - deps: mime-types@~2.0.7 - -2.27.6 / 2014-12-10 -=================== - - * deps: serve-index@~1.5.3 - - deps: accepts@~1.1.4 - - deps: http-errors@~1.2.8 - - deps: mime-types@~2.0.4 - -2.27.5 / 2014-12-10 -=================== - - * deps: compression@~1.2.2 - - Fix `.end` to only proxy to `.end` - - deps: accepts@~1.1.4 - * deps: express-session@~1.9.3 - - Fix error when `req.sessionID` contains a non-string value - * deps: http-errors@~1.2.8 - - Fix stack trace from exported function - - Remove `arguments.callee` usage - * deps: serve-index@~1.5.2 - - Fix icon name background alignment on mobile view - * deps: type-is@~1.5.4 - - deps: mime-types@~2.0.4 - -2.27.4 / 2014-11-23 -=================== - - * deps: body-parser@~1.9.3 - - deps: iconv-lite@0.4.5 - - deps: qs@2.3.3 - - deps: raw-body@1.3.1 - - deps: type-is@~1.5.3 - * deps: compression@~1.2.1 - - deps: accepts@~1.1.3 - * deps: errorhandler@~1.2.3 - - deps: accepts@~1.1.3 - * deps: express-session@~1.9.2 - - deps: crc@3.2.1 - * deps: qs@2.3.3 - - Fix `arrayLimit` behavior - * deps: serve-favicon@~2.1.7 - - Avoid errors from enumerables on `Object.prototype` - * deps: serve-index@~1.5.1 - - deps: accepts@~1.1.3 - - deps: mime-types@~2.0.3 - * deps: type-is@~1.5.3 - - deps: mime-types@~2.0.3 - -2.27.3 / 2014-11-09 -=================== - - * Correctly invoke async callback asynchronously - * deps: csurf@~1.6.3 - - bump csrf - - bump http-errors - -2.27.2 / 2014-10-28 -=================== - - * Fix handling of URLs containing `://` in the path - * deps: body-parser@~1.9.2 - - deps: qs@2.3.2 - * deps: qs@2.3.2 - - Fix parsing of mixed objects and values - -2.27.1 / 2014-10-22 -=================== - - * deps: body-parser@~1.9.1 - - deps: on-finished@~2.1.1 - - deps: qs@2.3.0 - - deps: type-is@~1.5.2 - * deps: express-session@~1.9.1 - - Remove unnecessary empty write call - * deps: finalhandler@0.3.2 - - deps: on-finished@~2.1.1 - * deps: morgan@~1.4.1 - - deps: on-finished@~2.1.1 - * deps: qs@2.3.0 - - Fix parsing of mixed implicit and explicit arrays - * deps: serve-static@~1.7.1 - - deps: send@0.10.1 - -2.27.0 / 2014-10-16 -=================== - - * Use `http-errors` module for creating errors - * Use `utils-merge` module for merging objects - * deps: body-parser@~1.9.0 - - include the charset in "unsupported charset" error message - - include the encoding in "unsupported content encoding" error message - - deps: depd@~1.0.0 - * deps: compression@~1.2.0 - - deps: debug@~2.1.0 - * deps: connect-timeout@~1.4.0 - - Create errors with `http-errors` - - deps: debug@~2.1.0 - * deps: debug@~2.1.0 - - Implement `DEBUG_FD` env variable support - * deps: depd@~1.0.0 - * deps: express-session@~1.9.0 - - deps: debug@~2.1.0 - - deps: depd@~1.0.0 - * deps: finalhandler@0.3.1 - - Terminate in progress response only on error - - Use `on-finished` to determine request status - - deps: debug@~2.1.0 - * deps: method-override@~2.3.0 - - deps: debug@~2.1.0 - * deps: morgan@~1.4.0 - - Add `debug` messages - - deps: depd@~1.0.0 - * deps: response-time@~2.2.0 - - Add `header` option for custom header name - - Add `suffix` option - - Change `digits` argument to an `options` argument - - deps: depd@~1.0.0 - * deps: serve-favicon@~2.1.6 - - deps: etag@~1.5.0 - * deps: serve-index@~1.5.0 - - Add `dir` argument to `filter` function - - Add icon for mkv files - - Create errors with `http-errors` - - Fix incorrect 403 on Windows and Node.js 0.11 - - Lookup icon by mime type for greater icon support - - Support using tokens multiple times - - deps: accepts@~1.1.2 - - deps: debug@~2.1.0 - - deps: mime-types@~2.0.2 - * deps: serve-static@~1.7.0 - - deps: send@0.10.0 - -2.26.6 / 2014-10-15 -=================== - - * deps: compression@~1.1.2 - - deps: accepts@~1.1.2 - - deps: compressible@~2.0.1 - * deps: csurf@~1.6.2 - - bump http-errors - - fix cookie name when using `cookie: true` - * deps: errorhandler@~1.2.2 - - deps: accepts@~1.1.2 - -2.26.5 / 2014-10-08 -=================== - - * Fix accepting non-object arguments to `logger` - * deps: serve-static@~1.6.4 - - Fix redirect loop when index file serving disabled - -2.26.4 / 2014-10-02 -=================== - - * deps: morgan@~1.3.2 - - Fix `req.ip` integration when `immediate: false` - * deps: type-is@~1.5.2 - - deps: mime-types@~2.0.2 - -2.26.3 / 2014-09-24 -=================== - - * deps: body-parser@~1.8.4 - - fix content encoding to be case-insensitive - * deps: serve-favicon@~2.1.5 - - deps: etag@~1.4.0 - * deps: serve-static@~1.6.3 - - deps: send@0.9.3 - -2.26.2 / 2014-09-19 -=================== - - * deps: body-parser@~1.8.3 - - deps: qs@2.2.4 - * deps: qs@2.2.4 - - Fix issue with object keys starting with numbers truncated - -2.26.1 / 2014-09-15 -=================== - - * deps: body-parser@~1.8.2 - - deps: depd@0.4.5 - * deps: depd@0.4.5 - * deps: express-session@~1.8.2 - - Use `crc` instead of `buffer-crc32` for speed - - deps: depd@0.4.5 - * deps: morgan@~1.3.1 - - Remove un-used `bytes` dependency - - deps: depd@0.4.5 - * deps: serve-favicon@~2.1.4 - - Fix content headers being sent in 304 response - - deps: etag@~1.3.1 - * deps: serve-static@~1.6.2 - - deps: send@0.9.2 - -2.26.0 / 2014-09-08 -=================== - - * deps: body-parser@~1.8.1 - - add `parameterLimit` option to `urlencoded` parser - - change `urlencoded` extended array limit to 100 - - make empty-body-handling consistent between chunked requests - - respond with 415 when over `parameterLimit` in `urlencoded` - - deps: media-typer@0.3.0 - - deps: qs@2.2.3 - - deps: type-is@~1.5.1 - * deps: compression@~1.1.0 - - deps: accepts@~1.1.0 - - deps: compressible@~2.0.0 - - deps: debug@~2.0.0 - * deps: connect-timeout@~1.3.0 - - deps: debug@~2.0.0 - * deps: cookie-parser@~1.3.3 - - deps: cookie-signature@1.0.5 - * deps: cookie-signature@1.0.5 - * deps: csurf@~1.6.1 - - add `ignoreMethods` option - - bump cookie-signature - - csrf-tokens -> csrf - - set `code` property on CSRF token errors - * deps: debug@~2.0.0 - * deps: errorhandler@~1.2.0 - - Display error using `util.inspect` if no other representation - - deps: accepts@~1.1.0 - * deps: express-session@~1.8.1 - - Do not resave already-saved session at end of request - - Prevent session prototype methods from being overwritten - - deps: cookie-signature@1.0.5 - - deps: debug@~2.0.0 - * deps: finalhandler@0.2.0 - - Set `X-Content-Type-Options: nosniff` header - - deps: debug@~2.0.0 - * deps: fresh@0.2.4 - * deps: media-typer@0.3.0 - - Throw error when parameter format invalid on parse - * deps: method-override@~2.2.0 - - deps: debug@~2.0.0 - * deps: morgan@~1.3.0 - - Assert if `format` is not a function or string - * deps: qs@2.2.3 - - Fix issue where first empty value in array is discarded - * deps: serve-favicon@~2.1.3 - - Accept string for `maxAge` (converted by `ms`) - - Use `etag` to generate `ETag` header - - deps: fresh@0.2.4 - * deps: serve-index@~1.2.1 - - Add `debug` messages - - Resolve relative paths at middleware setup - - deps: accepts@~1.1.0 - * deps: serve-static@~1.6.1 - - Add `lastModified` option - - deps: send@0.9.1 - * deps: type-is@~1.5.1 - - fix `hasbody` to be true for `content-length: 0` - - deps: media-typer@0.3.0 - - deps: mime-types@~2.0.1 - * deps: vhost@~3.0.0 - -2.25.10 / 2014-09-04 -==================== - - * deps: serve-static@~1.5.4 - - deps: send@0.8.5 - -2.25.9 / 2014-08-29 -=================== - - * deps: body-parser@~1.6.7 - - deps: qs@2.2.2 - * deps: qs@2.2.2 - -2.25.8 / 2014-08-27 -=================== - - * deps: body-parser@~1.6.6 - - deps: qs@2.2.0 - * deps: csurf@~1.4.1 - * deps: qs@2.2.0 - - Array parsing fix - - Performance improvements - -2.25.7 / 2014-08-18 -=================== - - * deps: body-parser@~1.6.5 - - deps: on-finished@2.1.0 - * deps: express-session@~1.7.6 - - Fix exception on `res.end(null)` calls - * deps: morgan@~1.2.3 - - deps: on-finished@2.1.0 - * deps: serve-static@~1.5.3 - - deps: send@0.8.3 - -2.25.6 / 2014-08-14 -=================== - - * deps: body-parser@~1.6.4 - - deps: qs@1.2.2 - * deps: qs@1.2.2 - * deps: serve-static@~1.5.2 - - deps: send@0.8.2 - -2.25.5 / 2014-08-11 -=================== - - * Fix backwards compatibility in `logger` - -2.25.4 / 2014-08-10 -=================== - - * Fix `query` middleware breaking with argument - - It never really took one in the first place - * deps: body-parser@~1.6.3 - - deps: qs@1.2.1 - * deps: compression@~1.0.11 - - deps: on-headers@~1.0.0 - - deps: parseurl@~1.3.0 - * deps: connect-timeout@~1.2.2 - - deps: on-headers@~1.0.0 - * deps: express-session@~1.7.5 - - Fix parsing original URL - - deps: on-headers@~1.0.0 - - deps: parseurl@~1.3.0 - * deps: method-override@~2.1.3 - * deps: on-headers@~1.0.0 - * deps: parseurl@~1.3.0 - * deps: qs@1.2.1 - * deps: response-time@~2.0.1 - - deps: on-headers@~1.0.0 - * deps: serve-index@~1.1.6 - - Fix URL parsing - * deps: serve-static@~1.5.1 - - Fix parsing of weird `req.originalUrl` values - - deps: parseurl@~1.3.0 - = deps: utils-merge@1.0.0 - -2.25.3 / 2014-08-07 -=================== - - * deps: multiparty@3.3.2 - - Fix potential double-callback - -2.25.2 / 2014-08-07 -=================== - - * deps: body-parser@~1.6.2 - - deps: qs@1.2.0 - * deps: qs@1.2.0 - - Fix parsing array of objects - -2.25.1 / 2014-08-06 -=================== - - * deps: body-parser@~1.6.1 - - deps: qs@1.1.0 - * deps: qs@1.1.0 - - Accept urlencoded square brackets - - Accept empty values in implicit array notation - -2.25.0 / 2014-08-05 -=================== - - * deps: body-parser@~1.6.0 - - deps: qs@1.0.2 - * deps: compression@~1.0.10 - - Fix upper-case Content-Type characters prevent compression - - deps: compressible@~1.1.1 - * deps: csurf@~1.4.0 - - Support changing `req.session` after `csurf` middleware - - Calling `res.csrfToken()` after `req.session.destroy()` will now work - * deps: express-session@~1.7.4 - - Fix `res.end` patch to call correct upstream `res.write` - - Fix response end delay for non-chunked responses - * deps: qs@1.0.2 - - Complete rewrite - - Limits array length to 20 - - Limits object depth to 5 - - Limits parameters to 1,000 - * deps: serve-static@~1.5.0 - - Add `extensions` option - - deps: send@0.8.1 - -2.24.3 / 2014-08-04 -=================== - - * deps: serve-index@~1.1.5 - - Fix Content-Length calculation for multi-byte file names - - deps: accepts@~1.0.7 - * deps: serve-static@~1.4.4 - - Fix incorrect 403 on Windows and Node.js 0.11 - - deps: send@0.7.4 - -2.24.2 / 2014-07-27 -=================== - - * deps: body-parser@~1.5.2 - * deps: depd@0.4.4 - - Work-around v8 generating empty stack traces - * deps: express-session@~1.7.2 - * deps: morgan@~1.2.2 - * deps: serve-static@~1.4.2 - -2.24.1 / 2014-07-26 -=================== - - * deps: body-parser@~1.5.1 - * deps: depd@0.4.3 - - Fix exception when global `Error.stackTraceLimit` is too low - * deps: express-session@~1.7.1 - * deps: morgan@~1.2.1 - * deps: serve-index@~1.1.4 - * deps: serve-static@~1.4.1 - -2.24.0 / 2014-07-22 -=================== - - * deps: body-parser@~1.5.0 - - deps: depd@0.4.2 - - deps: iconv-lite@0.4.4 - - deps: raw-body@1.3.0 - - deps: type-is@~1.3.2 - * deps: compression@~1.0.9 - - Add `debug` messages - - deps: accepts@~1.0.7 - * deps: connect-timeout@~1.2.1 - - Accept string for `time` (converted by `ms`) - - deps: debug@1.0.4 - * deps: debug@1.0.4 - * deps: depd@0.4.2 - - Add `TRACE_DEPRECATION` environment variable - - Remove non-standard grey color from color output - - Support `--no-deprecation` argument - - Support `--trace-deprecation` argument - * deps: express-session@~1.7.0 - - Improve session-ending error handling - - deps: debug@1.0.4 - - deps: depd@0.4.2 - * deps: finalhandler@0.1.0 - - Respond after request fully read - - deps: debug@1.0.4 - * deps: method-override@~2.1.2 - - deps: debug@1.0.4 - - deps: parseurl@~1.2.0 - * deps: morgan@~1.2.0 - - Add `:remote-user` token - - Add `combined` log format - - Add `common` log format - - Remove non-standard grey color from `dev` format - * deps: multiparty@3.3.1 - * deps: parseurl@~1.2.0 - - Cache URLs based on original value - - Remove no-longer-needed URL mis-parse work-around - - Simplify the "fast-path" `RegExp` - * deps: serve-static@~1.4.0 - - Add `dotfiles` option - - deps: parseurl@~1.2.0 - - deps: send@0.7.0 - -2.23.0 / 2014-07-10 -=================== - - * deps: debug@1.0.3 - - Add support for multiple wildcards in namespaces - * deps: express-session@~1.6.4 - * deps: method-override@~2.1.0 - - add simple debug output - - deps: methods@1.1.0 - - deps: parseurl@~1.1.3 - * deps: parseurl@~1.1.3 - - faster parsing of href-only URLs - * deps: serve-static@~1.3.1 - - deps: parseurl@~1.1.3 - -2.22.0 / 2014-07-03 -=================== - - * deps: csurf@~1.3.0 - - Fix `cookie.signed` option to actually sign cookie - * deps: express-session@~1.6.1 - - Fix `res.end` patch to return correct value - - Fix `res.end` patch to handle multiple `res.end` calls - - Reject cookies with missing signatures - * deps: multiparty@3.3.0 - - Always emit close after all parts ended - - Fix callback hang in node.js 0.8 on errors - * deps: serve-static@~1.3.0 - - Accept string for `maxAge` (converted by `ms`) - - Add `setHeaders` option - - Include HTML link in redirect response - - deps: send@0.5.0 - -2.21.1 / 2014-06-26 -=================== - - * deps: cookie-parser@1.3.2 - - deps: cookie-signature@1.0.4 - * deps: cookie-signature@1.0.4 - - fix for timing attacks - * deps: express-session@~1.5.2 - - deps: cookie-signature@1.0.4 - * deps: type-is@~1.3.2 - - more mime types - -2.21.0 / 2014-06-20 -=================== - - * deprecate `connect(middleware)` -- use `app.use(middleware)` instead - * deprecate `connect.createServer()` -- use `connect()` instead - * fix `res.setHeader()` patch to work with get -> append -> set pattern - * deps: compression@~1.0.8 - * deps: errorhandler@~1.1.1 - * deps: express-session@~1.5.0 - - Deprecate integration with `cookie-parser` middleware - - Deprecate looking for secret in `req.secret` - - Directly read cookies; `cookie-parser` no longer required - - Directly set cookies; `res.cookie` no longer required - - Generate session IDs with `uid-safe`, faster and even less collisions - * deps: serve-index@~1.1.3 - -2.20.2 / 2014-06-19 -=================== - - * deps: body-parser@1.4.3 - - deps: type-is@1.3.1 - -2.20.1 / 2014-06-19 -=================== - - * deps: type-is@1.3.1 - - fix global variable leak - -2.20.0 / 2014-06-19 -=================== - - * deprecate `verify` option to `json` -- use `body-parser` npm module instead - * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead - * deprecate things with `depd` module - * use `finalhandler` for final response handling - * use `media-typer` to parse `content-type` for charset - * deps: body-parser@1.4.2 - - check accepted charset in content-type (accepts utf-8) - - check accepted encoding in content-encoding (accepts identity) - - deprecate `urlencoded()` without provided `extended` option - - lazy-load urlencoded parsers - - support gzip and deflate bodies - - set `inflate: false` to turn off - - deps: raw-body@1.2.2 - - deps: type-is@1.3.0 - - Support all encodings from `iconv-lite` - * deps: connect-timeout@1.1.1 - - deps: debug@1.0.2 - * deps: cookie-parser@1.3.1 - - export parsing functions - - `req.cookies` and `req.signedCookies` are now plain objects - - slightly faster parsing of many cookies - * deps: csurf@1.2.2 - * deps: errorhandler@1.1.0 - - Display error on console formatted like `throw` - - Escape HTML in stack trace - - Escape HTML in title - - Fix up edge cases with error sent in response - - Set `X-Content-Type-Options: nosniff` header - - Use accepts for negotiation - * deps: express-session@1.4.0 - - Add `genid` option to generate custom session IDs - - Add `saveUninitialized` option to control saving uninitialized sessions - - Add `unset` option to control unsetting `req.session` - - Generate session IDs with `rand-token` by default; reduce collisions - - Integrate with express "trust proxy" by default - - deps: buffer-crc32@0.2.3 - - deps: debug@1.0.2 - * deps: multiparty@3.2.9 - * deps: serve-index@1.1.2 - - deps: batch@0.5.1 - * deps: type-is@1.3.0 - - improve type parsing - * deps: vhost@2.0.0 - - Accept `RegExp` object for `hostname` - - Provide `req.vhost` object - - Support IPv6 literal in `Host` header - -2.19.6 / 2014-06-11 -=================== - - * deps: body-parser@1.3.1 - - deps: type-is@1.2.1 - * deps: compression@1.0.7 - - use vary module for better `Vary` behavior - - deps: accepts@1.0.3 - - deps: compressible@1.1.0 - * deps: debug@1.0.2 - * deps: serve-index@1.1.1 - - deps: accepts@1.0.3 - * deps: serve-static@1.2.3 - - Do not throw un-catchable error on file open race condition - - deps: send@0.4.3 - -2.19.5 / 2014-06-09 -=================== - - * deps: csurf@1.2.1 - - refactor to use csrf-tokens@~1.0.2 - * deps: debug@1.0.1 - * deps: serve-static@1.2.2 - - fix "event emitter leak" warnings - - deps: send@0.4.2 - * deps: type-is@1.2.1 - - Switch dependency from `mime` to `mime-types@1.0.0` - -2.19.4 / 2014-06-05 -=================== - - * deps: errorhandler@1.0.2 - - Pass on errors from reading error files - * deps: method-override@2.0.2 - - use vary module for better `Vary` behavior - * deps: serve-favicon@2.0.1 - - Reduce byte size of `ETag` header - -2.19.3 / 2014-06-03 -=================== - - * deps: compression@1.0.6 - - fix listeners for delayed stream creation - - fix regression for certain `stream.pipe(res)` situations - - fix regression when negotiation fails - -2.19.2 / 2014-06-03 -=================== - - * deps: compression@1.0.4 - - fix adding `Vary` when value stored as array - - fix back-pressure behavior - - fix length check for `res.end` - -2.19.1 / 2014-06-02 -=================== - - * fix deprecated `utils.escape` - -2.19.0 / 2014-06-02 -=================== - - * deprecate `methodOverride()` -- use `method-override` npm module instead - * deps: body-parser@1.3.0 - - add `extended` option to urlencoded parser - * deps: method-override@2.0.1 - - set `Vary` header - - deps: methods@1.0.1 - * deps: multiparty@3.2.8 - * deps: response-time@2.0.0 - - add `digits` argument - - do not override existing `X-Response-Time` header - - timer not subject to clock drift - - timer resolution down to nanoseconds - * deps: serve-static@1.2.1 - - send max-age in Cache-Control in correct format - - use `escape-html` for escaping - - deps: send@0.4.1 - -2.18.0 / 2014-05-29 -=================== - - * deps: compression@1.0.3 - * deps: serve-index@1.1.0 - - Fix content negotiation when no `Accept` header - - Properly support all HTTP methods - - Support vanilla node.js http servers - - Treat `ENAMETOOLONG` as code 414 - - Use accepts for negotiation - * deps: serve-static@1.2.0 - - Calculate ETag with md5 for reduced collisions - - Fix wrong behavior when index file matches directory - - Ignore stream errors after request ends - - Skip directories in index file search - - deps: send@0.4.0 - -2.17.3 / 2014-05-27 -=================== - - * deps: express-session@1.2.1 - - Fix `resave` such that `resave: true` works - -2.17.2 / 2014-05-27 -=================== - - * deps: body-parser@1.2.2 - - invoke `next(err)` after request fully read - - deps: raw-body@1.1.6 - * deps: method-override@1.0.2 - - Handle `req.body` key referencing array or object - - Handle multiple HTTP headers - -2.17.1 / 2014-05-21 -=================== - - * fix `res.charset` appending charset when `content-type` has one - -2.17.0 / 2014-05-20 -=================== - - * deps: express-session@1.2.0 - - Add `resave` option to control saving unmodified sessions - * deps: morgan@1.1.1 - - "dev" format will use same tokens as other formats - - `:response-time` token is now empty when immediate used - - `:response-time` token is now monotonic - - `:response-time` token has precision to 1 μs - - fix `:status` + immediate output in node.js 0.8 - - improve `buffer` option to prevent indefinite event loop holding - - simplify method to get remote address - - deps: bytes@1.0.0 - * deps: serve-index@1.0.3 - - Fix error from non-statable files in HTML view - -2.16.2 / 2014-05-18 -=================== - - * fix edge-case in `res.appendHeader` that would append in wrong order - * deps: method-override@1.0.1 - -2.16.1 / 2014-05-17 -=================== - - * remove usages of `res.headerSent` from core - -2.16.0 / 2014-05-17 -=================== - - * deprecate `res.headerSent` -- use `res.headersSent` - * deprecate `res.on("header")` -- use on-headers module instead - * fix `connect.version` to reflect the actual version - * json: use body-parser - - add `type` option - - fix repeated limit parsing with every request - - improve parser speed - * urlencoded: use body-parser - - add `type` option - - fix repeated limit parsing with every request - * dep: bytes@1.0.0 - * add negative support - * dep: cookie-parser@1.1.0 - - deps: cookie@0.1.2 - * dep: csurf@1.2.0 - - add support for double-submit cookie - * dep: express-session@1.1.0 - - Add `name` option; replacement for `key` option - - Use `setImmediate` in MemoryStore for node.js >= 0.10 - -2.15.0 / 2014-05-04 -=================== - - * Add simple `res.cookie` support - * Add `res.appendHeader` - * Call error stack even when response has been sent - * Patch `res.headerSent` to return Boolean - * Patch `res.headersSent` for node.js 0.8 - * Prevent default 404 handler after response sent - * dep: compression@1.0.2 - * support headers given to `res.writeHead` - * deps: bytes@0.3.0 - * deps: negotiator@0.4.3 - * dep: connect-timeout@1.1.0 - * Add `req.timedout` property - * Add `respond` option to constructor - * Clear timer on socket destroy - * deps: debug@0.8.1 - * dep: debug@^0.8.0 - * add `enable()` method - * change from stderr to stdout - * dep: errorhandler@1.0.1 - * Clean up error CSS - * Do not respond after headers sent - * dep: express-session@1.0.4 - * Remove import of `setImmediate` - * Use `res.cookie()` instead of `res.setHeader()` - * deps: cookie@0.1.2 - * deps: debug@0.8.1 - * dep: morgan@1.0.1 - * Make buffer unique per morgan instance - * deps: bytes@0.3.0 - * dep: serve-favicon@2.0.0 - * Accept `Buffer` of icon as first argument - * Non-GET and HEAD requests are denied - * Send valid max-age value - * Support conditional requests - * Support max-age=0 - * Support OPTIONS method - * Throw if `path` argument is directory - * dep: serve-index@1.0.2 - * Add stylesheet option - * deps: negotiator@0.4.3 - -2.14.5 / 2014-04-24 -=================== - - * dep: raw-body@1.1.4 - * allow true as an option - * deps: bytes@0.3.0 - * dep: serve-static@1.1.0 - * Accept options directly to `send` module - * deps: send@0.3.0 - -2.14.4 / 2014-04-07 -=================== - - * dep: bytes@0.3.0 - * added terabyte support - * dep: csurf@1.1.0 - * add constant-time string compare - * dep: serve-static@1.0.4 - * Resolve relative paths at middleware setup - * Use parseurl to parse the URL from request - * fix node.js 0.8 compatibility with memory session - -2.14.3 / 2014-03-18 -=================== - - * dep: static-favicon@1.0.2 - * Fixed content of default icon - -2.14.2 / 2014-03-11 -=================== - - * dep: static-favicon@1.0.1 - * Fixed path to default icon - -2.14.1 / 2014-03-06 -=================== - - * dep: fresh@0.2.2 - * no real changes - * dep: serve-index@1.0.1 - * deps: negotiator@0.4.2 - * dep: serve-static@1.0.2 - * deps: send@0.2.0 - -2.14.0 / 2014-03-05 -=================== - - * basicAuth: use basic-auth-connect - * cookieParser: use cookie-parser - * compress: use compression - * csrf: use csurf - * dep: cookie-signature@1.0.3 - * directory: use serve-index - * errorHandler: use errorhandler - * favicon: use static-favicon - * logger: use morgan - * methodOverride: use method-override - * responseTime: use response-time - * session: use express-session - * static: use serve-static - * timeout: use connect-timeout - * vhost: use vhost - -2.13.1 / 2014-03-05 -=================== - - * cookieSession: compare full value rather than crc32 - * deps: raw-body@1.1.3 - -2.13.0 / 2014-02-14 -=================== - - * fix typo in memory store warning #974 @rvagg - * compress: use compressible - * directory: add template option #990 @gottaloveit @Earl-Brown - * csrf: prevent deprecated warning with old sessions - -2.12.0 / 2013-12-10 -=================== - - * bump qs - * directory: sort folders before files - * directory: add folder icons - * directory: de-duplicate icons, details/mobile views #968 @simov - * errorHandler: end default 404 handler with a newline #972 @rlidwka - * session: remove long cookie expire check #870 @undoZen - -2.11.2 / 2013-12-01 -=================== - - * bump raw-body - -2.11.1 / 2013-11-27 -=================== - - * bump raw-body - * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma - -2.11.0 / 2013-10-29 -=================== - - * update bytes - * update uid2 - * update negotiator - * sessions: add rolling session option #944 @ilmeo - * sessions: property set cookies when given FQDN - * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 - * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 - -2.10.1 / 2013-10-23 -=================== - - * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) - -2.10.0 / 2013-10-22 -=================== - - * fixed: set headers written by writeHead before emitting 'header' - * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) - * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) - * fixed: fix static directory redirect for mount's root #937 (@dougwilson) - * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) - * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies - * compress: compress checks content-length to check threshold - * compress: expose `res.flush()` for flushing responses - * cookieParser: pass options into node-cookie #803 (@cauldrath) - * errorHandler: replace `\n`s with `<br/>`s in error handler - -2.9.2 / 2013-10-18 -================== - - * warn about multiparty and limit middleware deprecation for v3 - * fix fully qualified domain name mounting. #920 (@dougwilson) - * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) - * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) - -2.9.1 / 2013-10-15 -================== - - * update multiparty - * compress: Set vary header only if Content-Type passes filter #904 - * directory: Fix directory middleware URI escaping #917 (@dougwilson) - * directory: Fix directory seperators for Windows #914 (@dougwilson) - * directory: Keep query string intact during directory redirect #913 (@dougwilson) - * directory: Fix paths in links #730 (@JacksonTian) - * errorHandler: Don't escape text/plain as HTML #875 (@johan) - * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) - * logger: Log even when connections are aborted #760 (@dylanahsmith) - * methodOverride: Check req.body is an object #907 (@kbjr) - * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) - * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) - -2.9.0 / 2013-09-07 -================== - - * multipart: add docs regarding tmpfiles - * multipart: add .name back to file parts - * multipart: use multiparty instead of formidable - -2.8.8 / 2013-09-02 -================== - - * csrf: change to math.random() salt and remove csrfToken() callback - -2.8.7 / 2013-08-28 -================== - - * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) - -2.8.6 / 2013-08-28 -================== - - * csrf: refactor to use HMAC tokens (BREACH attack) - * compress: add compression of SVG and common font files by default. - -2.8.5 / 2013-08-11 -================== - - * add: compress Dart source files by default - * update fresh - -2.8.4 / 2013-07-08 -================== - - * update send - -2.8.3 / 2013-07-04 -================== - - * add a name back to static middleware ("staticMiddleware") - * fix .hasBody() utility to require transfer-encoding or content-length - -2.8.2 / 2013-07-03 -================== - - * update send - * update cookie dep. - * add better debug() for middleware - * add whitelisting of supported methods to methodOverride() - -2.8.1 / 2013-06-27 -================== - - * fix: escape req.method in 404 response - -2.8.0 / 2013-06-26 -================== - - * add `threshold` option to `compress()` to prevent compression of small responses - * add support for vendor JSON mime types in json() - * add X-Forwarded-Proto initial https proxy support - * change static redirect to 303 - * change octal escape sequences for strict mode - * change: replace utils.uid() with uid2 lib - * remove other "static" function name. Fixes #794 - * fix: hasBody() should return false if Content-Length: 0 - -2.7.11 / 2013-06-02 -================== - - * update send - -2.7.10 / 2013-05-21 -================== - - * update qs - * update formidable - * fix: write/end to noop() when request aborted - -2.7.9 / 2013-05-07 -================== - - * update qs - * drop support for node < v0.8 - -2.7.8 / 2013-05-03 -================== - - * update qs - -2.7.7 / 2013-04-29 -================== - - * update qs dependency - * remove "static" function name. Closes #794 - * update node-formidable - * update buffer-crc32 - -2.7.6 / 2013-04-15 -================== - - * revert cookie signature which was creating session race conditions - -2.7.5 / 2013-04-12 -================== - - * update cookie-signature - * limit: do not consume request in node 0.10.x - -2.7.4 / 2013-04-01 -================== - - * session: add long expires check and prevent excess set-cookie - * session: add console.error() of session#save() errors - -2.7.3 / 2013-02-19 -================== - - * add name to compress middleware - * add appending Accept-Encoding to Vary when set but missing - * add tests for csrf middleware - * add 'next' support for connect() server handler - * change utils.uid() to return url-safe chars. Closes #753 - * fix treating '.' as a regexp in vhost() - * fix duplicate bytes dep in package.json. Closes #743 - * fix #733 - parse x-forwarded-proto in a more generally compatibly way - * revert "add support for `next(status[, msg])`"; makes composition hard - -2.7.2 / 2013-01-04 -================== - - * add support for `next(status[, msg])` back - * add utf-8 meta tag to support foreign characters in filenames/directories - * change `timeout()` 408 to 503 - * replace 'node-crc' with 'buffer-crc32', fixes licensing - * fix directory.html IE support - -2.7.1 / 2012-12-05 -================== - - * add directory() tests - * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) - * fix errorHandler signature - -2.7.0 / 2012-11-13 -================== - - * add support for leading JSON whitespace - * add logging of `req.ip` when present - * add basicAuth support for `:`-delimited string - * update cookie module. Closes #688 - -2.6.2 / 2012-11-01 -================== - - * add `debug()` for disconnected session store - * fix session regeneration bug. Closes #681 - -2.6.1 / 2012-10-25 -================== - - * add passing of `connect.timeout()` errors to `next()` - * replace signature utils with cookie-signature module - -2.6.0 / 2012-10-09 -================== - - * add `defer` option to `multipart()` [Blake Miner] - * fix mount path case sensitivity. Closes #663 - * fix default of ascii encoding from `logger()`, now utf8. Closes #293 - -2.5.0 / 2012-09-27 -================== - - * add `err.status = 400` to multipart() errors - * add double-encoding protection to `compress()`. Closes #659 - * add graceful handling cookie parsing errors [shtylman] - * fix typo X-Response-time to X-Response-Time - -2.4.6 / 2012-09-18 -================== - - * update qs - -2.4.5 / 2012-09-03 -================== - - * add session store "connect" / "disconnect" support [louischatriot] - * fix `:url` log token - -2.4.4 / 2012-08-21 -================== - - * fix `static()` pause regression from "send" integration - -2.4.3 / 2012-08-07 -================== - - * fix `.write()` encoding for zlib inconstancy. Closes #561 - -2.4.2 / 2012-07-25 -================== - - * remove limit default from `urlencoded()` - * remove limit default from `json()` - * remove limit default from `multipart()` - * fix `cookieSession()` clear cookie path / domain bug. Closes #636 - -2.4.1 / 2012-07-24 -================== - - * fix `options` mutation in `static()` - -2.4.0 / 2012-07-23 -================== - - * add `connect.timeout()` - * add __GET__ / __HEAD__ check to `directory()`. Closes #634 - * add "pause" util dep - * update send dep for normalization bug - -2.3.9 / 2012-07-16 -================== - - * add more descriptive invalid json error message - * update send dep for root normalization regression - * fix staticCache fresh dep - -2.3.8 / 2012-07-12 -================== - - * fix `connect.static()` 404 regression, pass `next()`. Closes #629 - -2.3.7 / 2012-07-05 -================== - - * add `json()` utf-8 illustration test. Closes #621 - * add "send" dependency - * change `connect.static()` internals to use "send" - * fix `session()` req.session generation with pathname mismatch - * fix `cookieSession()` req.session generation with pathname mismatch - * fix mime export. Closes #618 - -2.3.6 / 2012-07-03 -================== - - * Fixed cookieSession() with cookieParser() secret regression. Closes #602 - * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 - -2.3.5 / 2012-06-28 -================== - - * Remove `logger()` mount check - * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 - * Fixed `staticCache()` when Cookie is present - -2.3.4 / 2012-06-22 -================== - - * Added `err.buf` to urlencoded() and json() - * Update cookie to 0.0.4. Closes #604 - * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] - -2.3.3 / 2012-06-11 -================== - - * Added ETags back to `static()` [timkuijsten] - * Replaced `utils.parseRange()` with `range-parser` module - * Replaced `utils.parseBytes()` with `bytes` module - * Replaced `utils.modified()` with `fresh` module - * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] - -2.3.2 / 2012-06-08 -================== - - * expose mime module - * Update crc dep (which bundled nodeunit) - -2.3.1 / 2012-06-06 -================== - - * Added `secret` option to `cookieSession` middleware [shtylman] - * Added `secret` option to `session` middleware [shtylman] - * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` - * Performance: improve signed cookie parsing - * Update `cookie` dependency [shtylman] - -2.3.0 / 2012-05-20 -================== - - * Added limit option to `json()` - * Added limit option to `urlencoded()` - * Added limit option to `multipart()` - * Fixed: remove socket error event listener on callback - * Fixed __ENOTDIR__ error on `static` middleware - -2.2.2 / 2012-05-07 -================== - - * Added support to csrf middle for pre-flight CORS requests - * Updated `engines` to allow newer version of node - * Removed duplicate repo prop. Closes #560 - -2.2.1 / 2012-04-28 -================== - - * Fixed `static()` redirect when mounted. Closes #554 - -2.2.0 / 2012-04-25 -================== - - * Added `make benchmark` - * Perf: memoize url parsing (~20% increase) - * Fixed `connect(fn, fn2, ...)`. Closes #549 - -2.1.3 / 2012-04-20 -================== - - * Added optional json() `reviver` function to be passed to JSON.parse [jed] - * Fixed: emit drain in compress middleware [nsabovic] - -2.1.2 / 2012-04-11 -================== - - * Fixed cookieParser() `req.cookies` regression - -2.1.1 / 2012-04-11 -================== - - * Fixed `session()` browser-session length cookies & examples - * Fixed: make `query()` "self-aware" [jed] - -2.1.0 / 2012-04-05 -================== - - * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) - * Added `urlencoded()` support for GET - * Added `json()` support for GET. Closes #497 - * Added `strict` option to `json()` - * Changed: `session()` only set-cookie when modified - * Removed `Session#lastAccess` property. Closes #399 - -2.0.3 / 2012-03-20 -================== - - * Added: `cookieSession()` only sets cookie on change. Closes #442 - * Added `connect:dispatcher` debug() probes - -2.0.2 / 2012-03-04 -================== - - * Added test for __ENAMETOOLONG__ now that node is fixed - * Fixed static() index "/" check on windows. Closes #498 - * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] - -2.0.1 / 2012-02-29 -================== - - * Added test coverage for `vhost()` middleware - * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] - * Fixed `static()` Range: respond with 416 when unsatisfiable - * Fixed `vhost()` middleware. Closes #494 - -2.0.0 / 2011-10-05 -================== - - * Added `cookieSession()` middleware for cookie-only sessions - * Added `compress()` middleware for gzip / deflate support - * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` - * Added `json()` middleware to parse "application/json" - * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" - * Added `multipart()` middleware to parse "multipart/form-data" - * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies - * Added signed cookie support to `cookieParser()` - * Added support for JSON-serialized cookies to `cookieParser()` - * Added `err.status` support in Connect's default end-point - * Added X-Cache MISS / HIT to `staticCache()` - * Added public `res.headerSent` checking nodes `res._headerSent` until node does - * Changed `basicAuth()` req.remoteUser to req.user - * Changed: default `session()` to a browser-session cookie. Closes #475 - * Changed: no longer lowercase cookie names - * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` - * Changed: `errorHandler()` is now a development-only middleware - * Changed middleware to `next()` errors when possible so applications can unify logging / handling - * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https - * Removed `.createServer()` (use `connect()`) - * Removed `secret` option from `session()`, use `cookieParser(secret)` - * Removed `connect.session.ignore` array support - * Removed `router()` middleware. Closes #262 - * Fixed: set-cookie only once for browser-session cookies - * Fixed FQDN support. dont add leading "/" - * Fixed 404 XSS attack vector. Closes #473 - * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point - -1.8.5 / 2011-12-22 -================== - - * Fixed: actually allow empty body for json - -1.8.4 / 2011-12-22 -================== - - * Changed: allow empty body for json/urlencoded requests. Backport for #443 - -1.8.3 / 2011-12-16 -================== - - * Fixed `static()` _index.html_ support on windows - -1.8.2 / 2011-12-03 -================== - - * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] - -1.8.1 / 2011-11-21 -================== - - * Added nesting support for _multipart/form-data_ [jackyz] - -1.8.0 / 2011-11-17 -================== - - * Added _multipart/form-data_ support to `bodyParser()` using formidable - -1.7.3 / 2011-11-11 -================== - - * Fixed `req.body`, always default to {} - * Fixed HEAD support for 404s and 500s - -1.7.2 / 2011-10-24 -================== - - * "node": ">= 0.4.1 < 0.7.0" - * Added `static()` redirect option. Closes #398 - * Changed `limit()`: respond with 413 when content-length exceeds the limit - * Removed socket error listener in static(). Closes #389 - * Fixed `staticCache()` Age header field - * Fixed race condition causing errors reported in #329. - -1.7.1 / 2011-09-12 -================== - - * Added: make `Store` inherit from `EventEmitter` - * Added session `Store#load(sess, fn)` to fetch a `Session` instance - * Added backpressure support to `staticCache()` - * Changed `res.socket.destroy()` to `req.socket.destroy()` - -1.7.0 / 2011-08-31 -================== - - * Added `staticCache()` middleware, a memory cache for `static()` - * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) - * Changed: ignore error handling middleware when header is sent - * Changed: dispatcher errors after header is sent destroy the sock - -1.6.4 / 2011-08-26 -================== - - * Revert "Added double-next reporting" - -1.6.3 / 2011-08-26 -================== - - * Added double-`next()` reporting - * Added `immediate` option to `logger()`. Closes #321 - * Dependency `qs >= 0.3.1` - -1.6.2 / 2011-08-11 -================== - - * Fixed `connect.static()` null byte vulnerability - * Fixed `connect.directory()` null byte vulnerability - * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 - -1.6.1 / 2011-08-03 -================== - - * Added: allow retval `== null` from logger callback to ignore line - * Added `getOnly` option to `connect.static.send()` - * Added response "header" event allowing augmentation - * Added `X-CSRF-Token` header field check - * Changed dep `qs >= 0.3.0` - * Changed: persist csrf token. Closes #322 - * Changed: sort directory middleware files alphabetically - -1.6.0 / 2011-07-10 -================== - - * Added :response-time to "dev" logger format - * Added simple `csrf()` middleware. Closes #315 - * Fixed `res._headers` logger regression. Closes #318 - * Removed support for multiple middleware being passed to `.use()` - -1.5.2 / 2011-07-06 -================== - - * Added `filter` function option to `directory()` [David Rio Deiros] - * Changed: re-write of the `logger()` middleware, with extensible tokens and formats - * Changed: `static.send()` ".." in path without root considered malicious - * Fixed quotes in docs. Closes #312 - * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] - - -1.5.1 / 2011-06-20 -================== - - * Added malicious path check to `directory()` middleware - * Added `utils.forbidden(res)` - * Added `connect.query()` middleware - -1.5.0 / 2011-06-20 -================== - - * Added `connect.directory()` middleware for serving directory listings - -1.4.6 / 2011-06-18 -================== - - * Fixed `connect.static()` root with `..` - * Fixed `connect.static()` __EBADF__ - -1.4.5 / 2011-06-17 -================== - - * Fixed EBADF in `connect.static()`. Closes #297 - -1.4.4 / 2011-06-16 -================== - - * Changed `connect.static()` to check resolved dirname. Closes #294 - -1.4.3 / 2011-06-06 -================== - - * Fixed fd leak in `connect.static()` when the socket is closed - * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 - -1.4.2 / 2011-05-27 -================== - - * Changed to `devDependencies` - * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] - * Fixed Win32 support for `static()` - * Fixed monkey-patch issue. Closes #261 - -1.4.1 / 2011-05-08 -================== - - * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 - * Fixed `errorHandler` middleware for missing stack traces. [aseemk] -#274 - -1.4.0 / 2011-04-25 -================== - - * Added route-middleware `next('route')` support to jump passed the route itself - * Added Content-Length support to `limit()` - * Added route-specific middleware support (used to be in express) - * Changed; refactored duplicate session logic - * Changed; prevent redefining `store.generate` per request - * Fixed; `static()` does not set Content-Type when explicitly set [nateps] - * Fixed escape `errorHandler()` {error} contents - * NOTE: `router` will be removed in 2.0 - - -1.3.0 / 2011-04-06 -================== - - * Added `router.remove(path[, method])` to remove a route - -1.2.3 / 2011-04-05 -================== - - * Fixed basicAuth realm issue when passing strings. Closes #253 - -1.2.2 / 2011-04-05 -================== - - * Added `basicAuth(username, password)` support - * Added `errorHandler.title` defaulting to "Connect" - * Changed `errorHandler` css - -1.2.1 / 2011-03-30 -================== - - * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] - -1.2.0 / 2011-03-30 -================== - - * Added `router.lookup(path[, method])` - * Added `router.match(url[, method])` - * Added basicAuth async support. Closes #223 - -1.1.5 / 2011-03-27 -================== - - * Added; allow `logger()` callback function to return an empty string to ignore logging - * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 - -1.1.4 / 2011-03-23 -================== - - * Added `logger()` support for format function - * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x - -1.1.3 / 2011-03-21 -================== - - * Changed; `limit()` now calls `req.destroy()` - -1.1.2 / 2011-03-21 -================== - - * Added request "limit" event to `limit()` middleware - * Changed; `limit()` middleware will `next(err)` on failure - -1.1.1 / 2011-03-18 -================== - - * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] - -1.1.0 / 2011-03-17 -================== - - * Added `Session#reload(fn)` - -1.0.6 / 2011-03-09 -================== - - * Fixed `res.setHeader()` patch, preserve casing - -1.0.5 / 2011-03-09 -================== - - * Fixed; `logger()` using `req.originalUrl` instead of `req.url` - -1.0.4 / 2011-03-09 -================== - - * Added `res.charset` - * Added conditional sessions example - * Added support for `session.ignore` to be replaced. Closes #227 - * Fixed `Cache-Control` delimiters. Closes #228 - -1.0.3 / 2011-03-03 -================== - - * Fixed; `static.send()` invokes callback with connection error - -1.0.2 / 2011-03-02 -================== - - * Fixed exported connect function - * Fixed package.json; node ">= 0.4.1 < 0.5.0" - -1.0.1 / 2011-03-02 -================== - - * Added `Session#save(fn)`. Closes #213 - * Added callback support to `connect.static.send()` for express - * Added `connect.static.send()` "path" option - * Fixed content-type in `static()` for _index.html_ - -1.0.0 / 2011-03-01 -================== - - * Added `stack`, `message`, and `dump` errorHandler option aliases - * Added `req.originalMethod` to methodOverride - * Added `favicon()` maxAge option support - * Added `connect()` alternative to `connect.createServer()` - * Added new [documentation](http://senchalabs.github.com/connect) - * Added Range support to `static()` - * Added HTTPS support - * Rewrote session middleware. The session API now allows for - session-specific cookies, so you may alter each individually. - Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). - * Added middleware self-awareness. This helps prevent - middleware breakage when used within mounted servers. - For example `cookieParser()` will not parse cookies more - than once even when within a mounted server. - * Added new examples in the `./examples` directory - * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware - * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware - * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware - * Renamed `staticProvider` to `static` - * Renamed `bodyDecoder` to `bodyParser` - * Renamed `cookieDecoder` to `cookieParser` - * Fixed ETag quotes. [reported by papandreou] - * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] - * Fixed; only set req.originalUrl once. Closes #124 - * Fixed symlink support for `static()`. Closes #123 - -0.5.10 / 2011-02-14 -================== - - * Fixed SID space issue. Closes #196 - * Fixed; proxy `res.end()` to commit session data - * Fixed directory traversal attack in `staticProvider`. Closes #198 - -0.5.9 / 2011-02-09 -================== - - * qs >= 0.0.4 - -0.5.8 / 2011-02-04 -================== - - * Added `qs` dependency - * Fixed router race-condition causing possible failure - when `next()`ing to one or more routes with parallel - requests - -0.5.7 / 2011-02-01 -================== - - * Added `onvhost()` call so Express (and others) can know when they are - * Revert "Added stylus support" (use the middleware which ships with stylus) - * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly - * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] - * Fixed `utils.uid()` length error [Jxck] -mounted - -0.5.6 / 2011-01-23 -================== - - * Added stylus support to `compiler` - * _favicon.js_ cleanup - * _compiler.js_ cleanup - * _bodyDecoder.js_ cleanup - -0.5.5 / 2011-01-13 -================== - - * Changed; using sha256 HMAC instead of md5. [Paul Querna] - * Changed; generated a longer random UID, without time influence. [Paul Querna] - * Fixed; session middleware throws when secret is not present. [Paul Querna] - -0.5.4 / 2011-01-07 -================== - - * Added; throw when router path or callback is missing - * Fixed; `next(err)` on cookie parse exception instead of ignoring - * Revert "Added utils.pathname(), memoized url.parse(str).pathname" - -0.5.3 / 2011-01-05 -================== - - * Added _docs/api.html_ - * Added `utils.pathname()`, memoized url.parse(str).pathname - * Fixed `session.id` issue. Closes #183 - * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 - * Removed bad outdated docs, we need something new / automated eventually - -0.5.2 / 2010-12-28 -================== - - * Added default __OPTIONS__ support to _router_ middleware - -0.5.1 / 2010-12-28 -================== - - * Added `req.session.id` mirroring `req.sessionID` - * Refactored router, exposing `connect.router.methods` - * Exclude non-lib files from npm - * Removed imposed headers `X-Powered-By`, `Server`, etc - -0.5.0 / 2010-12-06 -================== - - * Added _./index.js_ - * Added route segment precondition support and example - * Added named capture group support to router - -0.4.0 / 2010-11-29 -================== - - * Added `basicAuth` middleware - * Added more HTTP methods to the `router` middleware - -0.3.0 / 2010-07-21 -================== - - * Added _staticGzip_ middleware - * Added `connect.utils` to expose utils - * Added `connect.session.Session` - * Added `connect.session.Store` - * Added `connect.session.MemoryStore` - * Added `connect.middleware` to expose the middleware getters - * Added `buffer` option to _logger_ for performance increase - * Added _favicon_ middleware for serving your own favicon or the connect default - * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. - * Added; mounted `Server` instances now have the `route` property exposed for reflection - * Added support for callback as first arg to `Server#use()` - * Added support for `next(true)` in _router_ to bypass match attempts - * Added `Server#listen()` _host_ support - * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance - * Added _methodOverride_ X-HTTP-Method-Override support - * Refactored session internals, adds _secret_ option - * Renamed `lifetime` option to `maxAge` in _staticProvider_ - * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) - * Removed connect(1) dependency on examples, they can all now run with node(1) - * Remove a typo that was leaking a global. - * Removed `Object.prototype` forEach() and map() methods - * Removed a few utils not used - * Removed `connect.createApp()` - * Removed `res.simpleBody()` - * Removed _format_ middleware - * Removed _flash_ middleware - * Removed _redirect_ middleware - * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) - * Removed _pubsub_ middleware - * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array - * Changed; _compiler_ no longer 404s - * Changed; _router_ signature now matches connect middleware signature - * Fixed a require in _session_ for default `MemoryStore` - * Fixed nasty request body bug in _router_. Closes #54 - * Fixed _less_ support in _compiler_ - * Fixed bug preventing proper bubbling of exceptions in mounted servers - * Fixed bug in `Server#use()` preventing `Server` instances as the first arg - * Fixed **ENOENT** special case, is now treated as any other exception - * Fixed spark env support - -0.2.1 / 2010-07-09 -================== - - * Added support for _router_ `next()` to continue calling matched routes - * Added mime type for _cache.manifest_ files. - * Changed _compiler_ middleware to use async require - * Changed session api, stores now only require `#get()`, and `#set()` - * Fixed _cacheManifest_ by adding `utils.find()` back - -0.2.0 / 2010-07-01 -================== - - * Added calls to `Session()` casts the given object as a `Session` instance - * Added passing of `next()` to _router_ callbacks. Closes #46 - * Changed; `MemoryStore#destroy()` removes `req.session` - * Changed `res.redirect("back")` to default to "/" when Referr?er is not present - * Fixed _staticProvider_ urlencoded paths issue. Closes #47 - * Fixed _staticProvider_ middleware responding to **GET** requests - * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 - * Fixed _logger_ format option - * Fixed typo in _compiler_ middleware preventing the _dest_ option from working - -0.1.0 / 2010-06-25 -================== - - * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) - * Added [extended api docs](http://extjs.github.com/Connect/api.html) - * Added docs for several more middleware layers - * Added `connect.Server#use()` - * Added _compiler_ middleware which provides arbitrary static compilation - * Added `req.originalUrl` - * Removed _blog_ example - * Removed _sass_ middleware (use _compiler_) - * Removed _less_ middleware (use _compiler_) - * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. - * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes - * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 - * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies - * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries - -0.0.6 / 2010-06-22 -================== - - * Added _static_ middleware usage example - * Added support for regular expressions as paths for _router_ - * Added `util.merge()` - * Increased performance of _static_ by ~ 200 rps - * Renamed the _rest_ middleware to _router_ - * Changed _rest_ api to accept a callback function - * Removed _router_ middleware - * Removed _proto.js_, only `Object#forEach()` remains - -0.0.5 / 2010-06-21 -================== - - * Added Server#use() which contains the Layer normalization logic - * Added documentation for several middleware - * Added several new examples - * Added _less_ middleware - * Added _repl_ middleware - * Added _vhost_ middleware - * Added _flash_ middleware - * Added _cookie_ middleware - * Added _session_ middleware - * Added `utils.htmlEscape()` - * Added `utils.base64Decode()` - * Added `utils.base64Encode()` - * Added `utils.uid()` - * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 - * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` - * Renamed req.redirect() to res.redirect(). Closes #29 - * Fixed _sass_ 404 on **ENOENT** - * Fixed +new Date duplication. Closes #24 - -0.0.4 / 2010-06-16 -================== - - * Added workerPidfile() to bin/connect - * Added --workers support to bin/connect stop and status commands - * Added _redirect_ middleware - * Added better --config support to bin/connect. All flags can be utilized - * Added auto-detection of _./config.js_ - * Added config example - * Added `net.Server` support to bin/connect - * Writing worker pids relative to `env.pidfile` - * s/parseQuery/parse/g - * Fixed npm support - -0.0.3 / 2010-06-16 -================== - - * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ - -0.0.2 / 2010-06-15 -================== - - * Added `-V, --version` to bin/connect - * Added `utils.parseCookie()` - * Added `utils.serializeCookie()` - * Added `utils.toBoolean()` - * Added _sass_ middleware - * Added _cookie_ middleware - * Added _format_ middleware - * Added _lint_ middleware - * Added _rest_ middleware - * Added _./package.json_ (npm install connect) - * Added `handleError()` support - * Added `process.connectEnv` - * Added custom log format support to _log_ middleware - * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") - * Added -w, --workers to bin/connect - * Added bin/connect support for --user NAME and --group NAME - * Fixed url re-writing support - -0.0.1 / 2010-06-03 -================== - - * Initial release -
http://git-wip-us.apache.org/repos/asf/incubator-griffin-site/blob/ca1c37a7/node_modules/connect/LICENSE ---------------------------------------------------------------------- diff --git a/node_modules/connect/LICENSE b/node_modules/connect/LICENSE deleted file mode 100644 index 9c27617..0000000 --- a/node_modules/connect/LICENSE +++ /dev/null @@ -1,25 +0,0 @@ -(The MIT License) - -Copyright (c) 2010 Sencha Inc. -Copyright (c) 2011 LearnBoost -Copyright (c) 2011-2014 TJ Holowaychuk -Copyright (c) 2015 Douglas Christopher Wilson - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. http://git-wip-us.apache.org/repos/asf/incubator-griffin-site/blob/ca1c37a7/node_modules/connect/README.md ---------------------------------------------------------------------- diff --git a/node_modules/connect/README.md b/node_modules/connect/README.md deleted file mode 100644 index c524e49..0000000 --- a/node_modules/connect/README.md +++ /dev/null @@ -1,289 +0,0 @@ -# Connect - -[![NPM Version][npm-image]][npm-url] -[![NPM Downloads][downloads-image]][downloads-url] -[![Build Status][travis-image]][travis-url] -[![Test Coverage][coveralls-image]][coveralls-url] -[![Gratipay][gratipay-image]][gratipay-url] - - Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_. - -```js -var connect = require('connect'); -var http = require('http'); - -var app = connect(); - -// gzip/deflate outgoing responses -var compression = require('compression'); -app.use(compression()); - -// store session state in browser cookie -var cookieSession = require('cookie-session'); -app.use(cookieSession({ - keys: ['secret1', 'secret2'] -})); - -// parse urlencoded request bodies into req.body -var bodyParser = require('body-parser'); -app.use(bodyParser.urlencoded({extended: false})); - -// respond to all requests -app.use(function(req, res){ - res.end('Hello from Connect!\n'); -}); - -//create node.js http server and listen on port -http.createServer(app).listen(3000); -``` - -## Getting Started - -Connect is a simple framework to glue together various "middleware" to handle requests. - -### Install Connect - -```sh -$ npm install connect -``` - -### Create an app - -The main component is a Connect "app". This will store all the middleware -added and is, itself, a function. - -```js -var app = connect(); -``` - -### Use middleware - -The core of Connect is "using" middleware. Middleware are added as a "stack" -where incoming requests will execute each middleware one-by-one until a middleware -does not call `next()` within it. - -```js -app.use(function middleware1(req, res, next) { - // middleware 1 - next(); -}); -app.use(function middleware2(req, res, next) { - // middleware 2 - next(); -}); -``` - -### Mount middleware - -The `.use()` method also takes an optional path string that is matched against -the beginning of the incoming request URL. This allows for basic routing. - -```js -app.use('/foo', function fooMiddleware(req, res, next) { - // req.url starts with "/foo" - next(); -}); -app.use('/bar', function barMiddleware(req, res, next) { - // req.url starts with "/bar" - next(); -}); -``` - -### Error middleware - -There are special cases of "error-handling" middleware. There are middleware -where the function takes exactly 4 arguments. When a middleware passes an error -to `next`, the app will proceed to look for the error middleware that was declared -after that middleware and invoke it, skipping any error middleware above that -middleware and any non-error middleware below. - -```js -// regular middleware -app.use(function (req, res, next) { - // i had an error - next(new Error('boom!')); -}); - -// error middleware for errors that occurred in middleware -// declared before this -app.use(function onerror(err, req, res, next) { - // an error occurred! -}); -``` - -### Create a server from the app - -The last step is to actually use the Connect app in a server. The `.listen()` method -is a convenience to start a HTTP server (and is identical to the `http.Server`'s `listen` -method in the version of Node.js you are running). - -```js -var server = app.listen(port); -``` - -The app itself is really just a function with three arguments, so it can also be handed -to `.createServer()` in Node.js. - -```js -var server = http.createServer(app); -``` - -## Middleware - -These middleware and libraries are officially supported by the Connect/Express team: - - - [body-parser](https://www.npmjs.com/package/body-parser) - previous `bodyParser`, `json`, and `urlencoded`. You may also be interested in: - - [body](https://www.npmjs.com/package/body) - - [co-body](https://www.npmjs.com/package/co-body) - - [raw-body](https://www.npmjs.com/package/raw-body) - - [compression](https://www.npmjs.com/package/compression) - previously `compress` - - [connect-timeout](https://www.npmjs.com/package/connect-timeout) - previously `timeout` - - [cookie-parser](https://www.npmjs.com/package/cookie-parser) - previously `cookieParser` - - [cookie-session](https://www.npmjs.com/package/cookie-session) - previously `cookieSession` - - [csurf](https://www.npmjs.com/package/csurf) - previously `csrf` - - [errorhandler](https://www.npmjs.com/package/errorhandler) - previously `error-handler` - - [express-session](https://www.npmjs.com/package/express-session) - previously `session` - - [method-override](https://www.npmjs.com/package/method-override) - previously `method-override` - - [morgan](https://www.npmjs.com/package/morgan) - previously `logger` - - [response-time](https://www.npmjs.com/package/response-time) - previously `response-time` - - [serve-favicon](https://www.npmjs.com/package/serve-favicon) - previously `favicon` - - [serve-index](https://www.npmjs.com/package/serve-index) - previously `directory` - - [serve-static](https://www.npmjs.com/package/serve-static) - previously `static` - - [vhost](https://www.npmjs.com/package/vhost) - previously `vhost` - -Most of these are exact ports of their Connect 2.x equivalents. The primary exception is `cookie-session`. - -Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead: - - - `cookieParser` - - [cookies](https://www.npmjs.com/package/cookies) and [keygrip](https://www.npmjs.com/package/keygrip) - - `limit` - - [raw-body](https://www.npmjs.com/package/raw-body) - - `multipart` - - [connect-multiparty](https://www.npmjs.com/package/connect-multiparty) - - [connect-busboy](https://www.npmjs.com/package/connect-busboy) - - `query` - - [qs](https://www.npmjs.com/package/qs) - - `staticCache` - - [st](https://www.npmjs.com/package/st) - - [connect-static](https://www.npmjs.com/package/connect-static) - -Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware! - -## API - -The Connect API is very minimalist, enough to create an app and add a chain -of middleware. - -When the `connect` module is required, a function is returned that will construct -a new app when called. - -```js -// require module -var connect = require('connect') - -// create app -var app = connect() -``` - -### app(req, res[, next]) - -The `app` itself is a function. This is just an alias to `app.handle`. - -### app.handle(req, res[, out]) - -Calling the function will run the middleware stack against the given Node.js -http request (`req`) and response (`res`) objects. An optional function `out` -can be provided that will be called if the request (or error) was not handled -by the middleware stack. - -### app.listen([...]) - -Start the app listening for requests. This method will internally create a Node.js -HTTP server and call `.listen()` on it. - -This is an alias to the `server.listen()` method in the version of Node.js running, -so consult the Node.js documentation for all the different variations. The most -common signature is [`app.listen(port)`](https://nodejs.org/dist/latest-v6.x/docs/api/http.html#http_server_listen_port_hostname_backlog_callback). - -### app.use(fn) - -Use a function on the app, where the function represents a middleware. The function -will be invoked for every request in the order that `app.use` is called. The function -is called with three arguments: - -```js -app.use(function (req, res, next) { - // req is the Node.js http request object - // res is the Node.js http response object - // next is a function to call to invoke the next middleware -}) -``` - -In addition to a plan function, the `fn` argument can also be a Node.js HTTP server -instance or another Connect app instance. - -### app.use(route, fn) - -Use a function on the app, where the function represents a middleware. The function -will be invoked for every request in which the URL (`req.url` property) starts with -the given `route` string in the order that `app.use` is called. The function is -called with three arguments: - -```js -app.use('/foo', function (req, res, next) { - // req is the Node.js http request object - // res is the Node.js http response object - // next is a function to call to invoke the next middleware -}) -``` - -In addition to a plan function, the `fn` argument can also be a Node.js HTTP server -instance or another Connect app instance. - -The `route` is always terminated at a path separator (`/`) or a dot (`.`) character. -This means the given routes `/foo/` and `/foo` are the same and both will match requests -with the URLs `/foo`, `/foo/`, `/foo/bar`, and `/foo.bar`, but not match a request with -the URL `/foobar`. - -The `route` is matched in a case-insensitive manor. - -In order to make middleware easier to write to be agnostic of the `route`, when the -`fn` is invoked, the `req.url` will be altered to remove the `route` part (and the -original will be available as `req.originalUrl`). For example, if `fn` is used at the -route `/foo`, the request for `/foo/bar` will invoke `fn` with `req.url === '/foo'` -and `req.originalUrl === '/foo/bar'`. - -## Running Tests - -```bash -npm install -npm test -``` - -## Contributors - - https://github.com/senchalabs/connect/graphs/contributors - -## Node Compatibility - - - Connect `< 1.x` - node `0.2` - - Connect `1.x` - node `0.4` - - Connect `< 2.8` - node `0.6` - - Connect `>= 2.8 < 3` - node `0.8` - - Connect `>= 3` - node `0.10`, `0.12`, `4.x`, `5.x`, `6.x`, `7.x`; io.js `1.x`, `2.x`, `3.x` - -## License - -[MIT](LICENSE) - -[npm-image]: https://img.shields.io/npm/v/connect.svg -[npm-url]: https://npmjs.org/package/connect -[travis-image]: https://img.shields.io/travis/senchalabs/connect/master.svg -[travis-url]: https://travis-ci.org/senchalabs/connect -[coveralls-image]: https://img.shields.io/coveralls/senchalabs/connect/master.svg -[coveralls-url]: https://coveralls.io/r/senchalabs/connect -[downloads-image]: https://img.shields.io/npm/dm/connect.svg -[downloads-url]: https://npmjs.org/package/connect -[gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg -[gratipay-url]: https://www.gratipay.com/dougwilson/