Sourced from h3's releases.

v2.0.1-rc.19

compare changes

🩹 Fixes

• body: Enforce stream-based body size check regardless of content-length header (708a3aa)

💅 Refactors

• Upgrade cookie-es to v3 (9d244a7)

📖 Documentation

• Remove await-thenable lint rule and fix invalid await usage (#1353)

📦 Build

• Move docs to dist (e87ceca)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Nick Spaargaren (@​nickspaargaren)

v2.0.1-rc.18

compare changes

🩹 Fixes

• utils: Prevent open redirect via protocol-relative path in redirectBack() (459a1c6)
• cookie: Prevent unbounded chunked cookie count (399257c)

v2.0.1-rc.17

compare changes

🚀 Enhancements

• Add redirectBack utility (#1329)
• Add removeRoute (#1331)

🩹 Fixes

• cors: Preserve CORS headers on error responses (#1352)
• sse: Mark writer as closed on write failure (#1322)
• request: Include Allow header in 405 response (#1314)
• sse: Sanitize carriage returns in event stream data and comments (79cabe3)
• mount: Normalize percent-encoded pathname in requestWithBaseURL (0295f90)
• static: Prevent path traversal via double-encoded dot segments (8e9993f)
• mount: Enforce path segment boundary in startsWith check (7ccc9e2)

... (truncated)

Sourced from h3's changelog.

v2.0.1-rc.19

compare changes

🩹 Fixes

• body: Enforce stream-based body size check regardless of content-length header (708a3aa)

💅 Refactors

• Upgrade cookie-es to v3 (9d244a7)

📖 Documentation

• Remove await-thenable lint rule and fix invalid await usage (#1353)

📦 Build

• Move docs to dist (e87ceca)

🏡 Chore

• Update deps (88ce5cd)
• Remove unused import (766cd39)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Nick Spaargaren (@​nickspaargaren)

v2.0.1-rc.18

compare changes

🩹 Fixes

• utils: Prevent open redirect via protocol-relative path in redirectBack() (459a1c6)
• cookie: Prevent unbounded chunked cookie count (399257c)

❤️ Contributors

• Pooya Parsa (@​pi0)

v2.0.1-rc.17

compare changes

🚀 Enhancements

• Add redirectBack utility (#1329)

... (truncated)

• 7c2bc9b chore(release): v2.0.1-rc.19
• 9d244a7 refactor: upgrade cookie-es to v3
• 766cd39 chore: remove unused import
• 708a3aa fix(body): enforce stream-based body size check regardless of content-length ...
• 43e1fa3 docs: remove await-thenable lint rule and fix invalid await usage (#1353)
• 88ce5cd chore: update deps
• e87ceca build: move docs to dist
• cb70e1b chore(release): v2.0.1-rc.18
• 399257c fix(cookie): prevent unbounded chunked cookie count
• 459a1c6 fix(utils): prevent open redirect via protocol-relative path in redirectBack()
• Additional commits viewable in compare view

Sourced from nitro's releases.

v3.0.260311-beta

compare changes

🚀 Enhancements

• Add non bundlable dependencies from nf3 db (a8c8cbaa)
• vite: Use srvx loader for preview (#3999)
• Support zstd for compressPublicAssets (#3934)
• vercel: Rewrite proxy route rule on cdn (#4006)
• tasks: Expose req and waitUntil in context (#4037)
• nitro preview (#4024)
• nitro deploy command (#4042)
• vite: Auto-detect client entry (#4059)
• vite: Auto-detect client entry " (#4059)
• Use unjs/env-runner (#4088)
• vite: Respect vite mode for env loading (#4082)
• route-rules: Basic auth (#4049)
• vite: Support preview (#4090)
• Export http utils from nitro (#4097)

🔥 Performance

• Optimize duplicate handler filtering (#4003)

🩹 Fixes

• vite: Remove chunk config when inlineDynamicImports enabled (3c506bba)
• vite: Merge bundler config first before normalize (64df4cfd)
• Use virtual: prefix for raw plugin for vite compatibility (dfdff9e9)
• Support PORT=0 for random port assignment (#4000)
• Remove deprecated inlineDynamicImports from rolldown config (bbe5a7a0)
• vite: Remove keep-alive header from worker (150b6f91)
• vite: Set copyPublicDir: false by default (#4005)
• vercel: Fix preview mode compat with srvx (#4011)
• RolldownConfig.output is optional (d3b1f7b3)
• Avoid adding extra additional export conditions (#4029)
• Also avoid inferring bun and deno from runtime (09d6aa6d)
• Preserve sourcemap mappings for chunks containing user code (#4031)
• Sync routes after scan handlers (#4033)
• prerender: Skip writing routes with .. or outside of public dir (50b3bc5b)
• vite: Don't send browser full-reload for ssr-only changes (#4034)
• Escape scanned route url param names (7a5d536f)
• vite: Avoid adding duplicate nitro plugins when using nitro build (0da93bd3)
• Make error handlers consistent with h3 (#4055)
• static: Only append Vary: Accept-Encoding after a static asset match (#4075)
• vite: Run scheduled tasks during vite dev (#4076)
• config: Apply $production/$development layers when NODE_ENV is unset (#4066)

💅 Refactors

... (truncated)

• 47c85b5 v3.0.260311-beta
• 1d05f55 ci: add missing --tag
• 76a41a7 update release script tests
• 28d4fb1 disable flaky test
• bb2df26 lint
• 6880a7f set version
• a191078 fix release script
• fc8645d chore: updatte release script
• 3ab8713 improve local script safety
• e5a24d5 chore: apply automated updates
• Additional commits viewable in compare view

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nitro since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.