@major-tanya/itty-compression v0.2.5

This release covers a security fix for CVE-2025-24964, which affected vitest >= 1.0.0, <1.6.1. This was fixed by upgrading to vitest 3.0.5 which is not vulnerable to this CVE.

• Bumped dependencies

Full Changelog: v0.2.4...v0.2.5

@major-tanya/itty-compression v0.2.4

This release covers a security fix for CVE-2025-24010, which affected vite >= 5.0.0, <= 5.4.11, which vitest depends on (upgraded to vite 5.4.14)

• Bumped dependencies

Full Changelog: v0.2.3...v0.2.4

@major-tanya/itty-compression v0.2.3

This release covers several security fixes:

• CVE-2024-21538, which affects cross-spawn >=7.0.0 <7.0.5 (used by eslint and others) (updated to 7.0.6)
• CVE-2024-55565, which affects nanoid <3.3.8 (used transitively by vite) (updated to 3.3.8)

Behavioural or interface changes:

• None

Other changes t:

• Migration to ESLint v9 flat configs (0f6aa2d)
• Some style and linting changes (0bbffa1, 0eda034, 22535e3, 8a58ccb)
• itty-compression is now being CI-tested on Node v22 as well (792f51f)
• Bumped dependencies (72f5b11)

Full Changelog: v0.2.2...v0.2.3

@major-tanya/itty-compression v0.2.2

This release covers several security fixes:

• CVE-2024-4067, which affects micromatch < 4.0.8, which globby and other project devDependencies transitively depend on via fast-glob (upgraded to 4.0.8)
• CVE-2024-45811 and CVE-2024-45812, which affect vite >=5.3.0, <=5.3.5, which vitest depends on (upgraded to 5.4.8)
• CVE-2024-47068, which affects rollup >=4.0.0, <4.22.4 (upgraded to 4.22.4)

Other changes:

• Bumped dependencies

Full Changelog: v0.2.1...v0.2.2

@major-tanya/itty-compression v0.2.1

This release covers a security fix for CVE-2024-4068, which affected braces < 3.0.3 (which globby transitively depends on via fast-glob and micromatch). These upgrades mean braces 3.0.3 is now used under the hood.

• Bumped dependencies

Full Changelog: v0.2.0...v0.2.1

@major-tanya/itty-compression v0.2.0

This is a breaking change, see “How to migrate”

This release is a substantial rewrite of the inner mechanics of itty-compression.

Changes:

• (BREAKING) Swapped order of arguments (now Response comes first, Request comes second)
• (BREAKING) Middlewares can now only accept Response objects for their input and not arbitrary content (make sure you have a formatter/handler middleware set before any of the compression ones)
• Fixed Vary header not being added/updated when using the single algorithm middlewares
• Make use of generics in internal systems

How to migrate

• Swap the argument order of Request and Response like this:

// example export, your exact setup might look different
export default {
  fetch: (request, ...args) => router
    .handle(...args)
    .then(json)
-   .then((response) => negotiatedCompression(request, response))
+   .then((response) => negotiatedCompression(response, request))
    .catch(error),
};

This swapping was necessary to allow for very concise syntax with itty-router's more batteries-included v5 routers. Also, check out whether AutoRouter or the medium Router may be useful to you, they are more concise than the v4 router (which still exists as IttyRouter now).

Although this is a breaking release, it is only a minor version increase, as itty-compression is not considered stable at this time. There are no further breaking changes like this expected in the future, but that is not a guarantee they won't happen.

Full Changelog: v0.1.6...v0.2.0

@major-tanya/itty-compression v0.1.6

v0.1.5 was missing the build step and ended up as an empty package on NPM. It has been unpublished.

• Fixed missing build step in publishing workflow

Full Changelog: v0.1.5...v0.1.6

@major-tanya/itty-compression v0.1.5

Do not use v0.1.5, it was missing files, use v0.1.6+

This release introduces Provenance to the itty-compression package, which keeps a public ledger of the build commit, the build instructions, and such related information. It is also displayed on NPM itself.

This release includes:

• New publish workflow with --provenance option
• Bumped dependencies
• Typo fix in a test case description

Full Changelog: v0.1.4...v0.1.5

@major-tanya/itty-compression v0.1.4

This release covers a security fix for CVE-2024-23331, which affected vite =>5.0.0 (which vitest depended on). These upgrades mean vite 5.0.12 is now used under the hood.

• Bumped dependencies

Full Changelog: v0.1.3...v0.1.4

@major-tanya/itty-compression v0.1.3

This release covers a security fix for CVE-2023-49293, which affected vite 4.5.0 (which vitest depended on). These upgrades mean vite 5.x is now used under the hood.

• Bumped dependencies

The badges for the middleware sizes in the README.md should now send you to the bundlejs.com website for each of the middlewares.

Full Changelog: v0.1.2...v0.1.3