Releases: jasonraimondi/url-to-png
Releases · jasonraimondi/url-to-png
v2.1.2
702deae
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- fix: arbitrary file write GHSA-vvmv-wrvp-9gjr
- fix: screenshot of localhost web services (add BLOCK_LIST env) GHSA-342q-2mc2-5gmp
Thank You
@realArcherL for reporting and fixing these issues
Full Changelog: v2.1.0...v2.1.2
Contributors
realArcherL
Assets 2
v2.1.0
026fc5c
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: configurable default screenshot configurations in #49 (resolves #37)
- feat: publish to npmjs.org at @jmondi/url-to-png
pnpm add @jmondi/url-to-pngFull Changelog: v2.0.3...v2.1.0
v2.0.3 - Security Update
Release Notes - Security Update
- fix(security): require screenshot protocol to be http/https by @jasonraimondi in #48
- Resolved a critical arbitrary file read vulnerability in the Playwright screenshot feature.
- The vulnerability allowed attackers to read arbitrary files on the server using the
file://URI scheme. - Restricted URI schemes to only allow
httpandhttpsfor the screenshot feature. - Implemented strict input validation and sanitization to ensure only allowed URIs are processed.
This release addresses a severe security issue and is highly recommended for all users. Please update to the latest version as soon as possible to protect your application and sensitive data.
Thank You
Thank you to @timoxoszt for his contribution in finding and reporting this vulnerability.
Full Changelog: v2.0.2...v2.0.3
Contributors
jasonraimondi and timoxoszt
Assets 2
v2.0.2
v2.0.1
86575fc
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- fix: fix incorrect cropped when width or height are omitted by @AnnatarHe in #44
- chore(deps): bump hono from 4.1.3 to 4.2.7 by @dependabot in #42
Full Changelog: v2.0.0...v2.0.1
Contributors
AnnatarHe and dependabot
Assets 2
v2.0.0
What's Changed
- feat: app test suite 🎉 - link
- feat: add documentation site - link
- feat: add optional /metrics endpoint for prometheus / autoscalers - link
- feat: add optional server encryption - link
- feat: add a bunch more server configuration options including log level, pool configurations, cache control, etc.
- refactor: rewrite removing nestjs by @jasonraimondi in #36
- esm + typescript + decorators = headache and rewriting to hono was just more fun and easier
- docs: update README.md with the updated AWS variables by @enstyled in #32
Breaking Changes
- The default port has switched from
3000to3089. To keep using port3000, usePORT=3000 AWS_ACCESS_KEYhas been replaced withAWS_ACCESS_KEY_IDAWS_SECRET_KEYhas been replaced withAWS_SECRET_ACCESS_KEYAWS_REGIONhas been replaced withAWS_DEFAULT_REGION
New Contributors
Full Changelog: v1.5.0...v2.0.0
Contributors
enstyled and jasonraimondi
Assets 2
v1.5.0 - Local filesystem caching
3c4cc29
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: add local filesystem storage provider by @jasonraimondi in 813d05b
- feat: add aws endpoint support, improve aws naming conventions by @jasonraimondi in 3c4cc29
- ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in #27
New Contributors
- @enstyled thanks to for requesting some useful feature requests
- @arunsathiya automated their first contribution in #27
Full Changelog: v1.4.2...v1.5.0
Contributors
enstyled, jasonraimondi, and arunsathiya
Assets 2
v1.4.2
d3d068d
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
v1.4.1
v1.4.0
chore: bump nodejs v12 to v20
chore: bump aws sdk from v2 to v3
chore: bumps all dependencies