Skip to content

Releases: cloudflare/capnweb

[email protected]

Choose a tag to compare

@github-actions github-actions released this 07 Jul 01:24
92baaed

Minor Changes

  • #185 0b20ec6 Thanks @ndisidore! - Add configurable receiver-side resource limits (RpcSessionOptions.limits) that cap bigint length, message nesting depth, and incoming message size to guard against untrusted-peer resource exhaustion (#184).

Patch Changes

  • #190 6e5c562 Thanks @taylorodell! - Several correctness and robustness fixes:

    • Error deserialization no longer resolves an attacker-supplied error type name to an inherited Object.prototype member. ERROR_TYPES now has a null prototype, so a wire value such as ["error","constructor",...] no longer resolves to Object (which produced a String wrapper instead of an Error, bypassing instanceof Error checks), and a name like "toString" no longer resolves to a non-constructor and throws. Unknown names correctly fall back to Error.
    • Error deserialization now filters inherited Object.prototype keys (and toJSON) out of an error's own-property bag, matching the behavior already applied when deserializing plain objects. Keys such as __proto__, toString, and valueOf are no longer copied onto deserialized errors.
    • Resolving an import that has already been resolved now disposes the redundant resolution instead of overwriting (and leaking) the previous one.
    • The abort message handler now hands error handlers the unwrapped abort reason rather than the internal payload wrapper, matching the reject handler.
    • WebSocket close reasons longer than the 123-byte limit are now truncated on a UTF-8 character boundary, so aborting a session with a long reason no longer throws from WebSocket.close().

[email protected]

Choose a tag to compare

@github-actions github-actions released this 04 Jul 14:13
7fcc52a

Patch Changes

  • #195 78744ca Thanks @aleister1102! - Fix nodeHttpBatchRpcResponse leaving the connection open and crashing with
    ERR_HTTP_HEADERS_SENT on non-POST requests. It now returns 405 immediately.

[email protected]

Choose a tag to compare

@github-actions github-actions released this 02 Jul 14:09
5161d97

Minor Changes

  • #186 c70bbb7 Thanks @teamchong! - Add transport encoding levels so custom RPC transports can work with jsonCompatible values, jsonCompatibleWithBytes values, or structuredClonable messages instead of always receiving JSON strings.

    Note: MessagePort sessions now post structured-clonable objects over the port instead of JSON strings. This changes the wire format between the two ends of the port, so both ends of a MessagePort session must upgrade to this version together.

[email protected]

Choose a tag to compare

@github-actions github-actions released this 16 Jun 16:41
9c9ef01

Patch Changes

  • #197 0409821 Thanks @teamchong! - Treat Workers fetch and connect lifecycle methods as passthrough methods on WorkerEntrypoint and DurableObject targets.

[email protected]

Choose a tag to compare

@github-actions github-actions released this 12 Jun 20:28
fc8601e

Patch Changes

  • #194 4093556 Thanks @teamchong! - Fix @validateRpc() breaking decorated classes that extend other decorated classes: prototype methods are now wrapped in place instead of returning a Proxy from the constructor, so subclass-only methods validate correctly, instances stay real branded RpcTargets, and incoming callback stubs pass through as native stubs (opt in to validating them with validateStub<T>(stub)).

[email protected]

Choose a tag to compare

@github-actions github-actions released this 09 Jun 02:01
bd22055

Minor Changes

  • #169 2cb51eb Thanks @teamchong! - Introduced capnweb-validate, a separate package that allows you to wrap your RPC interfaces in runtime type-checking based on your TypeScript interfaces.

v0.8.0

Choose a tag to compare

@github-actions github-actions released this 11 May 18:22
31adae8

Minor Changes

  • #155 48f4d49 Thanks @G4brym! - Add Blob as a serializable type over RPC. Blob objects can now be passed as call arguments and return values. The MIME type (blob.type) is preserved across the wire.

Patch Changes

  • #166 7413e43 Thanks @aron-cf! - Errors properties, using Object.keys(), are now preserved across the wire. Attach fields like code or details to an Error and they propagate to the other side. The cause and errors (for AggregateError) properties will also be preserved.

  • #168 25baebf Thanks @kentonv! - Fix memory leak that kept all messages received in a session pinned in memory until the session ended, due to surprising implementation details of JavaScript Promises.

  • #152 9e499e2 Thanks @VastBlast! - Fix serialization for Invalid/NaN dates

v0.7.0

Choose a tag to compare

@github-actions github-actions released this 27 Apr 22:39
b4a17cf

Minor Changes

v0.6.1

Choose a tag to compare

@github-actions github-actions released this 09 Mar 23:05
cfa1b95

Patch Changes

  • #148 189fa79 Thanks @kentonv! - Fixed type overrides for Uint8Array's toBase64 and fromBase64 leaking into capnweb's public interface.

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 09 Mar 20:21
03c82e8

Minor Changes

  • #145 5667226 Thanks @kentonv! - When Node's Buffer is available, Cap'n Web will now serialize it the same as Uint8Array, and will deserialize all byte arrays as Buffer by default. Buffer is a subclass of Uint8Array, so this should be compatible while being convenient in Node apps.

  • #142 60be60d Thanks @VastBlast! - Major improvements to type definitions, fixing bugs and making them more accurate.

Patch Changes

  • #145 5667226 Thanks @kentonv! - Fixed base64 encoding of very large byte arrays on platforms that don't support Uint8Array.toBase64().