anubis-mirror

arian/anubis-mirror

Fork 0

mirror of https://github.com/TecharoHQ/anubis.git synced 2026-05-11 01:17:18 +00:00

Author	SHA1	Message	Date
dependabot[bot]	af2b0d1d6e	build(deps-dev): bump the npm group across 1 directory with 6 updates Bumps the npm group with 6 updates in the / directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) \| `20.5.0` \| `20.5.3` \| \| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) \| `20.5.0` \| `20.5.3` \| \| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) \| `2.10.15` \| `2.10.27` \| \| [cssnano](https://github.com/cssnano/cssnano) \| `7.1.4` \| `7.1.8` \| \| [cssnano-preset-advanced](https://github.com/cssnano/cssnano) \| `7.0.12` \| `7.0.16` \| \| [prettier](https://github.com/prettier/prettier) \| `3.8.1` \| `3.8.3` \| Updates `@commitlint/cli` from 20.5.0 to 20.5.3 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/cli) Updates `@commitlint/config-conventional` from 20.5.0 to 20.5.3 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/config-conventional) Updates `baseline-browser-mapping` from 2.10.15 to 2.10.27 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.15...v2.10.27) Updates `cssnano` from 7.1.4 to 7.1.8 - [Release notes](https://github.com/cssnano/cssnano/releases) - [Commits](https://github.com/cssnano/cssnano/compare/cssnano@7.1.4...cssnano@7.1.8) Updates `cssnano-preset-advanced` from 7.0.12 to 7.0.16 - [Release notes](https://github.com/cssnano/cssnano/releases) - [Commits](https://github.com/cssnano/cssnano/compare/cssnano-preset-advanced@7.0.12...cssnano-preset-advanced@7.0.16) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.8.1...3.8.3) --- updated-dependencies: - dependency-name: "@commitlint/cli" dependency-version: 20.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@commitlint/config-conventional" dependency-version: 20.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: baseline-browser-mapping dependency-version: 2.10.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: cssnano dependency-version: 7.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: cssnano-preset-advanced dependency-version: 7.0.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-11 00:45:03 +00:00
Xe Iaso	0491f1fac2	fix: patch GHSA-6wcg-mqvh-fcvg (#1616 ) * fix: patch GHSA-6wcg-mqvh-fcvg PR https://github.com/TecharoHQ/anubis/pull/1015 added the ability for reverse proxies using Anubis in subrequest auth mode to look at the path of a request as there are many rules in the wild that rely on checking the path. This is how access to things like robots.txt or anything in the .well-known directory is unaffected by Anubis. However this logic was also enabled for non-subrequest deployments of Anubis, meaning that a specially crafted request could include a /.well-known/ path in it and then get around Anubis with little effort. This fix gates the logic behind a new plumbed variable named subrequestMode that only fires when Anubis is running in subrequest auth mode. This properly contains that workaround so that the logic does not fire in most deployments. Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-08 19:17:25 -04:00

Author

SHA1

Message

Date

dependabot[bot]

af2b0d1d6e

build(deps-dev): bump the npm group across 1 directory with 6 updates

Bumps the npm group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.5.0` | `20.5.3` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.5.0` | `20.5.3` |
| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.15` | `2.10.27` |
| [cssnano](https://github.com/cssnano/cssnano) | `7.1.4` | `7.1.8` |
| [cssnano-preset-advanced](https://github.com/cssnano/cssnano) | `7.0.12` | `7.0.16` |
| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |



Updates `@commitlint/cli` from 20.5.0 to 20.5.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.5.0 to 20.5.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/config-conventional)

Updates `baseline-browser-mapping` from 2.10.15 to 2.10.27
- [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases)
- [Commits](https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.15...v2.10.27)

Updates `cssnano` from 7.1.4 to 7.1.8
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@7.1.4...cssnano@7.1.8)

Updates `cssnano-preset-advanced` from 7.0.12 to 7.0.16
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano-preset-advanced@7.0.12...cssnano-preset-advanced@7.0.16)

Updates `prettier` from 3.8.1 to 3.8.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.8.1...3.8.3)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 20.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: baseline-browser-mapping
  dependency-version: 2.10.27
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: cssnano
  dependency-version: 7.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: cssnano-preset-advanced
  dependency-version: 7.0.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: prettier
  dependency-version: 3.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>

2026-05-11 00:45:03 +00:00

Xe Iaso

0491f1fac2

fix: patch GHSA-6wcg-mqvh-fcvg (#1616 )

* fix: patch GHSA-6wcg-mqvh-fcvg

PR https://github.com/TecharoHQ/anubis/pull/1015 added the ability for
reverse proxies using Anubis in subrequest auth mode to look at the path
of a request as there are many rules in the wild that rely on checking
the path. This is how access to things like robots.txt or anything in the
.well-known directory is unaffected by Anubis.

However this logic was also enabled for non-subrequest deployments of Anubis,
meaning that a specially crafted request could include a /.well-known/
path in it and then get around Anubis with little effort.

This fix gates the logic behind a new plumbed variable named subrequestMode
that only fires when Anubis is running in subrequest auth mode. This
properly contains that workaround so that the logic does not fire in
most deployments.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>

2026-05-08 19:17:25 -04:00

2 changed files with 330 additions and 363 deletions

package-lock.json

Generated

+324 -357

View File

File diff suppressed because it is too large Load Diff

									
										package.json
									
		+6
		-6
	
												View File
												
				@@ -20,11 +20,11 @@

				  "author": "",

				  "license": "ISC",

				  "devDependencies": {

				    "@commitlint/cli": "^20.5.0",

				    "@commitlint/config-conventional": "^20.5.0",

				    "baseline-browser-mapping": "^2.10.15",

				    "cssnano": "^7.1.4",

				    "cssnano-preset-advanced": "^7.0.12",

				    "@commitlint/cli": "^20.5.3",

				    "@commitlint/config-conventional": "^20.5.3",

				    "baseline-browser-mapping": "^2.10.27",

				    "cssnano": "^7.1.8",

				    "cssnano-preset-advanced": "^7.0.16",

				    "esbuild": "^0.28.0",

				    "husky": "^9.1.7",

				    "playwright": "^1.52.0",

				@@ -32,7 +32,7 @@

				    "postcss-import": "^16.1.1",

				    "postcss-import-url": "^7.2.0",

				    "postcss-url": "^10.1.3",

				    "prettier": "^3.8.1"

				    "prettier": "^3.8.3"

				  },

				  "dependencies": {

				    "@aws-crypto/sha256-js": "^5.2.0",

Compare commits

2 Commits

Xe/GHSA-6wcg-mqvh-fcvg .. dependabot/npm_and_yarn/npm-b312dd4009

Compare commits

2 Commits Xe/GHSA-6wcg-mqvh-fcvg .. dependabot/npm_and_yarn/npm-b312dd4009

2 Commits

Xe/GHSA-6wcg-mqvh-fcvg .. dependabot/npm_and_yarn/npm-b312dd4009