chore: release packages

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@korix/body-limit-plugin@0.1.1

Patch Changes

• 34733db: Add automatic chunked transfer encoding support to body-limit-plugin

  • Implement automatic chunked transfer encoding detection and monitoring
  • Add real-time stream size validation without buffering for chunked requests
  • Maintain backward compatibility with existing Content-Length validation
  • Unify error handling for both Content-Length and chunked encoding violations

• 6b5ded8: Security: Remove error details from HTTP responses and framework logs

  Breaking Changes:

  • Remove details property from ErrorResponseOptions type
  • Simplify ErrorResponseOptions to single object type instead of union types

  Security Improvements:

  • Remove error details from default HTTP error responses to prevent information disclosure
  • Remove { err } objects from framework internal logs to prevent personal information leakage
  • Standardize all framework logs to use .child('system') namespace
  • Update body-limit-plugin to remove internal details from error responses

  Migration:

  • Remove details property usage from custom error responses
  • Use custom validation error handlers if detailed error information is needed:

    app.onRequestValidationError((ctx, errors) => {
      ctx.req.log().warn('Validation failed', { err: errors }); // User controlled
      return ctx.res.badRequest({ message: 'Invalid input' });
    });

  This change prevents potential information disclosure vulnerabilities while maintaining
  error occurrence monitoring through internal logs.

• Updated dependencies [e10a8ce]

• Updated dependencies [816f76e]

• Updated dependencies [8ab7c31]

• Updated dependencies [4783d3b]

• Updated dependencies [040994a]

• Updated dependencies [5f0249e]

• Updated dependencies [066741f]

• Updated dependencies [6b5ded8]

  • @korix/kori@0.1.1

@korix/cors-plugin@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1

@korix/file-plugin-nodejs@0.1.1

Patch Changes

• dfcb40d: Add comprehensive file plugin package for Node.js with dual functionality

  Send File API (sendFilePlugin):

  • res.sendFile() - Send files for browser display with proper Content-Type
  • res.download() - Force file download with attachment disposition header
  • Range requests support for streaming and partial content delivery
  • ETag and Last-Modified headers for efficient caching
  • 304 Not Modified responses to reduce bandwidth usage
  • Multipart byte ranges for multiple range requests
  • Secure path resolution and validation
  • Configurable root directory and advanced caching options

  Static File Serving (serveStaticPlugin):

  • Comprehensive static file serving with configurable mount points
  • Range requests support for streaming and partial content delivery
  • Cache optimization with ETag and Last-Modified headers
  • Security features including path traversal protection
  • Index file resolution and dotfile access control
  • Configurable options for performance tuning

• 040994a: Improve logging separation between framework and user logs

  Framework Logging Improvements:

  • Add system logger to distinguish framework internal logs from user application logs
  • Framework logs now use *.system namespace (application.system, request.system)
  • User APIs (kori.log(), req.log()) remain unchanged for backward compatibility

  Plugin Logging Fixes:

  • Fix send-file-plugin and serve-static-plugin to use request-level logger (req.log()) instead of plugin-level logger in request processing
  • Ensures proper request context information in file operation logs

  Log Namespace Changes:

  • Framework internal logs: application.system, request.system
  • User application logs: application, request (unchanged)
  • Plugin initialization logs: application.{pluginName}

  This change improves log observability by clearly separating framework internal operations from user application logic.

• Updated dependencies [e10a8ce]

• Updated dependencies [816f76e]

• Updated dependencies [8ab7c31]

• Updated dependencies [4783d3b]

• Updated dependencies [040994a]

• Updated dependencies [5f0249e]

• Updated dependencies [066741f]

• Updated dependencies [6b5ded8]

  • @korix/kori@0.1.1

@korix/kori@0.1.1

Patch Changes

• e10a8ce: Add RFC 6265 compliant cookie name validation

  Cookie names are now validated to ensure they contain only valid characters according to RFC 6265 specification. The validation prevents cookie parsing issues by rejecting names with spaces, semicolons, control characters, and other problematic characters. This improves security and compatibility with other frameworks like Express, Fastify, and Hono.

• 816f76e: Add Accept header-based content negotiation for error responses

  Error responses now automatically negotiate content type based on the client's Accept header:

  • application/json: Returns structured JSON error (default fallback)
  • text/html: Returns formatted HTML error page
  • text/plain: Returns simple text message

  Breaking change: ErrorResponseOptions now accepts acceptHeader parameter for content negotiation. Explicit type specification still takes precedence over content negotiation.

• 8ab7c31: Fix response builder race condition

  Prevent multiple builds of the same KoriResponse instance to avoid stream reuse issues and ensure consistent behavior across all body types. All responses now follow one-build-only semantic.

• 4783d3b: Standardize HTTP header names using constants

  Replace hardcoded header strings with HttpResponseHeader constants for better consistency and type safety:

  • Add missing header constants to HttpResponseHeader (cache-control, content-length, etag, etc.)
  • Replace hardcoded strings like 'cache-control', 'etag' with HttpResponseHeader.CACHE_CONTROL, HttpResponseHeader.ETAG
  • Apply standardization across all plugins and examples
  • Improve typo prevention and code maintainability

• 040994a: Improve logging separation between framework and user logs

  Framework Logging Improvements:

  • Add system logger to distinguish framework internal logs from user application logs
  • Framework logs now use *.system namespace (application.system, request.system)
  • User APIs (kori.log(), req.log()) remain unchanged for backward compatibility

  Plugin Logging Fixes:

  • Fix send-file-plugin and serve-static-plugin to use request-level logger (req.log()) instead of plugin-level logger in request processing
  • Ensures proper request context information in file operation logs

  Log Namespace Changes:

  • Framework internal logs: application.system, request.system
  • User application logs: application, request (unchanged)
  • Plugin initialization logs: application.{pluginName}

  This change improves log observability by clearly separating framework internal operations from user application logic.

• 5f0249e: Standardize response methods to use method chaining pattern

  Response body methods now require method chaining for setting status codes:

  • res.json(body, 404) → res.status(404).json(body)
  • res.text(body, 201) → res.status(201).text(body)
  • res.empty(304) → res.status(304).empty()
  • res.stream(data, 200) → res.status(200).stream(data)

• 066741f: Fix header and status code preservation in KoriResponse

  • Fix: setHeader('content-type', 'custom') now preserved when calling body methods like stream() or json()
  • Fix: status(400).empty() now preserves the status code instead of overwriting with 204

• 6b5ded8: Security: Remove error details from HTTP responses and framework logs

  Breaking Changes:

  • Remove details property from ErrorResponseOptions type
  • Simplify ErrorResponseOptions to single object type instead of union types

  Security Improvements:

  • Remove error details from default HTTP error responses to prevent information disclosure
  • Remove { err } objects from framework internal logs to prevent personal information leakage
  • Standardize all framework logs to use .child('system') namespace
  • Update body-limit-plugin to remove internal details from error responses

  Migration:

  • Remove details property usage from custom error responses
  • Use custom validation error handlers if detailed error information is needed:

    app.onRequestValidationError((ctx, errors) => {
      ctx.req.log().warn('Validation failed', { err: errors }); // User controlled
      return ctx.res.badRequest({ message: 'Invalid input' });
    });

  This change prevents potential information disclosure vulnerabilities while maintaining
  error occurrence monitoring through internal logs.

@korix/nodejs-adapter@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1

@korix/openapi-plugin@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1

@korix/openapi-scalar-ui-plugin@0.1.1

Patch Changes

• 2eae50b: Update @scalar/api-reference from 1.25.62 to 1.32.10

  This update resolves the deprecated subdependency warning for node-domexception@1.0.0 and brings improved dependency management with modern packages.

• Updated dependencies [e10a8ce]

• Updated dependencies [816f76e]

• Updated dependencies [8ab7c31]

• Updated dependencies [4783d3b]

• Updated dependencies [040994a]

• Updated dependencies [5f0249e]

• Updated dependencies [066741f]

• Updated dependencies [6b5ded8]

  • @korix/kori@0.1.1
  • @korix/openapi-plugin@0.1.1

@korix/pino-adapter@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1

@korix/security-headers-plugin@0.1.1

Patch Changes

• 4783d3b: Standardize HTTP header names using constants

  Replace hardcoded header strings with HttpResponseHeader constants for better consistency and type safety:

  • Add missing header constants to HttpResponseHeader (cache-control, content-length, etag, etc.)
  • Replace hardcoded strings like 'cache-control', 'etag' with HttpResponseHeader.CACHE_CONTROL, HttpResponseHeader.ETAG
  • Apply standardization across all plugins and examples
  • Improve typo prevention and code maintainability

• Updated dependencies [e10a8ce]

• Updated dependencies [816f76e]

• Updated dependencies [8ab7c31]

• Updated dependencies [4783d3b]

• Updated dependencies [040994a]

• Updated dependencies [5f0249e]

• Updated dependencies [066741f]

• Updated dependencies [6b5ded8]

  • @korix/kori@0.1.1

@korix/zod-openapi-plugin@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1
  • @korix/openapi-plugin@0.1.1
  • @korix/zod-schema@0.1.1

@korix/zod-schema@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1

@korix/zod-validator@0.1.1

Patch Changes

• Updated dependencies [e10a8ce]
• Updated dependencies [816f76e]
• Updated dependencies [8ab7c31]
• Updated dependencies [4783d3b]
• Updated dependencies [040994a]
• Updated dependencies [5f0249e]
• Updated dependencies [066741f]
• Updated dependencies [6b5ded8]
  • @korix/kori@0.1.1
  • @korix/zod-schema@0.1.1

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.