chore(deps): bump sirv from 0.4.6 to 1.0.18

[dependabot]

Bumps sirv from 0.4.6 to 1.0.18.

Release notes

Sourced from sirv's releases.

v1.0.18

Patches

• (sirv): Append charset=utf-8 to HTML content-type (#106, #122): d1b8ba6 Thank you @​aleclarson~!

---

Full Changelog: lukeed/sirv@v1.0.17...v1.0.18

v1.0.14

Chores

• (sirv): Bump @polka/url to take advantage of this fix

v1.0.13

Patches

• (sirv) Only use req.path if has req._decoded flag exists (#82):

  The req._decoded check was added & should have always been in there, since this was sirv's way of preventing duplicate decodeURIComponent calls. However, this was only true when it received a request from a polka@next app, since Polka was previously writing the decoded value to req.path – this changed with polka@v1.0.0-next.16

  Now that the latest polka@next (and Express) doesn't decode automatically anymore, req.path isn't trustworthy on its own. It needs req._decoded to be there too in order to trust it.

  This combo-check is backwards compatible for polka@next users who don't upgrade and will unblock Express users for the first time, who have always had a "raw" req.path value set.

v1.0.12

Patches

• (sirv-cli): Ensure boolean options are parsed as booleans (#97): 8ebca7c
• (sirv): Bump @polka/url dependency version: 7c5162a

Chores

• Adjust GitHub Action env setup (#109): f2ae0f5
• Update Github Action image(s) and Node versions: 9334dfc, cf2de81, c7e0a20
• Add test for filename with space (#102): ede9189 Thank you @​samccone!

v1.0.11

Patches

• (sirv) Add Vary header when gzip or brotli is in use (#95): 86e6733 Thank you @​istarkov~!

v1.0.10

Patches

• (sirv) Use Cache-Control: no-cache when both dev & etag are enabled (#90): c8fe11b By default dev-mode always used no-store – but this also means that any ETag on the response is ignored too. Changing this to no-cache allows the browser to remember the ETag and send if as the If-None-Match header on next request.

... (truncated)

Commits

• 8db87a7 v1.0.18
• d1b8ba6 fix(sirv): append charset=utf-8 to HTML content-type (#122)
• 881c4c7 v1.0.17
• a733157 fix(sirv): skip req._decode shortcuts; decode manually (#118)
• 435473f chore: improve CI reliability for sirv-cli tests (#117)
• 3f64d4a v1.0.16
• df3bb31 fix(sirv): use decoded value directly (#116)
• bb2d0e3 v1.0.15
• 65c4d12 fix(sirv): read cached pathname directly;
• 83ee458 v1.0.14
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)