fix(deps): update dependency sirv-cli to v1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sirv-cli	0.4.5 -> 1.0.10

---

Release Notes

lukeed/sirv

v1.0.10

Compare Source

Patches

• (sirv) Use Cache-Control: no-cache when both dev & etag are enabled (#​90): c8fe11b
  By default dev-mode always used no-store – but this also means that any ETag on the response is ignored too. Changing this to no-cache allows the browser to remember the ETag and send if as the If-None-Match header on next request.

v1.0.9

Compare Source

Patches

• (sirv) More specific ignore regex default (#​88): 5e3d7a8
  Thank you @​adam-lynch~!

• (sirv) Replace VoidFunction usage in TypeScript definitions (#​89): 478b487

v1.0.8

Compare Source

Patches

• (sirv-cli): Add hidden --no-logs option (#​85): 714c058\
  Does not render "LOGS" output on requests. Unlike --quiet, --no-logs keeps intro banner.

v1.0.7

Compare Source

Patches

• (sirv): Use a separate FILES cache per sirv instance (#​84): c69bbfb
  Thank you @​Rich-Harris~!

• (sirv): Append must-revalidate Cache-Control directive when maxAge: 0 is used: fb31a46
  Only appends when immutable option is not in use!

v1.0.6

Compare Source

Patches

• (sirv) Ensure options.setHeaders changes are respected (#​79): 25eb012

v1.0.5

Compare Source

Patches

• (sirv) Ensure cached response headers (in "prod" mode) are not mutated between requests (#​75, #​55): b33bb15
  Thank you @​imtiazmangerah!

v1.0.4

Compare Source

Patches

• (sirv-cli): Allow graceful HTTP/1 support when --http2 enabled (#​74): 4b419bf
  Does not affect HTTP/2 clients. Instead, allows HTTP/1.1 clients to connect over HTTPS.
  Thank you @​ArtskydJ~!

v1.0.3

Compare Source

Patches

• (sirv-cli) Add --no-clear option to disable console scroll reset (#​58): 32a6a2c
  Default behavior is completely unchanged.

v1.0.2

Compare Source

Patches

• (sirv-cli) Print --host hint when not in use (#​70, #​71): ec5febc
  Thank you @​mhkeller~!
  
  A lot of users are/were unaware that sirv-cli was capable of setting up a network endpoint for your server. The option always existed in the help text's list of options, but it can be easy for things to hide in plain sight! So now the CLI will always show a "Network:" field (to show that it's at least possible) and either the server address if there is one or a short clue about the --host flag.

Chores

• (docs) Add mention of mkcert for alternative SSL certificate generation (#​68): 9eea208
  Thank you @​longrunningprocess~!

v1.0.1

Compare Source

Patches

• (sirv) Set "br" for content-encoding header value (#​65): fa4f7db, 7205446
  Thank you @​DaGhostman~!

Chores

• (sirv) Add additional dotfiles tests: d01fe72
• Update badges: 8785b42

v1.0.0

Compare Source

Breaking

Both sirv and sirv-cli now require at least Node v10.x to function (19061be).
This is the oldest LTS version of Node.js that's still possesses the "ACTIVE" label.

Features

• (sirv-cli) Added HTTP/2 support (#​2, #​64): 36ba734, 8c92751

• (sirv-cli) Added --gzip and --brotli flags (#​3)

• (sirv-cli) Allow --single to accept custom fallback: fd55eca

• (sirv-cli) Added --ignores option to escape single: 918102e

• (sirv) Added TypeScript definitions (#​61): 05058a2

• (sirv) Support If-None-Match/ETag matching (#​56, #​46)

• (sirv) Added single option, with customizable fallback: f13fbb8, fd55eca

• (sirv) Allow serving of precompiled gzip and/or brotli files: 3d34763

• (sirv): Ships separate "module" (ESM) and "main" (CJS) entries: 9754302

Patches

• (sirv) Prevent server crash with malformed URLs (#​54): 1757b26
• (sirv) Allow dotfiles option in "dev" mode (#​51)
• (sirv) Allow requests to /.well-known/* files (#​50): 0a04d66
• (sirv) Force Cache-Control: no-store value for "dev" mode (#​45): 604f926
• (sirv) Respect any previous Content-Type on response (#​38): c08ac50, 5ef168f
• (sirv) Ignore deeply-nested dotfiles (default): 84d4f33

Chores

• (sirv) Refactor: Consolidate "dev" & "prod" handlers: f1bcc43
• (sirv): Refactor: Extract list utility into totalist: 535b2c2
• Update benchmarks, include directly: a346382
• Update documentation: 8e9cb49
• Add multiple test suites for 99% code coverage: cbe0a47, 461b8de, 5953004, 07c65ac, 3cfb51e, 4608c92, b3b89cb, f6b1e72, 5f583e5, bdfc9b0, 3009ae0, 5d555d2

v0.4.6

Compare Source

NOTICE
This version patches a directory-traversal security vulnerability that exists in dev mode only. All users should update immediately, even if they don't think they're using --dev or opts.dev on live servers. There are no other changes in this release.

Patches

• Fixes dev mode security vulnerability (#​63): 1e0bac5
  Thank you @​marvinhagemeister~!

  As Marvin describes:

  This allows an attacker to traverse the file system outside of the specified directory.

  Let's say sirv was initialized to serve files from /foo/bar:

  sirv("/foo/bar");

  ...and an attacker makes a request to:

  GET /../../etc/passwd
  

  ...then they are able to download the contents of that file.

Chores

• Attach GitHub Actions: ea15d6a

• Update test runner: 2b965cd

• Update lerna version: 0b6de8d

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.