Greg Martyn
Greg Martyn
If I'm doing `.use(express.static('/var/www/html'))` and some attacker manages to `ln -s /etc/passwd /var/www/html`, then http://host/passwd will serve up /etc/passwd. Is there any way to tell serve-static not to follow symlinks,...
Uses `package.json`'s `type` field to determine whether to `require()` or `await import()` The `package.json` detection is modelled on `getPublicUrl` in `razzle/packages/razzle/config/paths.js` and doesn't implement the full spec described by https://nodejs.org/api/packages.html#type...
## 🐛 Bug report ### Current Behavior razzle.config.js is imported as a commonjs module regardless of the package.json `type` setting. This blocks adoption of native ES modules on the server-side....
It looks like support for 'redis' was dropped from v5 in favor of exclusively supporting 'ioredis'. Is that something that might come back in the future? Also: Is there an...
Apollo Client currently uses [@wry/equality](https://github.com/benjamn/wryware/blob/main/packages/equality/src/index.ts#L8) to determine whether `variables` has changed between invocations of `useQuery`. See: [source 1](https://github.com/apollographql/apollo-client/blob/main/src/core/ObservableQuery.ts#L906), [source 2](https://github.com/apollographql/apollo-client/blob/main/src/react/hooks/useQuery.ts#L321), [source 3](https://github.com/apollographql/apollo-client/blob/main/src/core/ObservableQuery.ts#L931) and maybe more. That works fine for the...
In an environment where access to /_translations is gated by the webserver itself, it's okay to show the webinterface in production. This change respects the user's config setting, and defaults...