Skip to content

Commit f4e6b40

Browse files
Merge pull request #290 from contentstack/development
security fixes
2 parents 670277b + 147140d commit f4e6b40

File tree

13 files changed

+475
-1150
lines changed

13 files changed

+475
-1150
lines changed

.talismanrc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
fileignoreconfig:
22
- filename: package-lock.json
3-
checksum: 46c0d87a82455d4b2bae3347f7361dda71d2b979426b1c95ef707a9166c17778
3+
checksum: cb21e1b4fc8240b8ee33c6f974a9d1cf25d96afb9161c85633cbb061f069bbc4
44
- filename: test/unit/contentstack.spec.ts
55
checksum: d5b99c01459ab8bc597baaa9e6cc4aa91ac6d9bf78af08e1d0220d0c5db3d0b3
66
- filename: test/unit/utils.spec.ts

CHANGELOG.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
### Version: 4.10.5
2+
#### Date: Jan-05-2026
3+
Fix: Fix security issues
4+
15
### Version: 4.10.4
26
#### Date: Dec-08-2025
37
Feat: Improved error messages
@@ -6,6 +10,14 @@ Feat: Improved error messages
610
#### Date: Nov-12-2025
711
fix: reverts the endpoints helper method integration
812

13+
### Version: 4.10.2
14+
#### Date: Dec-15-2025
15+
Build: bump @contentstack/core version to ^1.3.4
16+
17+
### Version: 4.10.3
18+
#### Date: Nov-13-2025
19+
Fix: reverts the endpoints helper method integration
20+
921
### Version: 4.10.2
1022
#### Date: Nov-12-2025
1123
Enhancement: Added logHandler interceptors for request and response logging

LICENSE.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
The MIT License (MIT)
22

33

4-
Copyright (c) 2016-2025 Contentstack
4+
Copyright (c) 2016-2026 Contentstack
55

66
Permission is hereby granted, free of charge, to any person obtaining a copy
77
of this software and associated documentation files (the "Software"), to deal

package-lock.json

Lines changed: 432 additions & 768 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@contentstack/delivery-sdk",
3-
"version": "4.10.4",
3+
"version": "4.10.5",
44
"type": "module",
55
"license": "MIT",
66
"main": "./dist/legacy/index.cjs",
@@ -35,8 +35,8 @@
3535
"husky-check": "npm run build && husky && chmod +x .husky/pre-commit"
3636
},
3737
"dependencies": {
38-
"@contentstack/core": "^1.3.3",
39-
"@contentstack/utils": "^1.6.2",
38+
"@contentstack/core": "^1.3.6",
39+
"@contentstack/utils": "1.5.0",
4040
"axios": "^1.13.1",
4141
"humps": "^2.0.1"
4242
},

src/lib/contentstack.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ import { httpClient, retryRequestHandler, retryResponseErrorHandler, retryRespon
22
import { AxiosRequestHeaders } from 'axios';
33
import { handleRequest } from './cache';
44
import { Stack as StackClass } from './stack';
5-
import { Policy, StackConfig, ContentstackPlugin } from './types';
5+
import { Policy, StackConfig, ContentstackPlugin, Region } from './types';
66
import * as Utility from './utils';
77
import * as Utils from '@contentstack/utils';
88
export { Utils };
@@ -34,7 +34,7 @@ let version = '{{VERSION}}';
3434
*/
3535
// eslint-disable-next-line @typescript-eslint/naming-convention
3636
export function stack(config: StackConfig): StackClass {
37-
const DEFAULT_HOST = Utility.getHostforRegion(config.region || "aws_na", config.host);
37+
const DEFAULT_HOST = Utility.getHostforRegion(config.region || Region.US, config.host);
3838

3939
let defaultConfig = {
4040
defaultHostname: DEFAULT_HOST,

src/lib/stack.ts

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import { synchronization } from './synchronization';
88
import {TaxonomyQuery} from './taxonomy-query';
99
import { GlobalFieldQuery } from './global-field-query';
1010
import { GlobalField } from './global-field';
11-
import { getHostforRegion } from './utils';
1211

1312
export class Stack {
1413
readonly config: StackConfig;
@@ -254,20 +253,4 @@ export class Stack {
254253
if (typeof debug === "boolean") this.config.debug = debug;
255254
return this;
256255
}
257-
258-
/**
259-
* @method setHost
260-
* @memberof Stack
261-
* @description Sets the host based on cloud region
262-
* @param {String} cloudRegion - Cloud region (e.g., 'aws_na', 'aws_eu')
263-
* @param {String} host - Optional custom host
264-
* @return {Promise<string>} - Returns the host URL
265-
* @instance
266-
* */
267-
async setHost(region: string = "aws_na", host?: string): Promise<void> {
268-
const resolvedHost = getHostforRegion(region, host);
269-
270-
this._client.defaults.baseURL = `https://${resolvedHost}`;
271-
}
272-
273256
}

src/lib/types.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ export interface StackConfig extends HttpClientParams {
7676
environment: string;
7777
branch?: string;
7878
early_access?: string[];
79-
region?: string;
79+
region?: Region;
8080
locale?: string;
8181
plugins?: ContentstackPlugin[];
8282
logHandler?: (level: string, data: any) => void;

src/lib/utils.ts

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
11
import { Region, params } from './types';
2-
import { getContentstackEndpoint } from '@contentstack/utils';
32

4-
export function getHostforRegion(region: string = "aws_na", host?: string): string {
3+
export function getHostforRegion(region: Region = Region.US, host?: string): string {
54
if (host) return host;
65

7-
return getContentstackEndpoint(region, 'contentDelivery', true) as string;
6+
let url = 'cdn.contentstack.io';
7+
if (region !== Region.US) {
8+
url = region.toString().toLowerCase() + '-cdn.contentstack.com';
9+
}
10+
11+
return url;
812
}
913

1014
/**

test/api/live-preview.spec.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,9 +131,9 @@ describe("Live preview query Entry API tests", () => {
131131
expect(result.updated_by).toBeDefined();
132132
} catch (error: any) {
133133
expect(error).toBeDefined();
134-
// AxiosError: error.response contains the response object
135-
expect(error.response).toBeDefined();
136-
expect(error.response.status).toEqual(403);
134+
// AxiosError: error contains the response object
135+
expect(error).toBeDefined();
136+
expect(error.status).toEqual(403);
137137
}
138138
});
139139

0 commit comments

Comments
 (0)