Merge pull request #290 from contentstack/development

security fixes

Author: harshithad0703

.talismanrc

@@ -1,6 +1,6 @@
 fileignoreconfig:
 - filename: package-lock.json
-  checksum: 46c0d87a82455d4b2bae3347f7361dda71d2b979426b1c95ef707a9166c17778
+  checksum: cb21e1b4fc8240b8ee33c6f974a9d1cf25d96afb9161c85633cbb061f069bbc4
 - filename: test/unit/contentstack.spec.ts
   checksum: d5b99c01459ab8bc597baaa9e6cc4aa91ac6d9bf78af08e1d0220d0c5db3d0b3
 - filename: test/unit/utils.spec.ts

CHANGELOG.md

@@ -1,3 +1,7 @@
+### Version: 4.10.5
+#### Date: Jan-05-2026
+Fix: Fix security issues
+
 ### Version: 4.10.4
 #### Date: Dec-08-2025
 Feat: Improved error messages
@@ -6,6 +10,14 @@ Feat: Improved error messages
 #### Date: Nov-12-2025
 fix: reverts the endpoints helper method integration
 
+### Version: 4.10.2
+#### Date: Dec-15-2025
+Build: bump @contentstack/core version to ^1.3.4
+
+### Version: 4.10.3
+#### Date: Nov-13-2025
+Fix: reverts the endpoints helper method integration
+
 ### Version: 4.10.2
 #### Date: Nov-12-2025
 Enhancement: Added logHandler interceptors for request and response logging

LICENSE.txt

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
 
-Copyright (c) 2016-2025 Contentstack
+Copyright (c) 2016-2026 Contentstack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@contentstack/delivery-sdk",
-  "version": "4.10.4",
+  "version": "4.10.5",
   "type": "module",
   "license": "MIT",
   "main": "./dist/legacy/index.cjs",
@@ -35,8 +35,8 @@
     "husky-check": "npm run build && husky && chmod +x .husky/pre-commit"
   },
   "dependencies": {
-    "@contentstack/core": "^1.3.3",
-    "@contentstack/utils": "^1.6.2",
+    "@contentstack/core": "^1.3.6",
+    "@contentstack/utils": "1.5.0",
     "axios": "^1.13.1",
     "humps": "^2.0.1"
   },

package.json

@@ -2,7 +2,7 @@ import { httpClient, retryRequestHandler, retryResponseErrorHandler, retryRespon
 import { AxiosRequestHeaders } from 'axios';
 import { handleRequest } from './cache';
 import { Stack as StackClass } from './stack';
-import { Policy, StackConfig, ContentstackPlugin } from './types';
+import { Policy, StackConfig, ContentstackPlugin, Region } from './types';
 import * as Utility from './utils';
 import * as Utils from '@contentstack/utils';
 export { Utils };
@@ -34,7 +34,7 @@ let version = '{{VERSION}}';
  */
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export function stack(config: StackConfig): StackClass {
-  const DEFAULT_HOST = Utility.getHostforRegion(config.region || "aws_na", config.host);
+  const DEFAULT_HOST = Utility.getHostforRegion(config.region || Region.US, config.host);
 
   let defaultConfig = {
     defaultHostname: DEFAULT_HOST,

src/lib/contentstack.ts

@@ -8,7 +8,6 @@ import { synchronization } from './synchronization';
 import {TaxonomyQuery} from './taxonomy-query';
 import { GlobalFieldQuery } from './global-field-query';
 import { GlobalField } from './global-field';
-import { getHostforRegion } from './utils';
 
 export class Stack {
   readonly config: StackConfig;
@@ -254,20 +253,4 @@ export class Stack {
     if (typeof debug === "boolean") this.config.debug = debug;
     return this;
   }
-
-  /**
-   * @method setHost
-   * @memberof Stack
-   * @description Sets the host based on cloud region
-   * @param {String} cloudRegion - Cloud region (e.g., 'aws_na', 'aws_eu')
-   * @param {String} host - Optional custom host
-   * @return {Promise<string>} - Returns the host URL
-   * @instance
-   * */
-  async setHost(region: string = "aws_na", host?: string): Promise<void> {
-    const resolvedHost = getHostforRegion(region, host);
-
-    this._client.defaults.baseURL = `https://${resolvedHost}`;
-  }
-
 }

src/lib/stack.ts

@@ -76,7 +76,7 @@ export interface StackConfig extends HttpClientParams {
   environment: string;
   branch?: string;
   early_access?: string[];
-  region?: string;
+  region?: Region;
   locale?: string;
   plugins?: ContentstackPlugin[];
   logHandler?: (level: string, data: any) => void;

src/lib/types.ts

@@ -1,10 +1,14 @@
 import { Region, params } from './types';
-import { getContentstackEndpoint } from '@contentstack/utils';
 
-export function getHostforRegion(region: string = "aws_na", host?: string): string {
+export function getHostforRegion(region: Region = Region.US, host?: string): string {
   if (host) return host;
 
-  return getContentstackEndpoint(region, 'contentDelivery', true) as string;
+  let url = 'cdn.contentstack.io';
+  if (region !== Region.US) {
+    url = region.toString().toLowerCase() + '-cdn.contentstack.com';
+  }
+
+  return url;
 }
 
 /**

src/lib/utils.ts

@@ -131,9 +131,9 @@ describe("Live preview query Entry API tests", () => {
       expect(result.updated_by).toBeDefined();
     } catch (error: any) {
       expect(error).toBeDefined();
-      // AxiosError: error.response contains the response object
-      expect(error.response).toBeDefined();
-      expect(error.response.status).toEqual(403);
+      // AxiosError: error contains the response object
+      expect(error).toBeDefined();
+      expect(error.status).toEqual(403);
     }
   });